1. Conventional Security Services
The following are considered to be the
security services which can be provided optionally within the framework of the
OSI Reference Model. The authentication services require authentication information
comprising locally stored information and data that is transferred
(credentials) to facilitate the authentication.
Authentication
These services including peer entity
authentication and data origin authentication can provide for the authentication
of a communicating peer entity and the source of data.
Access
control
This service provides protection against
unauthorized use of resources accessible via OSI. These may be OSI or non-OSI
resources accessed via OSI protocols. This protection service may be applied to
various types of access to a resource or to all accesses to a resource.
Data
confidentiality
These services including connection
confidentiality, connectionless confidentiality, selective field
confidentiality and traffic flow confidentiality can provide for the protection
of data from unauthorized disclosure.
Data
integrity
These services including connection
integrity with recovery, connection integrity without recovery, selective field
connection integrity, connectionless integrity and selective field
connectionless integrity can counter active threats.
Non-repudiation
This service may take one or both of two
forms: non-repudiation with proof of origin and non-repudiation with proof of
delivery. Non-repudiation with proof of origin: The recipient of data is
provided with proof of the origin of data. This will protect against any
attempt by the sender to falsely deny sending the data or its contents. Non-repudiation
with proof of delivery: The sender of data is provided with proof of delivery
of data. This will protect against any subsequent attempt by the recipient to
falsely deny receiving the data or its contents.
2. Social Network Security Objectives
Three main security objectives are privacy,
integrity and availability.
Privacy
Privacy in OSNs encompasses user profile
privacy, communication privacy, message confidentiality and information
disclosure. In principle, privacy calls for the possibility to hide any
information about any user, even to the extent of hiding their participation in
the OSN in the first place. Moreover privacy has to be met by default all
information on all users and their actions has to be hidden from any other
party internal or external to the system, unless explicitly disclosed by the
users themselves. Requiring explicit disclosure leads to the need for access
control. Access to information on a user may only be granted by the user
directly the access control has to be as finegrained as the profile, and each
attribute has to be separately manageable.
Integrity
The user’s identity and data must be
protected against unauthorized modification and tampering. In addition to
conventional modification detection and message authentication, integrity in
the context of OSNs has to be extended. The authentication has to ensure the
existence of real persons behind registered OSN members.
Availability
In OSNs, this availability specifically has
to include robustness against censorship, and the seizure or hijacking of names
and other key words. Apart from availability of data access, availability has
to be ensured along with message exchange among members
3. Differences
Conventional security services also provide
the authentication, access control and non-repudiation services while OSNs do
not. OSNs provide the privacy and availability services while conventional security
services do not. And OSNs extend the integrity service.
It’s because social network contains mass
of the real information. And information or message posted to the social
network can reflect the real life of the owners. So the privacy is very
important. Majority members act on the social website every second. And some
applications whether they are third-party applications or not need the
information from the social network. So the social network should provide the
availability services. In other networks, different networks have different
demands in the security services.
4. Revise
The second
part of the blog contents was come from the lecture notes 10 (slides 6-10). The first part of the blog contents was come from the
internet. URL: http://en.wikipedia.org/wiki/Security_service_%28telecommunication%29. And the third part comes from my own ideas after the reading and
comparison between the conventional security services and OSNs.
Your tips about blog writing is useful. Yes, a tool like blogger should first be easy to use, easy to write, easy to share. Then people will feel relaxed to use it in a easy way. In a impromptu way, many sparks of thought are produced. And more people are attracted to use it. I think the success of blog is the success of the concept of feel free to be your own radio.
回复删除You mentioned conventional security services and social network security objectives. That is important.
回复删除The problem of security in web2.0 is much more complicated than web1.0. Because in web2.0, the concept of network was impressively expanded. The concern about the security of social networks becomes more important. For example, one may post his profile on the website which only can be seen by his friend. But the definition of friend on a social network is relax, which can not as a guarantee of private information. You can find out many problems same like. More research about security of social network is needed.
very good summarize,and is very useful for review
回复删除I agree that social networks are critical infrastructure now and hacking is increasingly a criminal profession. Your post help me to revise what i learned in lecture. Thanks a lot.
回复删除