Actions

Difference between revisions of "Common Data Security Architecture (CDSA)"

m (The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).)
 
Line 1: Line 1:
 
== Definition of Common Data Security Architecture (CDSA) ==
 
== Definition of Common Data Security Architecture (CDSA) ==
'''Common [[Data]] Security [[Architecture]] (CDSA)''' is a set of layered security services and cryptographic [[framework]] that provide an infrastructure for creating cross-platform, interoperable, security-enabled applications for [[Client Server Architecture|client-server environments]]. CDSA covers all the essential components of security capability, to equip applications for [[E-Commerce|electronic commerce]] and other [[Business Application|business applications]] with security services that provide facilities for cryptography, certificate [[management]], trust [[policy]] management, and key recovery.<ref>Definition - What Does Common Data Security Architecture (CDSA) Mean? [http://www.opengroup.org/security/cdsa.htm The Open Group]</ref>
+
'''Common Data Security Architecture (CDSA)''' is a set of layered security services and cryptographic framework that provide an infrastructure for creating cross-platform, interoperable, security-enabled applications for [[Client Server Architecture|client-server environments]]. CDSA covers all the essential components of security capability, to equip applications for [[E-Commerce|electronic commerce]] and other [[Business Application|business applications]] with security services that provide facilities for cryptography, certificate management, trust policy management, and key recovery.<ref>Definition - What Does Common Data Security Architecture (CDSA) Mean? [http://www.opengroup.org/security/cdsa.htm The Open Group]</ref>
  
CDSA was originally developed by Intel Architecture Labs and was released to the OpenSource community in May 2000. HP's CDSA implementation is based on the Intel V2.0 Release 3 reference platform, which implements CDSA V2.0 with Corrigenda, as defined in The Open Group's Technical [[Standard]] C914, May 2000. Starting with Version 7.3-1, HP provides CDSA as part of the OpenVMS Alpha operating [[system]]. CDSA is compatible with OpenVMS Alpha Version 7.2-2 and higher. CDSA provides a stable, standards-based programming interface that enables applications to access operating system security services. With CDSA, you can create cross-platform, security-enabled applications. Security services, such as cryptography and other public key operations, are available through a dynamically extensible interface to a set of [[plug-in]] modules. These modules can be supplemented or changed as [[business]] needs and technologies evolve. CDSA is security [[middleware]] that provides flexible mix-and-match solutions across a variety of applications and security services. CDSA insulates you from the issues of incorporating security into applications, freeing you to focus on the applications themselves. The security underpinnings are transparent to the user.<ref>Understanding CDSA [http://h30266.www3.hpe.com/odl/axpos/opsys/vmsos84/BA554_90015/ch01s05.html HPE]</ref>
+
CDSA was originally developed by Intel Architecture Labs and was released to the OpenSource community in May 2000. HP's CDSA implementation is based on the Intel V2.0 Release 3 reference platform, which implements CDSA V2.0 with Corrigenda, as defined in The Open Group's Technical Standard C914, May 2000. Starting with Version 7.3-1, HP provides CDSA as part of the OpenVMS Alpha operating system. CDSA is compatible with OpenVMS Alpha Version 7.2-2 and higher. CDSA provides a stable, standards-based programming interface that enables applications to access operating system security services. With CDSA, you can create cross-platform, security-enabled applications. Security services, such as cryptography and other public key operations, are available through a dynamically extensible interface to a set of plug-in modules. These modules can be supplemented or changed as business needs and technologies evolve. CDSA is security middleware that provides flexible mix-and-match solutions across a variety of applications and security services. CDSA insulates you from the issues of incorporating security into applications, freeing you to focus on the applications themselves. The security underpinnings are transparent to the user.<ref>Understanding CDSA [http://h30266.www3.hpe.com/odl/axpos/opsys/vmsos84/BA554_90015/ch01s05.html HPE]</ref>
  
  
Line 9: Line 9:
  
 
== CDSA Features<ref>CDSA Features [https://www.techopedia.com/definition/10244/common-data-security-architecture-cdsa Techopedia]</ref> ==
 
== CDSA Features<ref>CDSA Features [https://www.techopedia.com/definition/10244/common-data-security-architecture-cdsa Techopedia]</ref> ==
CDSA is primarily a middleware framework that provides a set of APIs for creating and delivering secure applications. It allows [[application]] developers to easily add a set of different security features and services that have been prewritten and designed for client/server-based applications. CDSA provides the following features:
+
CDSA is primarily a middleware framework that provides a set of APIs for creating and delivering secure applications. It allows application developers to easily add a set of different security features and services that have been prewritten and designed for client/server-based applications. CDSA provides the following features:
 
*Cryptography and encryption
 
*Cryptography and encryption
 
*Certificate creation and management
 
*Certificate creation and management
 
*Policy management
 
*Policy management
*[[Authentication]] and non-repudiation
+
*Authentication and non-repudiation
 
*Public key infrastructure
 
*Public key infrastructure
  
Line 20: Line 20:
 
CDSA is made up of three basic layers:
 
CDSA is made up of three basic layers:
 
*System Security Services
 
*System Security Services
*The Common Security Services [[Manager]] (CSSM)
+
*The Common Security Services Manager (CSSM)
 
*Security Add -in Modules  
 
*Security Add -in Modules  
  
Line 27: Line 27:
  
  
*System Security Services: System Security Services are bet ween applications and CSSM services. [[Software]] at this layer provides a high-level abstraction of security services such as secure e-mail, secure file systems, or secure communications. Applications can invoke the CSSM APIs directly, or use these layered services t o access security services on a platf orm.
+
*System Security Services: System Security Services are bet ween applications and CSSM services. [[Software]] at this layer provides a high-level abstraction of security services such as secure e-mail, secure file systems, or secure communications. Applications can invoke the CSSM APIs directly, or use these layered services t o access security services on a platform.
*The Common Security [[Service]] Manager (CSSM): CSSM provides a set of core services that are common to all categories of security services. CSSM defines five basic categories of services:
+
*The Common Security Service Manager (CSSM): CSSM provides a set of core services that are common to all categories of security services. CSSM defines five basic categories of services:
**Cryptographic [[Service Provider]] (CSP) modules: CSPs perform crypt ographic operations such as bulk encrypting, digesting, and digital signat ures.
+
**Cryptographic Service Provider (CSP) modules: CSPs perform cryptographic operations such as bulk encrypting, digesting, and digital signatures.
 
**Trust Policy (TP) modules: TPs implement policies defined by authorities and institutions and set the level of trust required to carry out specific actions (such as issuing a check or gaining access to confidential intellectual property).
 
**Trust Policy (TP) modules: TPs implement policies defined by authorities and institutions and set the level of trust required to carry out specific actions (such as issuing a check or gaining access to confidential intellectual property).
**Certificate Library (CL) modules: CLs manage c ertif icates and revocation list s, and access t o remote signing capabilities such as Certification Authorities (CA).
+
**Certificate Library (CL) modules: CLs manage certificates and revocation list s, and access t o remote signing capabilities such as Certification Authorities (CA).
**[[Data Storage]] Library (DL) modules: DLs provide stable storage for security-related data objects, including certificates cryptographic keys and policy objects.
+
**Data Storage Library (DL) modules: DLs provide stable storage for security-related data objects, including certificates cryptographic keys and policy objects.
**Authorization Computation (AC) modules: ACs define a general authorisation [[evaluation]] service that computes whether a set of credentials and samples are authorized to perform a specific operation on a specific object.
+
**Authorization Computation (AC) modules: ACs define a general authorization evaluation service that computes whether a set of credentials and samples are authorized to perform a specific operation on a specific object.
 
**Elective (EM) Modules: EMs add new and compelling security features not encompassed by the current set of service modules. For example one new feature that vendors might add to CDSA is a biometrics authentication. In addition, CSSM provides two additional core services:
 
**Elective (EM) Modules: EMs add new and compelling security features not encompassed by the current set of service modules. For example one new feature that vendors might add to CDSA is a biometrics authentication. In addition, CSSM provides two additional core services:
**Integrity Services: The int egrity services are used by CSSM itself to verify and guarantee the integrity of all the other components within the CSSM environment
+
**Integrity Services: The integrity services are used by CSSM itself to verify and guarantee the integrity of all the other components within the CSSM environment
**Security Context Management: CSSM provides context management functions (such as session inf or mation) to facilitate applications to utilise the security services
+
**Security Context Management: CSSM provides context management functions (such as session information) to facilitate applications to utilize the security services
*Security Add-in Modules: This layer is made up of service provider modules that offer basic components — cryptographic algorithms,base certificate manipulation facilities, and storage etc.
+
*Security Add-in Modules: This layer is made up of service provider modules that offer basic components — cryptographic algorithms, base certificate manipulation facilities, and storage etc.
  
  
 
== See Also ==
 
== See Also ==
<div style="column-count:2;-moz-column-count:4;-webkit-column-count:4">
+
<div style="column-count:2;-moz-column-count:2;-webkit-column-count:2">
[[Data Access]]<br />
 
[[Data Analysis]]<br />
 
[[Data Analytics]]<br />
 
[[Data Architecture]]<br />
 
[[Data Asset Framework (DAF)]]<br />
 
[[Data Buffer]]<br />
 
[[Data Center]]<br />
 
[[Data Center Infrastructure]]<br />
 
[[Data Center Infrastructure Management (DCIM)]]<br />
 
[[Data Cleansing]]<br />
 
[[Data Collection]]<br />
 
[[Data Compatibility]]<br />
 
[[Data Consolidation]]<br />
 
[[Data Deduplication]]<br />
 
[[Data Delivery Platform (DDP)]]<br />
 
[[Data Description (Definition) Language (DDL)]]<br />
 
[[Data Dictionary]]<br />
 
[[Data Discovery]]<br />
 
[[Data Driven Organization]]<br />
 
[[Data Element]]<br />
 
[[Data Enrichment]]<br />
 
[[Data Entry]]<br />
 
[[Data Federation]]<br />
 
[[Data Flow Diagram]]<br />
 
[[Data Governance]]<br />
 
[[Data Health Check]]<br />
 
[[Data Hierarchy]]<br />
 
[[Data Independence]]<br />
 
[[Data Integration]]<br />
 
[[Data Integration Framework (DIF)]]<br />
 
[[Data Integrity]]<br />
 
[[Data Island]]<br />
 
[[Data Item]]<br />
 
[[Data Lake]]<br />
 
[[Data Life Cycle]]<br />
 
[[Data Lineage]]<br />
 
[[Data Loss Prevention (DLP)]]<br />
 
[[Data Management]]<br />
 
[[Data Migration]]<br />
 
[[Data Minimization]]<br />
 
[[Data Mining]]<br />
 
[[Data Model]]<br />
 
[[Data Modeling]]<br />
 
[[Data Monitoring]]<br />
 
[[Data Munging]]<br />
 
[[Data Portability]]<br />
 
[[Data Preparation]]<br />
 
[[Data Presentation Architecture]]<br />
 
[[Data Processing]]<br />
 
[[Data Profiling]]<br />
 
[[Data Proliferation]]<br />
 
[[Data Propagation]]<br />
 
[[Data Protection Act]]<br />
 
[[Data Prototyping]]<br />
 
[[Data Quality]]<br />
 
[[Data Quality Assessment (DQA)]]<br />
 
[[Data Quality Dimension]]<br />
 
[[Data Quality Standard]]<br />
 
[[Data Reconciliation]]<br />
 
[[Data Reference Model (DRM)]]<br />
 
[[Data Science]]<br />
 
[[Data Security]]<br />
 
[[Data Stewardship]]<br />
 
[[Data Structure]]<br />
 
[[Data Structure Diagram]]<br />
 
[[Data Suppression]]<br />
 
[[Data Transformation]]<br />
 
[[Data Validation]]<br />
 
[[Data Value Chain]]<br />
 
[[Data Vault Modeling]]<br />
 
[[Data Virtualization]]<br />
 
[[Data Visualization]]<br />
 
[[Data Warehouse]]<br />
 
[[Data Wrangling]]<br />
 
[[Data and Information Reference Model (DRM)]]<br />
 
[[Data as a Service (DaaS)]]<br />
 
[[Database (DB)]]<br />
 
[[Database Design]]<br />
 
[[Database Design Methodology]]<br />
 
[[Database Management System (DBMS)]]<br />
 
[[Database Marketing]]<br />
 
[[Database Schema]]<br />
 
[[Database System]]<br />
 
 
[[Security Architecture]]<br />
 
[[Security Architecture]]<br />
 
[[Security Policy]]<br />
 
[[Security Policy]]<br />
Line 133: Line 50:
 
[[Business Model for Information Security (BMIS)]]<br />
 
[[Business Model for Information Security (BMIS)]]<br />
 
[[Cognitive Security]]<br />
 
[[Cognitive Security]]<br />
[[Common Data Security Architecture (CDSA)]]<br />
 
 
[[Federal Information Security Management Act (FISMA)]]<br />
 
[[Federal Information Security Management Act (FISMA)]]<br />
 
[[Payment Card Industry Data Security Standard (PCI DSS)]]<br />
 
[[Payment Card Industry Data Security Standard (PCI DSS)]]<br />
[[Data Security]]<br />
 
 
[[Computer Security]]<br />
 
[[Computer Security]]<br />
 
[[Enterprise Information Security Architecture (EISA)]]<br />
 
[[Enterprise Information Security Architecture (EISA)]]<br />
Line 142: Line 57:
 
[[Graduated Security]]<br />
 
[[Graduated Security]]<br />
 
[[Information Systems Security (INFOSEC)]]<br />
 
[[Information Systems Security (INFOSEC)]]<br />
[[Information Security Management System (ISMS)]]<br />
 
[[Information Technology Security Assessment]]<br />
 
 
[[Mobile Security]]<br />
 
[[Mobile Security]]<br />
 
[[Network Security]]<br />
 
[[Network Security]]<br />

Latest revision as of 18:46, 15 June 2022

Definition of Common Data Security Architecture (CDSA)

Common Data Security Architecture (CDSA) is a set of layered security services and cryptographic framework that provide an infrastructure for creating cross-platform, interoperable, security-enabled applications for client-server environments. CDSA covers all the essential components of security capability, to equip applications for electronic commerce and other business applications with security services that provide facilities for cryptography, certificate management, trust policy management, and key recovery.[1]

CDSA was originally developed by Intel Architecture Labs and was released to the OpenSource community in May 2000. HP's CDSA implementation is based on the Intel V2.0 Release 3 reference platform, which implements CDSA V2.0 with Corrigenda, as defined in The Open Group's Technical Standard C914, May 2000. Starting with Version 7.3-1, HP provides CDSA as part of the OpenVMS Alpha operating system. CDSA is compatible with OpenVMS Alpha Version 7.2-2 and higher. CDSA provides a stable, standards-based programming interface that enables applications to access operating system security services. With CDSA, you can create cross-platform, security-enabled applications. Security services, such as cryptography and other public key operations, are available through a dynamically extensible interface to a set of plug-in modules. These modules can be supplemented or changed as business needs and technologies evolve. CDSA is security middleware that provides flexible mix-and-match solutions across a variety of applications and security services. CDSA insulates you from the issues of incorporating security into applications, freeing you to focus on the applications themselves. The security underpinnings are transparent to the user.[2]



CDSA Features[3]

CDSA is primarily a middleware framework that provides a set of APIs for creating and delivering secure applications. It allows application developers to easily add a set of different security features and services that have been prewritten and designed for client/server-based applications. CDSA provides the following features:

  • Cryptography and encryption
  • Certificate creation and management
  • Policy management
  • Authentication and non-repudiation
  • Public key infrastructure


CDSA Layers[4]

CDSA is made up of three basic layers:

  • System Security Services
  • The Common Security Services Manager (CSSM)
  • Security Add -in Modules


CDSA Layers


  • System Security Services: System Security Services are bet ween applications and CSSM services. Software at this layer provides a high-level abstraction of security services such as secure e-mail, secure file systems, or secure communications. Applications can invoke the CSSM APIs directly, or use these layered services t o access security services on a platform.
  • The Common Security Service Manager (CSSM): CSSM provides a set of core services that are common to all categories of security services. CSSM defines five basic categories of services:
    • Cryptographic Service Provider (CSP) modules: CSPs perform cryptographic operations such as bulk encrypting, digesting, and digital signatures.
    • Trust Policy (TP) modules: TPs implement policies defined by authorities and institutions and set the level of trust required to carry out specific actions (such as issuing a check or gaining access to confidential intellectual property).
    • Certificate Library (CL) modules: CLs manage certificates and revocation list s, and access t o remote signing capabilities such as Certification Authorities (CA).
    • Data Storage Library (DL) modules: DLs provide stable storage for security-related data objects, including certificates cryptographic keys and policy objects.
    • Authorization Computation (AC) modules: ACs define a general authorization evaluation service that computes whether a set of credentials and samples are authorized to perform a specific operation on a specific object.
    • Elective (EM) Modules: EMs add new and compelling security features not encompassed by the current set of service modules. For example one new feature that vendors might add to CDSA is a biometrics authentication. In addition, CSSM provides two additional core services:
    • Integrity Services: The integrity services are used by CSSM itself to verify and guarantee the integrity of all the other components within the CSSM environment
    • Security Context Management: CSSM provides context management functions (such as session information) to facilitate applications to utilize the security services
  • Security Add-in Modules: This layer is made up of service provider modules that offer basic components — cryptographic algorithms, base certificate manipulation facilities, and storage etc.


See Also


References

  1. Definition - What Does Common Data Security Architecture (CDSA) Mean? The Open Group
  2. Understanding CDSA HPE
  3. CDSA Features Techopedia
  4. CDSA Layers GIAC