ABSTRACT
To understand these requirements, consider the example of Internet banking. Many of us do electronic bank transactions through secure channels from the computer at our homes. Confidentiality requires that your transactions should not be visible to outsiders even if the communications take place through public networks. Integrity requires that no one should be able to tamper with your account balance by any means whatsoever. Authentication requires the system to verify you are what you claim to be and only allow you and nobody else to access your account. Authorization requires the system to allow you to carry out those actions for which you have permissions. For example, you can transact money from your savings account, but cannot modify the interest rate. Nonrepudiation is a form of accountability that guarantees that if you indeed performed some transactions on your account (e.g., withdrew a large sum of money on a certain date), you should not be able to say later: “I did not do it.” is is important for settling disputes. Finally, availability guarantees that when you need to access the account (say for paying a bill by a certain deadline), the system should be available. A secure system is useless, if it is not available.
