2.3.2 Security Services
Figure 17. Security Services
Security services are the key facilities necessary for an enterprise to implement
Security services are those functions that, when provided in a systems
environment, serve to ensure the protection of resources by enforcing the
defined security policies of the organization.
Identification and Authentication:
Identification and Authentication (I&A)
facilities verify the identity of individuals. The basic function uniquely identifies
users and programs, verifies these identities, and assures individual
accountability. Authentication may be single authentication, for an individual
user to the system, mutual authentication of peers, such as two party
authentication for distributed applications, or three party authentication when
dealing with local authentication servers in a distributed environment.
Authenticated user identification provides the basis for additional security
functions, such as access control and auditing. Authentication technology may
take the form of passwords, smart tokens, smart cards, and biometric measuring
Chapter 2. IBM Security Strategy and Architecture 35
Access control allows the installation to protect critical
resources by limiting access to only authorized and authenticated users.
Depending on the environment, access may be controlled by the resource
owner, or, it may be done automatically by the system through security labels.
The resource owner can specify who can access the information, how it can be
accessed, when it can be accessed, and under what conditions it can be
accessed (for example, when executing specific applications, programs, or
transactions). The functional goal is to assure that security is maintained for
resources, whether they are in a central system, distributed, or mobile (as in the
case with files and programs).
Confidentiality protects sensitive information from disclosure.
When it is stored locally, sensitive data can be protected by access controls or
encryption mechanisms. For network communication security, sensitive data
should be encrypted as it is transmitted from system to system. The IBM
architecture for confidentiality is the IBM Common Cryptographic Architecture.
There are specific ISO standards (8730, 8731, and 9564) relating to use of
cryptography for confidentiality and data integrity, which are supported by IBM′s
Common Cryptographic Architecture products: the Transaction Security System,
the Integrated Cryptographic System Facilities/MVS, and the ES/9000 Integrated
Data integrity provides detection of the unauthorized modification
of data. Organizations must allow for the use of data by authorized users and
applications, as well as the transmission of data for remote processing. Data
integrity facilities can indicate whether information has been altered. Data may
be altered in two ways: because of hardware or transmission errors or because
of an attack. For years, many IBM products have used a checksum mechanism
in disk and tape storage systems and in network protocols to protect against
transmission and hardware errors. Active attacks on data integrity require a
different mechanism, which uses cryptography and allows for the verification of
To address active attacks on data integrity, IBM supports message
authentication based on cryptographic functions that adhere to international
standards. The IBM Common Cryptographic Architecture is the IBM architecture
for data integrity, and it defines functions for both message authentication codes
(MAC) and modification detection codes (MDC).
Non-repudiation may be viewed as an extension to the
identification and authentication services. The non-repudiation service can
protect a recipient against the false denial by an originator that the data has
been sent, and it can protect an originator against the false denial of a recipient
that the data has been received. In general, non-repudiation applies to the
transmission of electronic data, such as an order to a stock broker to buy/sell
stock; a doctor′s order for medication to a specific patient; or approval to pay an
invoice by a company to its bank. The overall goal is to be able to verify, with
virtually 100% certainty, that a particular message can be associated with a
particular individual, just as a handwritten signature on a bank check is tied back
to the account owner.
36 Security P-Guide