Term
|
Definition
| ISO Standard that outlines the specifications of system architectures |
|
|
Term
|
Definition
| A formal description & representation of a syste,. the components that make it up, the interactions & |
|
|
Term
|
Definition
| Updated version of ISO/IEC 42010:2007 |
|
|
Term
|
Definition
| Fundamental organization of a system embodied in its components , their relationships to eachother and to the enviornment |
|
|
Term
| Architectural description |
|
Definition
| collection of document types to convey an architecture in a formal manner |
|
|
Term
|
Definition
| individual, team, or organization with interests in, or concerns relative to a system |
|
|
Term
|
Definition
| representation of a whole system from the perspective of a related set of concerns |
|
|
Term
|
Definition
|
|
Term
|
Definition
| all the parts of the computer system that are necessary for it to function including the OS etc etc. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| a temporary storage location |
|
|
Term
| arithmetic logic unit (ALU) |
|
Definition
| performs mathematical functions and logical operations on data |
|
|
Term
|
Definition
| manages and synchronizes the system while different applications code and OS system instructions are being executed |
|
|
Term
|
Definition
| hold variables and temporary results as the ALU works through execution steps |
|
|
Term
special registers
(dedicated registers) |
|
Definition
| hold information such as the program counter, stack pointer, and program status word. |
|
|
Term
|
Definition
| a register that contains the memory address of the instruction to be fetched |
|
|
Term
|
Definition
| holds different condition bits |
|
|
Term
|
Definition
| a hardwired connection to the RAM chips and the individual IO devices |
|
|
Term
|
Definition
| a mode when the processors are handed work as needed |
|
|
Term
|
Definition
| a mode when a processor is in a dedicated state |
|
|
Term
|
Definition
| International standard that provides guidelines on how to create and maintain system architectures |
|
|
Term
|
Definition
| A program loaded in memory within an operating system |
|
|
Term
|
Definition
| interleaved execution of more than one program |
|
|
Term
|
Definition
| simultaneous execution of more than one program or task by an OS |
|
|
Term
|
Definition
| multitasking scheme used by older systems to allow for computer resource time slicing |
|
|
Term
|
Definition
| multitasking scheduling scheme used by NEWER OS to allow for computer resource slicing. Used in newer, more stable OS |
|
|
Term
process states
(ready, running, blocked) |
|
Definition
processes can be in various activity levels
Read- waiting for input
Running- instruction being run
Blocked- process suspended |
|
|
Term
|
Definition
| values assigned to computer components to allow for efficient computer resource time slicing |
|
|
Term
|
Definition
| interrupt value assigned to a noncritical OS activity |
|
|
Term
|
Definition
| interrupt value assigned to a critical OS activity |
|
|
Term
|
Definition
| application that can carry out multiple activities simultaneously by generating different instruction sets |
|
|
Term
|
Definition
| two processes cannot complete their activities because they are both waiting for system resources to be released |
|
|
Term
|
Definition
| protection mechanism provided by OS that can be implemented as encapsulation |
|
|
Term
|
Definition
| a set of subroutines that are shared by different applications and OS processes |
|
|
Term
|
Definition
| beginning of address space assigned to a process. Ensures a process does not make a request outside its assigned memory boundary |
|
|
Term
|
Definition
| ending of address space assigned to a process |
|
|
Term
|
Definition
| physically mapping software to individual memory segments |
|
|
Term
|
Definition
| fast and expensive memory type used by CPU to increase reading and writing |
|
|
Term
|
Definition
| hardware addresses used by the cpu |
|
|
Term
|
Definition
| indirect addressing used by proceses within an OS. Memory manager carries this out |
|
|
Term
|
Definition
| memory construct that is made up of individually addressable buffers. This is also how process communication takes place |
|
|
Term
|
Definition
| too much data is put into the buffers. Common attack vector used by hackers to run malicious code |
|
|
Term
|
Definition
| address space layout randomization |
|
|
Term
|
Definition
| memory protection mechanism used by some OSs. addresses used by components or a process are randomize to make it harder for attachers |
|
|
Term
| data execution prevention |
|
Definition
(DEP)
memory protection mechanism used by some OS. Mem Segments may be marked nonexecutable so that they cannot be misused |
|
|
Term
|
Definition
| a tool that marks unused memory segments as usable to ensure that an OS does not run out of memory |
|
|
Term
|
Definition
| combination of main memory (RAM) and secondary memory within an OS |
|
|
Term
|
Definition
| software or hardware signal that indicates that system resources are needed for instruction processing |
|
|
Term
|
Definition
| set of operations and commands that can be implemented by a particular CPU |
|
|
Term
|
Definition
| specific design of a microprocessor which includes physical components. |
|
|
Term
| application programming interface |
|
Definition
| software interface that enables process-to-process interaction. A common way to provide access to standard routines to a set of software programs |
|
|
Term
| application programming interface |
|
Definition
| software interface that enables process-to-process interaction. A common way to provide access to standard routines to a set of software programs |
|
|
Term
| monolithic operating system architecture |
|
Definition
| all the code of an OS working in kernel mode in an adhoc or non modularized manner. |
|
|
Term
|
Definition
| use of segregation in design decisions to protect software components from negatively interacting with eachother. |
|
|
Term
|
Definition
| reduced amount of code running in kernel mode carrying out critical OS functionality |
|
|
Term
| hybrid microkernel architecture |
|
Definition
| combination of monolithic and microkernel architectures. |
|
|
Term
|
Definition
| when the CPU has to change from processing code in user mode to kernel mode. A protection measure that causes a performance hit. |
|
|
Term
|
Definition
| creation of simulated enviornments that allow for central control and scalability |
|
|
Term
|
Definition
| central program used to manage virtual machines (guests) within a simulated enviornment (host) |
|
|
Term
|
Definition
| a strategic tool used to dictate how sensitive information and resources are to be managed and protected. |
|
|
Term
|
Definition
| a collection of all the hardware, software, and firmware components within a system that provide security and enforce security policy. |
|
|
Term
|
Definition
| trustworthy software channel that is used for communication between two processes that cannot be circumvented. |
|
|
Term
|
Definition
| mechanism used to delineate between the components within and outside of the trusted computing base. |
|
|
Term
|
Definition
| concept that defines a set of design requirements of a reference validation mechanism. |
|
|
Term
|
Definition
| hardware, software and firmware components that fall within the TCB and implement and enforce the reference monitor concept. |
|
|
Term
| multilevel security policies |
|
Definition
| Policies that outline how a system can simultaneously process information at different classifications for users with different clearance levels |
|
|
Term
|
Definition
| first mathematical model of a multilevel security policy that defines the concept of a secure state and necessary modes of access. |
|
|
Term
|
Definition
| a model that also ensures that information only flows in a manner that does not violate the system policy and is confidentiality focused. |
|
|
Term
|
Definition
Bell Model Rule
Subject cannot read data at a higher security level
NO READ UP |
|
|
Term
|
Definition
Bell Model
A subject cannot write to an object at a lower security level
NO WRITE DOWN |
|
|
Term
| strong star property rule |
|
Definition
Bell Model
Subject can perform read and write functions only to the objects at its same security level |
|
|
Term
|
Definition
| a formal state transition model that describes a set of access control rules designed to ensure data integrity |
|
|
Term
|
Definition
biba model
subject cannot read data at a lower integrity level
NO READ DOWN |
|
|
Term
|
Definition
bell model
a subject cannot modify an object in a higher integrity level
NO WRITE UP |
|
|
Term
|
Definition
| integrity model implemented to protect the integrity of data and ensures properly formatted transactions take place. has 3 goals of integrity |
|
|
Term
|
Definition
clark wilson rule
subjects can access objects only through authorized programs (access triple) |
|
|
Term
|
Definition
clark wilson model
separation of duties is enforced |
|
|
Term
|
Definition
clark wilson model
auditing is required |
|
|
Term
|
Definition
| model in which information is restricted in its flow to only go to and from entities in a way that does not negate or violate the security policy |
|
|
Term
|
Definition
| A formal multi-level security model that states the commands and activities performed at one security level should not be seen by, or affect, subjects or objects at a different security level. |
|
|
Term
|
Definition
| security model that allows for dynamically changing access controls that protect against conflicts of interest. Also known as the chinese wall model |
|
|
Term
|
Definition
| a security model that shows how subjects and objects should be created and deleted. Also addresses how to assign specific access rights. |
|
|
Term
| harrison-ruzzo-ullman model |
|
Definition
| security model that shows how a finite set of procedures can be available to edit the access rights of a subject. |
|
|
Term
| assurance evaluation criteria |
|
Definition
| a checklist and process of examining the security relevant parts of a system and assigning the system an assurance rating. |
|
|
Term
|
Definition
| Trusted Computer System Evaluation Criteria |
|
|
Term
|
Definition
| Also know as the Orange Book |
|
|
Term
|
Definition
| US DOD standard used to asses the effectiveness of the security controls built into a system. Replaced by the common criteria |
|
|
Term
|
Definition
| information technology security evaluation criteria |
|
|
Term
|
Definition
| european standard used to assess the effectiveness of security controls built into a system from functional and assurance perspectives. |
|
|
Term
|
Definition
| international standard used to assess the effectiveness of the security controls built into a system from functional and assurance perspectives |
|
|
Term
|
Definition
| a technical evaluation of the security components and their compliance to a predefined security policy for the purpose of accreditation. |
|
|
Term
|
Definition
| the formal acceptance of the adequacy of a system's overall security by management. |
|
|
Term
|
Definition
| A system design that is built upon accepted standards to allow for interoperability |
|
|
Term
|
Definition
| a system type that is built upon proprietary procedures, which inhibit interoperability capabilities. |
|
|
Term
|
Definition
| Code within software that provides a back door entry capability |
|
|
Term
|
Definition
|
|
Term
|
Definition
| when an attacker manipulates the "condition check" step and the "use" step within software to allow for unauthorized activity. |
|
|
Term
|
Definition
| When two or more processes attempt to carry out their activity on one resource at the same time. Unexpected behavior can be expected. |
|
|
Term
|
Definition
| a model that provides an upper bound and a lower bound of authorized access for subjects |
|
|
Term
|
Definition
| uses protection profiles, security targets and ratings (EAL1 to EAL7) |
|
|
Term
|
Definition
| combines sections of TCSEC, ITSEC, CTCPEC and the Federal Criteria |
|
|
Term
|
Definition
| Evaluates the assurance and functionality of a system's protection mechanism seperately. |
|
|
Term
|
Definition
| Evaluates assurance and functionality of a system and places them within one rating. |
|
|
Term
|
Definition
| Security Model used mainly in military and govt. oriented systems. |
|
|
Term
|
Definition
| 2 Security models that are used mainly in the commercial sector |
|
|
Term
|
Definition
| The final step in authorizing a system for use in an environment |
|
|
Term
|
Definition
| a feature that enables code to be executed without the usual security checks |
|
|
Term
|
Definition
| The ITSEC was developed for |
|
|
Term
|
Definition
| a channel that enables a process to write data to a storage medium so another process can read it. |
|
|
Term
|
Definition
| a channel that enables a process to relay information to another process by modulating its use of system resources. |
|
|
Term
|
Definition
| International standard that is used as the basis for the evaluation of security properties of products under the CC framework. |
|
|
Term
|
Definition
| Ensures that multiple processes can run concurrently and the processes will not interfere with eachother |
|
|
Term
|
Definition
| Security model that address the first goal of integrity- which is to prevent unauthorized users from making modifications. |
|
|
Term
|
Definition
security model that addresses all 3 integrity goals:
1. Prevent unauthorized users from making mods.
2. Prevent authorized users from making improper mods.
3.Maintain internal and external consistency. |
|
|
Term
|
Definition
| Process of copying an entire process to or from disk |
|
|
Term
|
Definition
| expensive and fast memory that uses small latches called "Flip-Flops" to store bits. |
|
|
Term
| dynamic random access memory DRAM |
|
Definition
| Memory that stores bits in small capacitors and is slower and cheaper |
|
|
Term
|
Definition
| A method that hides unnecessary details from a user |
|
|
Term
|
Definition
| CPU visual design that connects the CPU to RAM and Video Controller |
|
|
Term
|
Definition
| visual CPU design that connects Input/Output devices directly to CPU. slower |
|
|
Term
| Transparent Virtualization |
|
Definition
"Full Virtualization"
Runs stock OS like windows and Ubuntu Linux. No changes to the guest OS are required. |
|
|
Term
|
Definition
| Virtualization that runs specially modified OS with modified Kernel system calls. |
|
|
Term
|
Definition
| A more efficient virtualization option |
|
|
Term
|
Definition
Infrastructure as a service
cloud service
Linux server hosting |
|
|
Term
|
Definition
platform as a service
cloud computing
webservice hosting |
|
|
Term
|
Definition
software as a service
cloud computing
webmail |
|
|
Term
|
Definition
| Type of virus written in macro language(ms office or excel) |
|
|
Term
|
Definition
| virus that infects the boot sector of a pc. ensures that the virus loads at startup |
|
|
Term
|
Definition
| virus that hides itself from the OS and other protective software such as an antivirus software. |
|
|
Term
|
Definition
virus that changes its signature upon infection of a new system.
evades signature based antivirus software. |
|
|
Term
|
Definition
| virus that spreads via multiple sectors, also called multipart. |
|
|
Term
|
Definition
common criteria level
functionally tested |
|
|
Term
|
Definition
common criteria
structurally tested |
|
|
Term
|
Definition
common criteria
methodically tested and checked |
|
|
Term
|
Definition
common criteria
methodically designed, tested, and reviewed |
|
|
Term
|
Definition
common criteria
semiformally designed and tested |
|
|
Term
|
Definition
common criteria
semiformally verified design and tested |
|
|
Term
|
Definition
common criteria
formally verified design and tested |
|
|
Term
verified protection
mandatory protection
discretionary protection
minimal security |
|
Definition
|
|
