Copyright © 2009 Open Geospatial Consortium, Inc. 19
system to the other.
6.2 Definition of Security Requirements based on ISO 10181
ISO 10181 provides a definition for security, focusing to protect the information: ―Information held by IT products or systems is a critical resource that enables
organisations to succeed in their mission. Additionally, individuals have a reasonable expectation that their personal information contained in IT products or systems remain
private, be available to them as needed, and not be subject to unauthorised modification. IT products or systems should perform their functions while exercising proper control of
the information to ensure it is protected against hazards such as unwanted or unwarranted dissemination, alteration, or loss. The term IT security is used to cover
prevention and mitigation of thes
e and similar hazards.‖[2] The standard further defines security frameworks and the associated requirements, applicable to security services in
Open System environments. The term ―Open System‖ is defined to include ―… areas such
as Database, Distributed Applications, ODP and OSI.‖ [2] In order to protect the exchange of information between secured systems and the
management of the stored data, the standard states that ―… security services may apply to
the communicating entities of systems as well as to data exchanged between systems, and to data managed by systems.‖ [2] In subsequent parts of the standard, the requirements
and the following security frameworks are defined:
Authentication Framework: ISO 10181-2 defines all basic concepts of
authentication in Open Systems: It identifies different classes of authentication mechanisms, the services for their implementation and the requirements for
supporting protocols. It further identifies requirements for the management of identity information.
Access Control Framework: ISO 10181-3 defines all basic concepts for access
control in Open Systems and the relation to other frameworks such as the Authentication and Audit Frameworks.
Non-repudiation Framework: ISO 10181-4 refines and extends the concepts of
non-repudiation, given in ISO 7598-2. It further defines general non-repudiation services and the mechanisms to provide these services.
Confidentiality Framework: ISO 10181-5 defines the basic concepts of
confidentiality, identifies classes of confidentiality mechanisms and their maintenance. It further addresses the interactions of the confidentiality
mechanisms with other services.
Integrity Framework: ISO 10181-6 defines the basic concepts of integrity,
identical to the Confidentiality Framework.
Security Audits and Alarms Framework: ISO 10181-7 defines the basic
concepts for security audit and alarms and the relationship to other security services.
20 Copyright © 2009 Open Geospatial Consortium, Inc.
7 The Threat Model, Vulnerabilities and Attacks
Protecting a system against all kinds of threats is almost impossible. And, the statement ―we are secure, we have a firewall‖ is dangerous as it limits the view towards possible
threats to disallow communication typically from the outside world to your internal applications. The unfortunate with this limited view is that when you provide web
services, you have to open firewall port 80 and optionally 443, otherwise the outside world cannot execute your service. Therefore, the firewall is just one component in the
big picture, when trying the holistic security approach. In order for this approach to meet the expectations, it needs to cover aspects such as securing the network, the computer that
hosts the applications, in particular the web services available to the outside world and the applications itself. Securing the applications includes securing the presentation,
business and data access logic. In addition, care needs to be taken with maintaining the operating system of the host computers, the runtime services other than the web services
and the platform specific services. The firewall actually belongs to the elements that need to be secured under the network category; Router and Switches also fall under this
category. Securing the host basically deals with appropriate configuration of user accounts, operating system services, directory and file access as well as file shares.
Securing the applications deal with implementing countermeasures or prevention of vulnerabilities towards input validation, authentication, authorization, protection of
sensitive data, cryptography, exception handling as well as auditing and logging.
7.1 Defining the Threat Model