Abstract
This paper outlines the approach taken in the security module of the European Handbook for Procurement of Open Systems (EPHOS). EPHOS is a European Commission led development of a suite of handbooks for the procurement of open system services such as data communications, messaging, directories, EDI and operating systems. The paper describes a Basic Security Scenario which is used as the baseline for the security provisions defined in the EPHOS security module. The paper describes two ways that procurers may use EPHOS security. One provides a default set of options in a “Procurement Profile” which matches common business security concerns. The other route provides a set of decisions for selecting “Procurement Clauses” for options best fitting the procurement situation. The paper outlines the default options selected for the X.25, X.400 and EDI “Procurement Profiles” as well as the generic security techniques which are used in support of the range of application areas. The paper describes the on-going work to address requirements for security of other application areas and concludes by identifying the unique features of EPHOS security.
Chapter PDF
Similar content being viewed by others
Keywords
References
BS 7799 British Standard: Code of practice for Information Security Management IT Baseline Protection Manual - German Information Security Agency
CCITT Recommendation X.25 (1993), Interface between Data Terminal Equipment (DTE) and Data Circuit-Terminating Equipment (DCE) for terminals operating in Packet Mode and connected to public data networks by dedicated circuits.
ISO/IEC ISP 10609: 1992 Information Technology - International Profiles TB, TC TD and TE - Connection mode Transport Service over connection mode Network Service
ITU-T Recommendation X.273 (1994) I ISO/IEC 11577 (1995) Information Technology — Open Systems Interconnection — Network Layer Security Protocol
ITU-T Recommendation X.274 (1994) I ISO/IEC 10736 (1995) Information Technology — Open Systems Interconnection — Transport Layer Security Protocol
ISO/IEC PDISP 10608–7 Security employing the Network Layer Security Protocol - Connectionless mode, for TAnnn profiles
ISO/IEC PDISP 10608–8 Security employing the Network Layer Security Protocol - Connection-mode with SDT-PDU based Protection over X.25 packet switched data networks using virtual calls, for TA1111/TA1121 profiles
ISO/IEC PDISP 10609–16 Security employing the Network Layer Security Protocol - Connection-mode with No-header, for TB/TC/TD/TE nnn profiles
ISO/IEC PDISP 10609–17 Security employing the Network Layer Security Protocol - Connection-mode with SDT-PDU based Protection for TB/TC/TD/TE nnn profiles
ISO/IEC PDISP 10613–19 Security employing the Network Layer Security Protocol - Connectionless mode, for RAnnn profiles
ISO/IEC PDISP 10613–20 Security employing the Network Layer Security Protocol - Connection-mode with SDT-PDU based Protection over X.25 packet switched data networks using virtual calls, for RA1111/RA1121 profiles
ITU-T Recommendation X.400 (1992) Message Handling Systems (equivalent to ISO/IEC 10121 (1990) — Message-Oriented Text Interchange Systems (MOTIS) with corrigenda)
ITU-T Recommendation X.435 (1992) Message Handling Systems - Electronic Data Interchange Messaging System (equivalent to ISO/IEC 10121–9)
ISO/IEC ISP 10611: 1994, Information technology - International Standardized Profiles - Message Handling Systems - Common Messaging
ISO/IEC ISP 12063: 1994 Information technology - International Standardized Profiles - Message Handling Systems - Electronic Data Interchange Messaging
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Pope, N.H., Ross, J.G. (1996). EPHOS Security Procurement of secure open systems. In: Katsikas, S.K., Gritzalis, D. (eds) Information Systems Security. SEC 1996. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-1-5041-2919-0_10
Download citation
DOI: https://doi.org/10.1007/978-1-5041-2919-0_10
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2921-3
Online ISBN: 978-1-5041-2919-0
eBook Packages: Springer Book Archive