Common network information security attributes include confidentiality, integrity, availability, non-repudiation, and controllability. Confidentiality, integrity, and availability (the CIA triad) are considered the core security properties of network information systems. Other relevant attributes include authenticity, timeliness, compliance, privacy, fairness, reliability, and survivability.
Confidentiality
Confidentiality is the property that information is not disclosed to unauthorized users, entities, or programs. It prevents unauthorized parties from obtaining information. Confidentiality covers not only state secrets but also commercial and operational secrets of organizations and personal data. For example, if an attacker obtains passwords by eavesdropping, the overall security of the network system may be compromised. Confidentiality applies to both data in transit and data stored in computer systems. Encryption is commonly used to protect information during transmission, while access control mechanisms enforce confidentiality for stored data by granting different permissions to different users.
Integrity
Integrity means that information or systems cannot be altered without authorization. It ensures that data remain unmodified, undamaged, and not lost during storage or transmission. Data integrity requires that data be complete and uncorrupted, and that the source of the data is correct and trustworthy. Verification should confirm that data are authentic before checking whether they have been altered. Threats to integrity include malicious tampering, equipment failures, and natural disasters.
Availability
Availability means that authorized users can access information or services in a timely manner. It ensures that authorized entities can use the information or services when needed, preventing system unavailability caused by various factors. For example, a website should provide normal page access to users and be resilient against denial-of-service attacks.
Non-repudiation
Non-repudiation prevents participants in a network information system from denying their actions. During information exchange, it is necessary to confirm the true identity of participants so that no party can deny having performed a given operation or made a commitment. In practice, non-repudiation means the sender cannot deny having sent a message and the receiver cannot deny having received it. Evidence from the information source and receipt can prevent repudiation; digital signatures are an important means to achieve non-repudiation.
Controllability
Controllability describes the ability of the responsible party to manage and govern the network information system. It means the system can be effectively controlled according to authorization rules, allowing administrators to manage system behavior and information usage consistent with operational goals. Controllability covers the ability to manage information dissemination paths, scope, and content, for example preventing inappropriate content from being transmitted over public networks and keeping information under the effective control of authorized users.
Other Attributes
In addition to the common attributes above, other security properties include:
- Authenticity: Information in cyberspace should correspond to objective facts in the physical or social world. False or misleading information violates authenticity.
- Timeliness: Information, services, and systems must meet time constraints. For example, an intelligent vehicle control system requires real-time information that is valid only within a specified time window.
- Compliance: Information, services, and systems should conform to legal, regulatory, and standards requirements.
- Fairness: Related parties in a network information system should be treated equally when handling tasks, with no party holding an unfair advantage.
- Reliability: The system should perform its intended functions correctly under specified conditions and time periods.
- Survivability: When security is compromised, the system should still provide minimal and necessary services to support continued operation of critical business functions.
- Privacy: Sensitive personal information should not be disclosed publicly, such as identity numbers, addresses, phone numbers, income, medical status, and social relationships.
Common Types of Network Attacks
Network attacks threaten these security attributes. Common attack types include:
- Information disclosure attacks
- Integrity compromise attacks
- Denial-of-service attacks
- Unauthorized use attacks
