Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
eSight Security Model
The eSight security architecture model, which complies with the communication system security model (ITU-T X.805) and security structure (3GPP 32.37X), consists of three planes, with each plane comprising three layers and ten dimensions.
For details, in Figure 5-1.
- Three planes
The three planes are the end-user plane, control plane, and OM plane. This document describes security features specific only to the OM plane.
- Three layers of each plane
Each security plane consists of the application security layer, platform security layer, and network security layer.
- Ten dimensions
Security requirements and security mechanisms are considered in the following 10 dimensions:
- Authentication: uses a security mechanism, for example, verifying login accounts, to ensure that only authenticated users access the network or system.
- Authorization: authorizes authenticated users for them to access network or system resources.
- Access Control: prevents unauthorized access to or calling of network resources. For example, the target system is protected against ill-intended behavior during untrust-trust network access.
- Availability: indicates that the system or network is ready for executing tasks at any time. Redundancy and backup policies are important security measures.
- Audit: records user behavior in logs and audits user behavior using audit policies.
- Communication Security: secures data flows against malicious actions including tampering with and forging during transmission, ensuring security access between systems and networks.
- Confidentiality: prevents information and data leakage. Encryption and decryption are used for data confidentiality.
- Integrality: identifies the integrity and accuracy of data and files, preventing malicious tempering and replacement.
- Non-Repudiation: repudiates an individual or entity's denial of a specific operation with proofs. The proof includes the data source, proprietary, and source application. These proofs can be presented to a third party to prove that some events occurred or operations were implemented. Non-repudiation is associated with security events including login, authentication, authorization, and access.
- Privacy: protects information about network operation observation. For example, when a user access a website, the geographical location, IP address, and DNS name of the user must be protected. For example, the uCert system stores encrypted user numbers.
According to ITU-T X.805, the security risks and attacks of the telecommunication system are as follows:
- Destruction
- Corruption
- Removal
- Disclosure
- Interruption
- Fraud