Question 2/17 - Security architecture and framework
(Continuation of Q2/17)
Recommendations ITU‑T X.800, X.802 and X.803 describe security within the context of open systems. The security architecture for systems providing end-to-end communications is provided in Recommendation ITU‑T X.805. A comprehensive set of detailed security frameworks covering aspects of security such as authentication, access control, non-repudiation, confidentiality, integrity, and security audit and alarms has been established (X.810, X.811, X.812, X.813, X.814, X.815 and X.816). To provide Generic Upper Layers Security (GULS), Recommendations ITU‑T X.830, X.831, X.832, X.833, X.834 and X.835 have been developed. In cooperation with ISO/IEC JTC 1/SC 27, Recommendations ITU‑T X.841, X.842 and X.843 on security information objects and trusted third party services have been established.
A continued effort to maintain and enhance these security Recommendations to satisfy the needs of emerging technologies (e.g., the next generation networks (NGN) and Internet protocol based networks) and services is required. This effort is reflected by X.1035 and X.1036 that show details of password-authenticated key exchange protocols and policy distribution and enforcement.
Due to convergence and mobility, telecommunications carrier networks and the associated information systems are exposed to new classes of security threats. The attackers have a deeper reach into networks and require less skill levels with a higher damage propensity. Viruses, hacking and denial of service attacks have become pervasive and they adversely impact network elements and support systems alike.
The telecommunications and information technology industries are seeking cost-effective comprehensive security solutions that are technology agnostic and protect a wide spectrum of services and applications. To achieve such solutions in multi-vendor environment, network security should be designed around the standard security architectures and standard security technologies. Taking into account the security threats to the telecommunication environment and the current advancement of security countermeasures against the threats, new security requirements and solutions should be investigated. New Recommendations that show how to combine the technology standards and security frameworks are needed to implement comprehensive security for the emerging networks and services.
Recommendations and Supplements under responsibility of this Question as of 1 December 2012: X.800, X.802, X.803, X.805, X.810, X.811, X.812, X.813, X.814, X.815, X.816, X.830, X.831, X.832, X.833, X.834, X.835, X.841, X.842, X.843, X.1031, X.1032, X.1034, X.1035, X.1036, X.Suppl.2, X.Suppl.3, X.Suppl.15, and X.Suppl.16.
Texts under development: X.gsiio, X.hsn, X.ipv6-secguide, X.mgv6, and X.vissec.
Study items to be considered include, but are not limited to:
How should a comprehensive, coherent telecommunications security solution be defined?
What is the architecture for a comprehensive, coherent telecommunications security solution?
What is the framework for applying the security architecture in order to establish a new security solution?
What is the framework for applying the security architecture in order to assess (and consequently improve) an existing security solution?
What are the architectural underpinnings for security?
5.1 What is the architecture for end-to-end security?
5.2 What is the open systems security architecture?
5.3 What is the security architecture for the mobile environment?
5.4 What is the security architecture for evolving networks?
5.5 What is the security architecture for application services in collaboration with Q7/17?
What new security architecture and framework Recommendations are required for providing security solutions in the changing environment?
How should architectural standards be structured with respect to existing Recommendations on security?
How should architectural standards be structured with respect to the existing advanced security technologies?
How should the security framework Recommendations be modified to adapt them to emerging technologies and what new framework Recommendations are required?
How are security services applied to provide security solutions?
How is telecommunication/ICT infrastructure monitoring applied to provide security solutions?
Tasks include, but are not limited to:
Development of a comprehensive set of security architecture and framework Recommendations for providing standard security solutions for telecommunications in collaboration with other standards development organizations and ITU‑T study groups.
Studies and development of Recommendations on a trusted telecommunication network architecture that integrates advanced security technologies.
Maintenance and enhancements of Recommendations and Supplements in the X.800-series and X.103x-series.
ITU‑T Questions 1/17, 3/17, 4/17, 5/17, 6/17, 7/17, 8/17, 9/17, 10/17 and 11/17