User Tools

Site Tools


Sidebar

Welcome to DIDO WIKI

dido:public:ra:1.4_req:2_nonfunc:25_security:nonrepudiability

4.3.4.3 Non-Repudiation

About

Non-Repudiation 1) means that it is not possible to repudiate (i.e., deny) that an action has been taken. For example, the signed contract witnessed by two people could not be repudiated. In other words, the contract now has Non-Repudiation.

Non-Repudiation is about providing assurance using evidence that an action has been done. For example, a data sender is provided evidence (i.e., proof) of delivery while the receiver is provided evidence (i.e., proof) of the sender's identity. As a consequence, neither the sender or the receiver can deny having processed the data.

Non-Repudiation applies to more than just sending data between two parties. It can be applied to any action or activity. For example, by digitally signing an email, the receiver has evidence (i.e., proof) that the email is from the entity that signed the email. In other words, it is not possible to repudiate that the email came from the entity that digitally signed the email. Another example is the use of identities in configuration management systems. The change (i.e., transformation) was recorded in a log along with the identity of the individual that made the change. In this way, all changes made to the configuration have Non-Repudiation.2)

There is a lot of overlap in Non-Repudiation and Access Control. During access to a controlled resource, the identity of the entity trying to access the resource is verified against an Access Control List (ACL). When access is allowed or denied, an entry is made into a log. Once the entry is made, the access has Non-Repudiation. In other words, once an Access Control Function is executed, there is generally sufficient evidence to for Non-Repudiation of access to the controlled resource.

DIDO Specifics

Return to Top

To be added/expanded in future revisions of the DIDO RA
1)
Non-Repudiation, Computer Security Resource Center (CSRC) Accessed 14 August 2020, https://csrc.nist.gov/glossary/term/non_repudiation
2)
Evan Wheeler, Security Risk Management, 2011, Accessed 14 August 2020, https://www.sciencedirect.com/science/article/pii/B9781597496155000074
dido/public/ra/1.4_req/2_nonfunc/25_security/nonrepudiability.txt · Last modified: 2021/07/30 12:23 by murphy
Translations of this page: