The System and Communications Protection security control family ensures that the information system and the information it processes are protected at external and key internal boundaries.
System and Communications Protection addresses the following functional areas:
1. Application partitioning;
2. Security function isolation;
3. Denial of service protection;
4. Resource priority;
5. Boundary protection;
6. Transmission integrity and confidentiality; and
7. Key management;
For the purposes of this functional architecture, the System and Communications Protection security control family is separated into two main components: protectionof information exchanges and boundary controls. Intrusion detection is addressed with boundary controls.
Security enclaves are created by the placement of boundary controls. These boundary controls can be organized into 2 sets:
1. Enclave boundary controls that provide protections for internal security enclaves that have no direct connection to the outside world; and
2. Extranet boundary controls that provide protections from all external entities.
CompositeStructure diagram: 8.3.4 System & Communications Protection
8.3.4.2 SC: Enclave Boundary Controls
Type: Component
Status: Proposed. Version 1.0. Phase 1.0.
Package: 8.0 Support Functions Keywords:
Detail: Created on 2/28/2007. Last modified on.2/28/2007.
GUID: {3B16009B-5AB8-4788-91F0-CB3231B13250}
The SC: Enclave Boundary Controls security control provides boundary protections for internal security enclaves.
SC: Enclave Boundary Controls addresses the following functional areas:
1. Cryptographic operations;
2. Public Key Infrastructure;
3. Key management;
4. Peer entity authentication;
5. Data origin authentication;
6. Replay protection;
7. Denial of service protection;
8. Message integrity;
9. Intrusion detection/prevention.
Typical implementations of the SC: Enclave Boundary Controls security control include:
1. Virtual Private Networks (VPNs);
2. Authentication, Authorization, and Accountability (AAA) servers;
3. Stateful packet inspection (up to OSI Layer 4);
4. Stateful deep packet inspection (up to OSI Layer 7);
5. Access Control Lists.
8.3.4.1 SC: ATN Security
Type: Component
Status: Proposed. Version 1.0. Phase 1.0.
Package: 8.0 Support Functions Keywords:
Detail: Created on 2/28/2007. Last modified on.2/28/2007.
GUID: {56A30FE8-23F5-4b4f-AFC6-590F584FEBD9}
The SC: ATN Security control provides protections for air-ground information exchanges between ground automation systems and airborne automation systems and for ground-ground information exchanges between two ground automation systems. It is specified in ICAO Doc 9705 Edition 3.
SC: ATN Security addresses the following functional areas:
1. Cryptographic operations;
2. Public Key Infrastructure;
3. Key management;
4. Peer entity authentication;
5. Data origin authentication;
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:Functional Architecture for the Data Communication System(93)
