The OSI Security Architecture is an outline that gives a sorted-out
method for security and describing the techniques to filling those
Active security threats include data transmitted being
modified to gain unauthorized access to computer systems.
Passive security threats are eavesdropping on Electronic
mail, client or server exchanges
Active security attacks: masquerade modification of a messages.
Passive security attacks: release of message contents.
Access control: prevention of unauthorized use of a resource
that is service controls who can have access to a resource.
Authentication: it is the assurance that the communicating
entity is the one that it claims to be.
Availability service: a system being accessible upon demand
by an authorized system entity
Data confidentiality: it the protection of data from unofficial
Data integrity: the confirmation that information got are
precise as sent by an approved element.
May be combined into the suitable protocol layer in order to
offer some of the OSI security services.
Encipherment: the use of mathematical algorithms to change
data into a form that is not readily understandable.
Data Integrity: the variety of mechanisms used to assure the
integrity of a data unit or stream of data units.
Traffic Padding: inclusion of bits into gaps in an
information stream to disappoint traffic analysis attempts.
Routing Control: Enables determination of specific
physically secure routes for specific information.
Notarization: use of a trusted third party to data exchange.
Mechanisms that are not definite to any certain OSI security
Trusted Functionality: That which is alleged to be correct
with respect to some criteria.
Security Label: The marking bound to a resource that names the
security attributes of that resource.
Security Audit Trail: Data collected and used to simplify a
Security Recovery: Deals with demands from systems
Economy of Mechanism: This
principle says that the design of security measures personified in both
hardware and software should be as basic and little as could be expected under
Fail-safe defaults: This
principle says that access decisions should be based on permission rather than
Open design: This principle says that the design of a security mechanism
should be open rather than secret
Separation of privilege: This
principle says can be defined as a practice in which multiple privilege
attributes are required to achieve access to a restricted resource.
Least privilege: This standard says that every procedure and each
client of the system should operate using the least set of freedoms necessary
to perform the duty
Least common mechanism:
This principle says that the design should to limit the
capacities shared by various clients, giving common security. This principle
helps reduce the number of unintended communication paths and reduces the
amount of hardware and software on which all users depend.
traits in programming so that you can make changes in one place
without having to also make changes in the other parts of an application
least astonishment: applies to user
interface and software design, from
the ergonomics standpoint.
Attack Surface: Comprises of the reachable vulnerabilities
in a system.
Attack Tree: spreading progressive
information structure that speaks to an arrangement of potential strategies for