Security in open distributed processing

Abstract

This paper describes two main aspects of security in open distributed processing: Embedment of security capabilities in reference to the OSI Reference Model and mapping of application layer components onto implementations in end-systems. The paper is based on a strategic commitment to the adoption of existing and evolving international standards. Therefore, the work is based on the security architecture (OSI 7498-2) and on the security concept described in ECMA TR/46 - Security in Open Systems - a Security Framework. This framework proposes a set of security facilities which are the building blocks for security services for use in the OSI application layer. One of the main targets of this paper is to show how security services can be embedded in the OSI communication environment. Two new types of common Application Service Element (ASE) are proposed to provide the security services in the application layer: the security information ASE and the security control ASE. The X. 400 message handling system has been chosen as an example for securing a productive application.