标准编号:ISO/IEC 29341-13-11:2008
中文名称:信息技术 通用即插即用(UPnP)设备结构 第13-11部分:设备安全设备控制协议 安全控制台服务
英文名称:Information technology — UPnP Device Architecture — Part 13-11: Device Security Device Control Protocol - Security Console Service
发布日期:2008-11
标准范围
This service is offered by a Security Console (SC). The Security Console offers a user interface foradministration of access control on security-aware UPnP devices. [See DeviceSecurity:1 for a description of theactions used in the creation and editing of Access Control Lists (ACLs) and in taking security ownership ofDevices.] As a device the Security Console is self-owned. If it has any access controlled actions, then those areto be administered by the human user and not by some other Security Console. Therefore, a Security Consoledoes not need to include a DeviceSecurity service. It does have a certificate cache, but it is an outgoing cache,rather than an incoming cache.A network built of the user’s own components with no connection to anything outside the user’s personal domainand with no control points belonging to anyone other than the user ever attached to the network would not requirethe features of UPnP Security. Network isolation would already have achieved a level of physical security. Weare concerned in UPnP Security with networks in which more than the user’s own Control Points are present onthe physical network and able to reach the user’s Devices with control messages. These situations can include:1. use of wireless, power-line networking or cable modem without a firewall, allowing an attacker to jointhe network without the user’s knowledge or permission2. shared infrastructure networks, such as a college dorm or a condominium building wired for Ethernet asone network segment serving more than one person’s residence3. households of multiple adults or teens, in which each individual wants to establish a private securitydomain, in addition to any domain of devices or control points shared among them, while using a sharednetwork domain4. connections to the Internet via devices or services that create single network segments of multiplesubscribers as a side effect of offering network connectivity (such as some cable modems and some ISPconnections)5. households in which guests might bring mobile devices or control points into the network temporarily.
立即下载标准文件