📄 rfc2729.txt
字号:
Example Application: audio feed - 60mins Active Time Total time session is active, not including breaks Type: Time Strictest Requirement: equals duration Scope: per stream Example Application: Spectator sport transmission Session Burstiness Expected level of burstiness of the session Type: Fraction Meaning: Variance as a fraction of maximum bandwidth Strictest Requirement: =bandwidth Scope: per stream Example Application: commentary & slide show: 90% of maxBagnall, et al. Informational [Page 14]
RFC 2729 Taxonomy of Communication Requirements December 1999 Atomic join Session fails unless a certain proportion of the potential participants accept an invitation to join. Alternatively, may be specified as a specific numeric quorum. Type: Fraction (proportion required) or int (quorum) Strictest Requirement: 1.0 (proportion) Example Application: price list update, committee meeting Scope: per stream or session NB: whether certain participants are essential is application dependent. Late join allowed ? Does joining a session after it starts make sense Type: Boolean Strictest Requirement: allowed Scope: per stream or session Example Application: game - not allowed NB: An application may wish to define an alternate session if late join is not allowed Temporary leave allowed ? Does leaving and then coming back make sense for session Type: Boolean Strictest Requirement: allowed Scope: per stream or session Example Application: FTP - not allowed Late join with catch-up allowed ? Is there a mechanism for a late joiner to see what they've missed Type: Boolean Strictest Requirement: allowed Scope: per stream or session Example Application: sports event broadcast, allowed NB: An application may wish to define an alternate session if late join is not allowedBagnall, et al. Informational [Page 15]
RFC 2729 Taxonomy of Communication Requirements December 1999 Potential streams per session Total number of streams that are part of session, whether being consumed or not Type: Integer Strictest Requirement: No upper limit Scope: per session Example Application: football match mcast - multiple camera's, commentary, 15 streams Active streams per sessions (i.e. max app can handle) Maximum number of streams that an application can consume simultaneously Type: Integer Strictest Requirement: No upper limit Scope: per session Example Application: football match mcast - 6, one main video, four user selected, one audio commentary3.2.6. Session Topology Note: topology may be dynamic. One of the challenges in designing adaptive protocol frameworks is to predict the topology before the first join. Number of senders The number of senders is a result the middleware may pass up to the application Type: Integer Strictest Requirement: No upper limit Scope: per stream Example Application: network MUD - 100 Number of receivers The number of receivers is a results the middleware may pass up to the application Type: Integer Strictest Requirement: No upper limit Scope: per stream Example Application: video mcast - 100,000Bagnall, et al. Informational [Page 16]
RFC 2729 Taxonomy of Communication Requirements December 19993.2.7. Directory Fail-over timeout (see Reliability: fail-over time) Mobility Defines restrictions on when directory entries may be changed Type: Enumeration Meaning: while entry is in use while entry in unused never Strictest Requirement: while entry is in use Scope: per stream Example Application: voice over mobile phone, while entry is in use (as phone gets new address when changing cell).3.2.8. Security The strength of any security arrangement can be stated as the expected cost of mounting a successful attack. This allows mechanisms such as physical isolation to be considered alongside encryption mechanisms. The cost is measured in an abstract currency, such as 1970 UD$ (to inflation proof). Security is an orthogonal requirement. Many requirements can have a security requirement on them which mandates that the cost of causing the system to fail to meet that requirement is more than the specified amount. In terms of impact on other requirements though, security does potentially have a large impact so when a system is trying to determine which mechanisms to use and whether the requirements can be met security will clearly be a major influence. Authentication Strength Authentication aims to ensure that a principal is who they claim to be. For each role in a communication, (e.g. sender, receiver) there is a strength for the authentication of the principle who has taken on that role. The principal could be a person, organization or other legal entity. It could not be a process since a process has no legal representation. Type: Abstract Currency Meaning: That the cost of hijacking a role is in excess of the specified amount. Each role is a different requirement.Bagnall, et al. Informational [Page 17]
RFC 2729 Taxonomy of Communication Requirements December 1999 Strictest Requirement: budget of largest attacker Scope: per stream Example Application: inter-governmental conference Tamper-proofing This allows the application to specify how much security will be applied to ensuring that a communication is not tampered with. This is specified as the minimum cost of successfully tampering with the communication. Each non-security requirement has a tamper-proofing requirement attached to it. Requirement: The cost of tampering with the communication is in excess of the specified amount. Type: { Abstract Currency, Abstract Currency, Abstract Currency } Meaning: cost to alter or destroy data, cost to replay data (successfully), cost to interfere with timeliness. Scope: per stream Strictest Requirement: Each budget of largest attacker Example Application: stock price feed Non-repudiation strength The non-repudiation strength defines how much care is taken to make sure there is a reliable audit trail on all interactions. It is measured as the cost of faking an audit trail, and therefore being able to "prove" an untrue event. There are a number of possible parameters of the event that need to be proved. The following list is not exclusive but shows the typical set of requirements. 1. Time 2. Ordering (when relative to other events) 3. Whom 4. What (the event itself) There are a number of events that need to be provable. 1. sender proved sent 2. receiver proves received 3. sender proves received. Type: Abstract Currency Meaning: minimum cost of faking or denying an event Strictest Requirement: Budget of largest attacker Scope: per stream Example Application: Online shopping systemBagnall, et al. Informational [Page 18]
RFC 2729 Taxonomy of Communication Requirements December 1999 Denial of service There may be a requirement for some systems (999,911,112 emergency services access for example) that denial of service attacks cannot be launched. While this is difficult (maybe impossible) in many systems at the moment it is still a requirement, just one that can't be met. Type: Abstract Currency Meaning: Cost of launching a denial of service attack is greater than specified amount. Strictest Requirement: budget of largest attacker Scope: per stream Example Application: web hosting, to prevent individual hackers stalling system. Action restriction For any given communication there are a two actions, send and receive. Operations like adding to members to a group are done as a send to the membership list. Examining the list is a request to and receive from the list. Other actions can be generalized to send and receive on some communication, or are application level not comms level issues. Type: Membership list/rule for each action. Meaning: predicate for determining permission for role Strictest Requirement: Send and receive have different policies. Scope: per stream Example Application: TV broadcast, sender policy defines transmitter, receiver policy is null. NB: Several actions may share the same membership policy. Privacy Privacy defines how well obscured a principals identity is. This could be for any interaction. A list of participants may be obscured, a sender may obscure their identity when they send. There are also different types of privacy. For example knowing two messages were sent by the same person breaks the strongest type of privacy even if the identity of that sender is still unknown. For each "level" of privacy there is a cost associated with violating it. The requirement is that this cost is excessive for the attacker.Bagnall, et al. Informational [Page 19]
RFC 2729 Taxonomy of Communication Requirements December 1999 Type: { Abstract Currency, Abstract Currency, Abstract Currency, Abstract Currency } Meaning: Level of privacy, expected cost to violate privacy level for:- openly identified - this is the unprotected case anonymously identified - (messages from the same sender can be linked) unadvertised (but traceable) - meaning that traffic can be detected and traced to it's source or destination, this is a breach if the very fact that two specific principals are communicating is sensitive. undetectable Strictest Requirement: All levels budget of attacker Scope: per stream Example Application: Secret ballot voting system openly identified - budget of any interested party anonymously identified - zero unadvertised - zero undetectable - zero Confidentiality Confidentiality defines how well protected the content of a communication is from snooping. Type: Abstract Currency Meaning: Level of Confidentiality, the cost of gaining illicit access to the content of a stream Strictest Requirement: budget of attacker Scope: per stream Example Application: Secure email - value of transmitted information Retransmit prevention strength This is extremely hard at the moment. This is not to say it's not a requirement.Bagnall, et al. Informational [Page 20]
RFC 2729 Taxonomy of Communication Requirements December 1999 Type: Abstract Currency Meaning: The cost of retransmitting a secure piece of information should exceed the specified amount. Strictest Requirement: Cost of retransmitting value of information Scope: per stream Membership Criteria If a principal attempts to participate in a communication then a⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -