Security Services
Security services are requirements that may be needed to protect assets.
- aka security properties
- different assets and needs may require different services/properties
CIA
Confidentiality
Confidentiality ensures that data is accessible only by authorized users.
Link to original
- Protects against unauthorized disclosure
- Enforce confidentiality with access controls
- Focuses on secrecy and privacy
Circular transclusion detected: notes/CIA-Triad
Circular transclusion detected: notes/CIA-Triad
Others
Authentication
- two types:
- Identity authenticity
- provides assurance of the identity of an entity interacting with system
- aims at controlling access to services
- Source authenticity
- verifies the identity of the entity that created a data and sent a message containing that data, is the source of that data and message
- aims at verifying the authenticity of a message
- Identity authenticity
Nonrepudiation
Nonrepudiation is the security goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data.
Link to original
Accountability
The accountability service provides capabilities to trace the responsible entity in case of a security incident or action in order to protect against denial by one of the parties in a communication or a transaction.
Authorization
Link to original