Term
|
Definition
| The concealment of information or resources. |
|
|
Term
|
Definition
| Controls access to the unscrambled data, but also requires protection |
|
|
Term
|
Definition
| The trustworthiness of data or resources, and it's usually phrased in terms of preventing improper or unauthorized change. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Seek to maintain integrity of the data by blocking any unauthorized attempts to change the data or any attempts to change the data in unauthorized ways. |
|
|
Term
|
Definition
| Simply report that the data's integrity is no longer trustworthy. |
|
|
Term
|
Definition
| The ability to use the info or resource desired. |
|
|
Term
| Denial of service attacks |
|
Definition
| Attempts to block availability. Difficult to detect. |
|
|
Term
|
Definition
| A potential violation of security . |
|
|
Term
|
Definition
| Unauthorized access to information. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Interruption or prevention of correct operation |
|
|
Term
|
Definition
| Unauthorized control of some part of the system. |
|
|
Term
|
Definition
| Unauthorized interception of information. Type of disclosure. |
|
|
Term
| Wiretapping/passive wiretapping |
|
Definition
| A form of snooping in which a network is monitored. |
|
|
Term
|
Definition
| Unauthorized change of information. Can be deception, disruption or usurpation. |
|
|
Term
| Active wiretapping(not snooping) |
|
Definition
| A form of modification in which data moving across a network is altered. Ex: man-in-the-middle attack. |
|
|
Term
|
Definition
| An impersonation of one entity by another. Both deception and usurpation. |
|
|
Term
|
Definition
| when one entity authorizes another (2nd) entity to perform functions on its behalf. |
|
|
Term
|
Definition
| A false denial that an entity sent(or created) something. Type of deception. |
|
|
Term
|
Definition
| A false denial that an entity received some information or message. Type of deception. |
|
|
Term
|
Definition
| A long-term of inhibition of service. Type of usurpation with elements of deception. |
|
|
Term
|
Definition
| A statement of what is, and what is not, allowed. |
|
|
Term
|
Definition
| A method, tool, or procedure for enforcing a security policy. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Indicate the effectiveness of preventative measures, along with notifying user when preventative measures fail. |
|
|
Term
|
Definition
| A basis for determining "how much" to trust a system. |
|
|
Term
|
Definition
| A statement of the desired functioning of the system |
|
|
Term
|
Definition
| Translates a system's specifications into components that will implement them. |
|
|
Term
|
Definition
| Creates a system that satisfies the design. |
|
|
Term
|
Definition
| It's legal to have passwords be social security #s, but unacceptable. |
|
|
Term
|
Definition
| People who have some motive to attack an organization and are not authorized to use that organization's systems. |
|
|
Term
|
Definition
| Those that are authorized to use the computers. |
|
|
Term
|
Definition
| A statement that partitions the states of the system into a set of authorized, or secure, states and a set of unauthorized, or non-secure, states. |
|
|
Term
|
Definition
| A system that starts in an authorized state and cannot enter an unauthorized state. |
|
|
Term
|
Definition
| Occurs when a system enters an unauthorized state. |
|
|
Term
|
Definition
| If X is a set of entities and I is some info, then I has the property of confidentiality with respect to X if no member of X can obtain info about I. |
|
|
Term
|
Definition
| The illicit transmission of information without leakage of rights. |
|
|
Term
|
Definition
| No one single entity alone can complete a transaction. Takes multiple persons. Included in the integrity policy. |
|
|
Term
|
Definition
| An entity or procedure that enforces some part of the security policy. |
|
|
Term
|
Definition
| A model that represents a particular policy or set of policies. |
|
|
Term
| Military security policy/gov't security policy |
|
Definition
| A security policy developed primarily to provide confidentiality. |
|
|
Term
| Commercial security policy |
|
Definition
| A security policy developed primarily to provide integrity. |
|
|
Term
| Transaction-oriented integrity security policies |
|
Definition
| Integrity policies that use the notion of a transaction like database specifications, and require that any actions taken leave the database in a consistent state. |
|
|
Term
|
Definition
| A security policy dealing only with confidentiality. |
|
|
Term
|
Definition
| A security policy dealing only with integrity |
|
|
Term
| Discretionary access control(DAC)/Identity-based access control(IBAC) |
|
Definition
| The mechanism that if an individual user can set an access control mechanism to allow or deny access to an object. |
|
|
Term
| Mandatory access control(MAC)/Rule-based access control |
|
Definition
| The control as when a system mechanism controls access to an object and an individual user cannot alter that access. |
|
|
Term
| Originator controlled access control |
|
Definition
| Bases access on the creator of an object(or info it contains). |
|
|
Term
|
Definition
| A language for representing a security policy |
|
|
Term
|
Definition
| A set of objects to which a particular access constraint may be applied. |
|
|
Term
|
Definition
| The set of ways in which an operation can be invoked. |
|
|
Term
|
Definition
| Occurs when a subject "s" creates an instance of a class "c", and is written "s-|c". |
|
|
Term
|
Definition
| Occurs when a subject S1 executes an object S2(which becomes a subject, because it's active) and is written "S1|->S2". |
|
|
Term
|
Definition
| Controls access between d_user and d_admin. |
|
|
Term
|
Definition
| The art and science of concealing meaning. |
|
|
Term
|
Definition
| Added to each security classification to describe the kinds of information. |
|
|
Term
|
Definition
| A&A database stores explicit labels as parts of the object's attributes. |
|
|
Term
|
Definition
| A set of labels expressed by a lower bound and an upper bound. |
|
|
Term
|
Definition
| A request and decision that moves that system from one state to another. |
|
|
Term
|
Definition
| If a rule is ssc-preserving, *-property-preserving, and ds-property-preserving. |
|
|
Term
|
Definition
| States that subjects and objects may not change their security levels once they have been instantiated. |
|
|
Term
|
Definition
| Subjects that will remove all sensitive info from the HIGH object before its classification is charged to LOW. |
|
|
Term
| Principle of strong tranquility |
|
Definition
| States that security levels do not change during the lifetime of the system. |
|
|
Term
| Principle of weak tranquility |
|
Definition
| States that security levels don't change in a way that violates that rules of a given security policy. |
|
|
Term
|
Definition
| An integer "n">1 or 0 that has only 1 and itself as divisors. |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Marker that uniquely identifies a file. |
|
|
Term
|
Definition
| Describe the locations of files with respect to the root of the UNIX file hierarchy. |
|
|
Term
|
Definition
| Describe the locations of files with respect to the director, in which the current process is executing. |
|
|
Term
| Uniform Resource Locator(URL) |
|
Definition
| Identifies an object by specifying its location and the protocol needed to access it. |
|
|
Term
|
Definition
| A identity tied to a single entity. |
|
|
Term
|
Definition
| Programs that create processes with the effective UID being that of the owner of the program rather than that of the user executing the program. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| A type of group that ties membership to a group when they log in |
|
|
Term
|
Definition
| Describes the unique entities required to identify the unique entity to whom the certificate is to be issued. |
|
|
Term
|
Definition
| Describes the principals to whom the CA will issue certificates. |
|
|
Term
| Policy certification authorities(PCAs) |
|
Definition
| Declared by the Internet Policy Registration Authority(IPAA) that all other CAs are subordinate to these |
|
|
Term
|
Definition
| A program that simulates the hardware of a(possibly abstract) computer system. |
|
|
Term
|
Definition
| A special operating system for virtual machines. |
|
|
Term
|
Definition
| An environment in which the actions of a process are restricted according to a security policy. |
|
|
Term
|
Definition
| Uses an attribute of the shared resource. |
|
|
Term
|
Definition
| Uses a temporal or ordering relationship among accesses to a shared resource. |
|
|
Term
|
Definition
| A covert channel that uses a resource available to the sender and receiver only. |
|
|
Term
|
Definition
| A covert channel that uses a resource available to subjects other than the sender and receiver, as well as to the sender and receiver. |
|
|
Term
|
Definition
| Defines and controls threats and vulnerabilities as well as implements risk reduction. |
|
|
Term
|
Definition
| Determines what the risks are |
|
|
Term
|
Definition
| Evaluating alternative for mitigating risk |
|
|
Term
|
Definition
| Presenting this material in an understandable way to decision makers and/or users. |
|
|
Term
|
Definition
| Set of circumstances that has the potential to cause harm/loss. They are also attacks against key security services, and can trigger vulnerabilities. |
|
|
Term
|
Definition
| Flaw or weakness in a system that can be exploited to violate system integrity |
|
|
Term
| Baseline Approach to Risk Analysis |
|
Definition
| Low overhead for analysis, but could result in practices not appropriate for your organization. |
|
|
Term
|
Definition
| Bring an expert to examine, but not follow format process |
|
|
Term
|
Definition
| Follow formal process with high overhead but catches most vulnerabilities. Most often used. |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Opponent whose goal is to break cryptosystem. |
|
|
Term
|
Definition
| 1-gram frequencies that match English frequencies, but other n-gram frequencies do not...Rearranged to form n-grams with highest frequencies. |
|
|
Term
|
Definition
| Change characters in plaintext to produce ciphertext(i.e. Caesar shift). |
|
|
Term
|
Definition
| Where a change of one input or key bit results in changing approximately half of the output bits. It is a desirable property of an encryption algorithm, and DES exhibits strong avalanche. |
|
|
Term
|
Definition
| Structured to enable use of some S-box and P-box for encryption and decryption. Changes only the key schedule. |
|
|
Term
|
Definition
| Created in 200 by Rijndael, it has a 20-30 year lifespan, and uses iterative rather than Feistel cipher. It also has 9, 11, or 13 rounds in which state undergoes byte substitution, shift rows, mix columns, and adding round keys. |
|
|
Term
|
Definition
| A finite set of elements "S", with operations + and * that satisfy certain properties: commutative and distributive laws. |
|
|
Term
|
Definition
| For any prime "p", there's a unique field with p^n elements. We are interested in GF(2^theta). |
|
|
Term
|
Definition
| If one block of ciphertext is altered, the error propagates for at most two blocks. |
|
|
Term
|
Definition
| Period 10^10, variable length key from 1 to 256, byte based operations, and very efficient. |
|
|
Term
|
Definition
| Mathematical function to generate a set of "k" bits from a set of "n" bits(where k<=n). |
|
|
Term
|
Definition
| Probability that 2 people share the same birthday. |
|
|
Term
|
Definition
| Keyless crypto hashes. 128 bits, only good for 2^64 bit outcome. |
|
|
Term
|
Definition
| Keyless crypto hashes containing 160 bits put forth by NIST and broken by Chinese researchers. |
|
|
Term
|
Definition
| Crypto hash and proof of message integrity. Relies on keys to ensure integrity. |
|
|
Term
|
Definition
| Make keyed cryptographic checksums from keyless cryptographic checksums. |
|
|
