Question H/17 - Security Architecture and Framework

Home : ITU-T Home : Study Period 2001-2004

(continuation of a part of Question 10/17 studied during 2001-2004)

1. Motivation

Recommendations X.800, X.802 and X.803 describe security within the context of open systems. The security architecture for systems providing end-to-end communications is provided in Recommendation X.805. A comprehensive set of detailed security frameworks covering aspects of security such as authentication, access control, non-repudiation, confidentiality, integrity, and security audit and alarms has been established (X.810, X.811, X.812, X.813, X.814, X.815 and X.816). To provide Generic Upper Layers Security (GULS), Recommendations X.830, X.831, X.832, X.833, X.834 and X.835 have been developed. In cooperation with ISO/IEC JTC 1/SC 27, Recommendations X.841, X.842 and X.843 on security information objects and trusted third party services have been established. A continued effort to maintain and enhance these security Recommendations to satisfy the needs of emerging technologies [i.e., the Global Information Infrastructure (GII), the Next Generation Network (NGN) and Internet Protocol based networks] and services is required.

Increasingly, telecommunications carriers and their information systems and networks are faced with security threats from a wide range of sources, including computer-assisted fraud, espionage, sabotage, vandalism, fire or flood. Sources of damage such as computer viruses, computer hacking and denial of service attacks have become more common, more ambitious and increasingly sophisticated.

The telecommunications and information technology industries are seeking cost-effective comprehensive security solutions that could be applied to various types of networks, services and applications. To achieve such solutions in multi-vendor environment, network security should be designed around the standard security architectures and standard security technologies.

Taking into account the security threats to communication environment and the current advancement of security countermeasures against the threats, new security requirements and solutions should be investigated.

Security for new types of networks as well as security for new services should be studied.

2. Question

a) How should a complete, coherent communications security solution be defined ?

b) What is the architecture for a complete, coherent communications security solution ?

c) What is the framework for applying the security architecture in order to establish a new security solution ?

d) What is the framework for applying security architecture in order to assess (and consequently improve) an existing security solution ?

e) What are the architectural underpinnings for security ?

What is the open systems security architecture ?
What is the IP-based networks security architecture ?
What is the NGN security architecture ?

f) How should the upper and lower layer security model Recommendations be modified to adapt them to the changing environment and what new Recommendations may be required ?

g) How should architectural standards be structured with respect to existing Recommendations on security ?

h) How should the security framework Recommendations be modified to adapt them to emerging technologies and what new framework Recommendations may be required ?

i) How are security services applied to provide security solutions ?

3. Tasks

Tasks include:

Development of a comprehensive set of Recommendations for providing standard security solutions for telecommunications in collaboration with other Standards Development Organizations and ITU-T Study Groups.
Maintenance and enhancements of Recommendations in the X.800 series

4. Relationships

Recommendations: X series Recommendations

Questions: E/17, G/17, I/17, J/17, K/17 and L/17

Study Groups: ITU-T SG 2, 4, 9, 11, 13 and 16

Standardization bodies: ISO/IEC JTC 1/SC 27; IETF; ATIS T1M1 and T1S1; ETSI

Other bodies: 3GPP, 3GPP2