< draft-shirey-secgloss-v2-02.txt   draft-shirey-secgloss-v2-03.txt >
INTERNET-DRAFT R. W. Shirey INTERNET-DRAFT R. W. Shirey
Obsoletes: RFC 2828, FYI 36 BBN Technologies Obsoletes: RFC 2828, FYI 36 BBN Technologies
Expiration Date: 10 May 2006 10 November 2005 Expiration Date: 14 August 2006 14 February 2006
Internet Security Glossary, Version 2 Internet Security Glossary, Version 2
<draft-shirey-secgloss-v2-02.txt> <draft-shirey-secgloss-v2-03.txt>
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than a "work in progress." material or to cite them other than a "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html http://www.ietf.org/1id-abstracts.html.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html" http://www.ietf.org/shadow.html
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). All Rights Reserved. Copyright (C) The Internet Society (2006). All Rights Reserved.
Abstract Abstract
This Glossary provides definitions, abbreviations, and explanations This Glossary provides definitions, abbreviations, and explanations
of terminology for information system security. The 291 pages of of terminology for information system security. The 297 pages of
listings offer recommendations to improve the clarity of Internet entries offer recommendations to improve the clarity of Internet
Standards documents (ISDs) and to make them more easily understood by Standards documents (ISDs) and to make them more easily understood by
international readers. The recommendations follow the principles that international readers. The recommendations follow the principles that
ISDs should (a) use the same term or definition whenever the same ISDs should (a) use the same term or definition whenever the same
concept is mentioned; (b) use terms in their plainest, dictionary concept is mentioned; (b) use terms in their plainest, dictionary
sense; (c) use terms that are already well-established in open sense; (c) use terms that are already well-established in open
publications; and (d) avoid terms that are proprietary, favor a publications; and (d) avoid terms that are proprietary, favor a
particular vendor, or create a bias toward a particular technology or particular vendor, or create a bias toward a particular technology or
mechanism versus other, competing techniques that already exist or mechanism versus other, competing techniques that already exist or
might be developed. might be developed.
skipping to change at page 3, line 26 skipping to change at page 2, line 31
2.6 Cross-References . . . . . . . . . . . . . . . . . . . . . 5 2.6 Cross-References . . . . . . . . . . . . . . . . . . . . . 5
2.7 Trademarks . . . . . . . . . . . . . . . . . . . . . . . . 6 2.7 Trademarks . . . . . . . . . . . . . . . . . . . . . . . . 6
2.8 The New Punctuation . . . . . . . . . . . . . . . . . . . 6 2.8 The New Punctuation . . . . . . . . . . . . . . . . . . . 6
3. Types of Entries . . . . . . . . . . . . . . . . . . . . . . . 6 3. Types of Entries . . . . . . . . . . . . . . . . . . . . . . . 6
3.1 Type "I": Recommended Definitions of Internet Origin . . . 6 3.1 Type "I": Recommended Definitions of Internet Origin . . . 6
3.2 Type "N": Recommended Definitions of Non-Internet Origin . 7 3.2 Type "N": Recommended Definitions of Non-Internet Origin . 7
3.3 Type "O": Other Terms and Definitions to be Noted . . . . 7 3.3 Type "O": Other Terms and Definitions to be Noted . . . . 7
3.4 Type "D": Deprecated Terms and Definitions . . . . . . . . 7 3.4 Type "D": Deprecated Terms and Definitions . . . . . . . . 7
3.5 Definition Substitutions . . . . . . . . . . . . . . . . . 8 3.5 Definition Substitutions . . . . . . . . . . . . . . . . . 8
4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 9 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 9
5. Informative References . . . . . . . . . . . . . . . . . . . . 300 5. Informative References . . . . . . . . . . . . . . . . . . . . 306
6. Security Considerations and IANA Considertions . . . . . . . . 319 6. Security Considerations and IANA Considertions . . . . . . . . 325
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 319 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 325
8. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 319 8. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 325
9. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 319 9. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 325
1. Introduction 1. Introduction
This Glossary provides an internally consistent and self-contained This Glossary provides an internally consistent and self-contained
set of terms, abbreviations, and definitions -- supported by set of terms, abbreviations, and definitions -- supported by
explanations, recommendations, and references -- for terminology that explanations, recommendations, and references -- for terminology that
concerns information system security. The intent of this Glossary is concerns information system security. The intent of this Glossary is
to improve the comprehensibility of Internet Standards documents to improve the comprehensibility of Internet Standards documents
(ISDs) -- i.e., RFCs, Internet-Drafts, and other material produced as (ISDs) -- i.e., RFCs, Internet-Drafts, and other material produced as
part of the Internet Standards Process (RFC 2026) -- and other part of the Internet Standards Process (RFC 2026) -- and other
Internet-related discourse. A few non-security, networking terms are Internet-related discourse. A few non-security, networking terms are
included to make the Glossary self-contained, but more complete included to make the Glossary self-contained, but more complete
glossaries of networking terms are available elsewhere [A1523, F1037, glossaries of such terms are available elsewhere [A1523, F1037,
R1208, R1983]. R1208, R1983].
This Glossary supports the goals of the Internet Standards Process: This Glossary supports the goals of the Internet Standards Process:
o Clear, Concise, Easily Understood Documentation o Clear, Concise, Easily Understood Documentation
This Glossary seeks to improve comprehensibility of security- This Glossary seeks to improve comprehensibility of security-
related content of ISDs. That requires wording to be clear and related content of ISDs. That requires wording to be clear and
understandable, and requires the set of security-related terms and understandable, and requires the set of security-related terms and
definitions to be consistent and self-supporting. Also, definitions to be consistent and self-supporting. Also,
skipping to change at page 4, line 46 skipping to change at page 3, line 46
Just as Internet Standard (STD) protocols should operate Just as Internet Standard (STD) protocols should operate
effectively, ISDs should use terminology accurately, precisely, effectively, ISDs should use terminology accurately, precisely,
and unambiguously to enable standards to be implemented correctly. and unambiguously to enable standards to be implemented correctly.
o Prior Implementation and Testing o Prior Implementation and Testing
Just as STD protocols require demonstrated experience and Just as STD protocols require demonstrated experience and
stability before adoption, ISDs need to use well-established stability before adoption, ISDs need to use well-established
language. Using terms in their plainest, dictionary sense (when language. Using terms in their plainest, dictionary sense (when
appropriate) helps to ensure international understanding. ISDs appropriate) helps to ensure international understanding. ISDs
need to avoid using private, made-up terms in place of generally need to avoid using private, newly invented terms in place of
accepted terms from open publications. ISDs need to avoid generally accepted terms from open publications. ISDs need to
substituting new definitions that conflict with established ones. avoid substituting new definitions that conflict with established
ISDs need to avoid using "cute" synonyms (e.g., see: Green Book), ones. ISDs need to avoid using "cute" synonyms (e.g., "Green
because no matter how popular a nickname may be in one community, Book"), because no matter how popular a nickname may be in one
it is likely to cause confusion in another. community, it is likely to cause confusion in another.
o Openness, Fairness, and Timeliness o Openness, Fairness, and Timeliness
ISDs need to avoid terms that are proprietary or otherwise favor a ISDs need to avoid terms that are proprietary or otherwise favor a
particular vendor, or that create a bias toward a particular particular vendor, or that create a bias toward a particular
security technology or mechanism over other, competing techniques security technology or mechanism over other, competing techniques
that already exist or might be developed in the future. The set of that already exist or might be developed in the future. The set of
terminology used across the set of ISDs needs to be flexible and terminology used across the set of ISDs needs to be flexible and
adaptable as the state of Internet security art evolves. adaptable as the state of Internet security art evolves.
In support of those goals, this Glossary provides guidance by marking In support of those goals, this Glossary provides guidance by marking
terms and definitions as being either endorsed or deprecated for use terms and definitions as being either endorsed or deprecated for use
in ISDs. The key words "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", in ISDs. The key words "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" are intended to be interpreted the same way as in an and "OPTIONAL" are intended to be interpreted the same way as in an
Internet Standard (i.e., as specified in RFC 2119). Other glossaries Internet Standard (i.e., as specified in RFC 2119). Other glossaries
(e.g., [Raym]) list additional terms that deal with Internet security (e.g., [Raym]) list additional terms that deal with Internet security
but have not been included in this Glossary because they are not but have not been included in this Glossary because they are not
appropriate for ISDs. appropriate for ISDs.
This Glossary is not an Internet standard, and its guidance This Glossary is not an Internet Standard, and its guidance
represents only the recommendations of this author. However, this represents only the recommendations of this author. However, this
Glossary provides reasons for its recommendations -- particularly for Glossary provides reasons for its recommendations -- particularly for
the SHOULD NOTs -- so that readers can judge for themselves whether the SHOULD NOTs -- so that readers can judge for themselves whether
to follow the guidance. to follow the guidance.
2. Format of Entries 2. Format of Entries
Section 4 presents Glossary entries in the following manner: Section 4 presents Glossary entries in the following manner:
2.1 Order of Entries 2.1 Order of Entries
Entries are sorted in lexicographic order, without regard to Entries are sorted in lexicographic order, without regard to
capitalization. Numeric digits are treated as preceding alphabetic capitalization. Numeric digits are treated as preceding alphabetic
characters; special characters are treated as preceding digits; characters, and special characters are treated as preceding
blanks are treated as preceding all other characters; and a hyphen digits. Blanks are treated as preceding non-blank characters,
or slash between two parts of an entry is treated like a blank. except that a hyphen or slash between the parts of a multiword
entry (e.g., "RED/BLACK separation") is treated like a blank.
If an entry has multiple definitions (e.g., "domain"), they are If an entry has multiple definitions (e.g., "domain"), they are
numbered beginning with "1", and any of those multiple definitions numbered beginning with "1", and any of those multiple definitions
that are RECOMMENDED for use in ISDs are presented before other that are RECOMMENDED for use in ISDs are presented before other
definitions for that entry. If definitions are closely related definitions for that entry. If definitions are closely related
(e.g., "threat"), they are denoted by adding letters to a number, (e.g., "threat"), they are denoted by adding letters to a number,
such as "1a" and "1b". such as "1a" and "1b".
2.2 Capitalization and Abbreviations 2.2 Capitalization and Abbreviations
skipping to change at page 6, line 29 skipping to change at page 5, line 29
- "O" for a term or definition that is NOT recommended for use in - "O" for a term or definition that is NOT recommended for use in
ISDs but is something that authors of Internet documents should ISDs but is something that authors of Internet documents should
know about. know about.
- "D" for a term or definition that is deprecated and SHOULD NOT - "D" for a term or definition that is deprecated and SHOULD NOT
be used in Internet documents. be used in Internet documents.
If a definition is valid only in a specific context (e.g., If a definition is valid only in a specific context (e.g.,
"baggage"), that context is shown immediately following the "baggage"), that context is shown immediately following the
definition type and is enclosed by a pair of slash symbols (/). If definition type and is enclosed by a pair of slash symbols (/). If
the definition is valid only for specific parts of speech, that is the definition is valid only for specific parts of speech, that is
shown in the same way (e.g., "archive). shown in the same way (e.g., "archive").
2.5 Explanatory Notes 2.5 Explanatory Notes
Some entries have explanatory text that is introduced by one or Some entries have explanatory text that is introduced by one or
more of the following keywords: more of the following keywords:
- Deprecated Abbreviation (e.g., "EE", "H field", "W3") - Deprecated Abbreviation (e.g., "EE", "H field", "W3")
- Deprecated Definition (e.g., "digital certification") - Deprecated Definition (e.g., "digital certification")
- Deprecated Usage (e.g., "authenticate") - Deprecated Usage (e.g., "authenticate")
- Deprecated Term (e.g., "certificate authority") - Deprecated Term (e.g., "certificate authority")
- Pronunciation (e.g., "*-property") - Pronunciation (e.g., "*-property")
skipping to change at page 6, line 52 skipping to change at page 5, line 52
- Example (e.g., "back door") - Example (e.g., "back door")
- Usage (e.g., "access") - Usage (e.g., "access")
Explanatory text in this Glossary MAY be reused in other ISDs. Explanatory text in this Glossary MAY be reused in other ISDs.
However, such text is not intended to authoritatively supersede However, such text is not intended to authoritatively supersede
text of an ISD in which the Glossary entry is already used. text of an ISD in which the Glossary entry is already used.
2.6 Cross-References 2.6 Cross-References
Some entries contain a parenthetical remark of the form "(See: Some entries contain a parenthetical remark of the form "(See:
X.)", where X is a list one of more related Glossary entries. Some X.)", where X is a list of other, related terms. Some entries
entries contain a remark of the form "(Compare: X)", where X is a contain a remark of the form "(Compare: X)", where X is a list of
list of other entries that either are antonyms or differ in some terms that either are antonyms of the entry or differ in some
other manner worth noting. other manner worth noting.
2.7 Trademarks 2.7 Trademarks
All servicemarks and trademarks that appear in this Glossary are All servicemarks and trademarks that appear in this Glossary are
used in an editorial fashion and to the benefit of the mark owner, used in an editorial fashion and to the benefit of the mark owner,
without any intention of infringement. without any intention of infringement.
2.8 The New Punctuation 2.8 The New Punctuation
skipping to change at page 8, line 33 skipping to change at page 7, line 33
The marking "N" indicates two things: The marking "N" indicates two things:
- Origin: "N" (as opposed to "I") means that the entry has a non- - Origin: "N" (as opposed to "I") means that the entry has a non-
Internet basis or origin. Internet basis or origin.
- Recommendation: "N" (as opposed to "O") means that the term and - Recommendation: "N" (as opposed to "O") means that the term and
definition are RECOMMENDED for use in ISDs, if they are needed definition are RECOMMENDED for use in ISDs, if they are needed
at all in ISDs. Many of these entries are accompanied by a at all in ISDs. Many of these entries are accompanied by a
label that states a context (e.g., "package") or a note that label that states a context (e.g., "package") or a note that
states a limitation (e.g., "data integrity"), and ISDs SHOULD states a limitation (e.g., "data integrity"), and ISDs SHOULD
NOT use the defined term outside that context or limit. Some of NOT use the defined term outside that context or limit. Some of
the contexts are rarely if ever expected to occur in an ISD the contexts are rarely if ever expected to occur in an ISD
(e.g., see: baggage). In those cases, the listing exists to (e.g., "baggage"). In those cases, the listing exists to make
make Internet authors aware of the non-Internet usage so that Internet authors aware of the non-Internet usage so that they
they can avoid conflicts with non-Internet documents. can avoid conflicts with non-Internet documents.
3.3 Type "O": Other Terms and Definitions To Be Noted 3.3 Type "O": Other Terms and Definitions To Be Noted
The marking "O" means that the definition is of non-Internet The marking "O" means that the definition is of non-Internet
origin and SHOULD NOT be used in ISDs *except* in cases where the origin and SHOULD NOT be used in ISDs *except* in cases where the
term is specifically identified as non-Internet. term is specifically identified as non-Internet.
For example, an ISD might mention "BCA" (see: brand certification For example, an ISD might mention "BCA" (see: brand certification
authority) or "baggage" as an example of some concept; in that authority) or "baggage" as an example of some concept; in that
case, the document should specifically say "SET(trademark) BCA" or case, the document should specifically say "SET(trademark) BCA" or
"SET(trademark) baggage" and include the definition of the term. "SET(trademark) baggage" and include the definition of the term.
3.4 Type "D": Deprecated Terms and Definitions 3.4 Type "D": Deprecated Terms and Definitions
If this Glossary recommends that a term or definition SHOULD NOT If this Glossary recommends that a term or definition SHOULD NOT
be used in ISDs, then the entry is marked as type "D", and a be used in ISDs, then the entry is marked as type "D", and an
"Deprecated Term", "Deprecated Definition", or "Deprecated Usage" explanatory note -- "Deprecated Term", "Deprecated Abbreviation",
explanatory note is provided. "Deprecated Definition", or "Deprecated Usage" -- is provided.
3.5 Definition Substitutions 3.5 Definition Substitutions
Some terms have a definition published by a non-Internet authority Some terms have a definition published by a non-Internet authority
-- government (e.g., "object reuse"), industry (e.g., "Secure Data -- a government (e.g., "object reuse"), an industry (e.g., "Secure
Exchange"), national authority (e.g., "Data Encryption Standard"), Data Exchange"), a national authority (e.g., "Data Encryption
or international body (e.g., "data confidentiality") -- that is Standard"), or an international body (e.g., "data
suitable for use in ISDs. In those cases, this Glossary marks the confidentiality") -- that is suitable for use in ISDs. In those
definition "N", recommending its use in Internet documents. cases, this Glossary marks the definition "N", recommending its
use in Internet documents.
Other such terms have definitions that are inadequate or Other such terms have definitions that are inadequate or
inappropriate for ISDs. For example, a definition might be inappropriate for ISDs. For example, a definition might be
outdated or too narrow, or it might need clarification by outdated or too narrow, or it might need clarification by
substituting more careful wording (e.g., "authentication substituting more careful wording (e.g., "authentication
exchange") or explanations, using other terms that are defined in exchange") or explanations, using other terms that are defined in
this Glossary. In those cases, this Glossary marks the entry "O", this Glossary. In those cases, this Glossary marks the entry "O",
and provides an "I" or "N" entry that precedes, and is intended to and provides an "I" or "N" entry that precedes, and is intended to
supersede, the "O" entry. supersede, the "O" entry.
skipping to change at page 10, line 30 skipping to change at page 9, line 30
$ ABA Guidelines $ ABA Guidelines
(N) "American Bar Association (ABA) Digital Signature Guidelines" (N) "American Bar Association (ABA) Digital Signature Guidelines"
[DSG], a framework of legal principles for using digital [DSG], a framework of legal principles for using digital
signatures and digital certificates in electronic commerce. signatures and digital certificates in electronic commerce.
$ Abstract Syntax Notation One (ASN.1) $ Abstract Syntax Notation One (ASN.1)
(N) A standard for describing data objects. [Larm, X680] (See: (N) A standard for describing data objects. [Larm, X680] (See:
CMS.) CMS.)
Deprecated Usage: The term "ASN.1" can be used narrowly to Usage: ISDs SHOULD use the term "ASN.1" narrowly to
describe the notation or language called "Abstract describe the notation or language called "Abstract
Syntax Notation One", or can be used more broadly to Syntax Notation One". ISDs MAY use the term more broadly
encompass the notation, its associated encoding rules to encompass the notation, its associated encoding rules
(see: BER), and software tools that assist in its use. (see: BER), and software tools that assist in its use,
when the context makes this meaning clear.
Tutorial: OSIRM defines computer network functionality in layers. Tutorial: OSIRM defines computer network functionality in layers.
Protocols and data objects at higher layers are abstractly defined Protocols and data objects at higher layers are abstractly defined
to be implemented using protocols and data objects from lower to be implemented using protocols and data objects from lower
layers. A higher layer may define transfers of abstract objects layers. A higher layer may define transfers of abstract objects
between computers, and a lower layer may define those transfers between computers, and a lower layer may define those transfers
concretely as strings of bits. Syntax is needed to specify data concretely as strings of bits. Syntax is needed to specify data
formats of abstract objects, and encoding rules are needed to formats of abstract objects, and encoding rules are needed to
transform abstract objects into bit strings at lower layers. OSI transform abstract objects into bit strings at lower layers. OSI
standards use ASN.1 for those specifications and use various standards use ASN.1 for those specifications and use various
skipping to change at page 11, line 10 skipping to change at page 10, line 13
(I) See: access control center. (I) See: access control center.
$ acceptable risk $ acceptable risk
(I) A risk that is understood and tolerated by a system's user, (I) A risk that is understood and tolerated by a system's user,
operator, owner, or accreditor, usually because the cost or operator, owner, or accreditor, usually because the cost or
difficulty of implementing an effective countermeasure for the difficulty of implementing an effective countermeasure for the
associated vulnerability exceeds the expectation of loss. (See: associated vulnerability exceeds the expectation of loss. (See:
adequate security, risk, "second law" under "Courtney's laws".) adequate security, risk, "second law" under "Courtney's laws".)
$ access $ access
1. (I) The ability and means to communicate with or otherwise 1a. (I) The ability and means to communicate with or otherwise
interact with a system to use system resources either to handle interact with a system to use system resources either to handle
information or to gain knowledge of the information the system information or to gain knowledge of the information the system
contains. (Compare: handle.) contains. (Compare: handle.)
Usage: The definition is intended to include all types of Usage: The definition is intended to include all types of
communication with a system, including one-way communication in communication with a system, including one-way communication in
either direction. In actual practice, however, passive users might either direction. In actual practice, however, passive users might
be treated as not having "access" and, therefore, be exempt from be treated as not having "access" and, therefore, be exempt from
most requirements of the system's security policy. (See: "passive most requirements of the system's security policy. (See: "passive
user" under "user".) user" under "user".)
1a. (O) "Opportunity to make use of an information system (IS)
resource." [C4009]
2. (O) /formal model/ "A specific type of interaction between a 2. (O) /formal model/ "A specific type of interaction between a
subject and an object that results in the flow of information from subject and an object that results in the flow of information from
one to the other." [NCS04] one to the other." [NCS04]
$ Access Certificate for Electronic Services (ACES) $ Access Certificate for Electronic Services (ACES)
(O) A PKI operated by the U.S. Government's General Services (O) A PKI operated by the U.S. Government's General Services
Administration in cooperation with industry partners. (See: CAM.) Administration in cooperation with industry partners. (See: CAM.)
$ access control $ access control
1. (I) Protection of system resources against unauthorized access. 1. (I) Protection of system resources against unauthorized access.
skipping to change at page 12, line 51 skipping to change at page 12, line 6
Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts
in a potentially misleading way. Access control may be based on in a potentially misleading way. Access control may be based on
attributes other than classification level. attributes other than classification level.
$ access list $ access list
(I) /physical security/ Roster of persons who are authorized to (I) /physical security/ Roster of persons who are authorized to
enter a controlled area. (Compare: access control list.) enter a controlled area. (Compare: access control list.)
$ access mode $ access mode
(I) A distinct type of data processing operation -- e.g., read, (I) A distinct type of data processing operation (e.g., read,
write, append, or execute, or a combination of operations -- that write, append, or execute, or a combination of operations) that a
a subject can potentially perform on an object in an information subject can potentially perform on an object in an information
system. [Huff] system. [Huff]
$ access policy $ access policy
(I) A kind of "security policy". (See: access, access control.) (I) A kind of "security policy". (See: access, access control.)
$ access profile $ access profile
(O) A synonym for "capability list". (O) Synonym for "capability list".
Usage: ISDs that use this term SHOULD state a definition for it Usage: ISDs that use this term SHOULD state a definition for it
because the definition is not widely known. because the definition is not widely known.
$ access right $ access right
(I) Synonym for "authorization"; emphasizes the possession of the (I) Synonym for "authorization"; emphasizes the possession of the
authorization by a system entity. authorization by a system entity.
$ accountability $ accountability
(I) The property of a system or system resource that ensures that (I) The property of a system or system resource that ensures that
the actions of a system entity may be traced uniquely to that the actions of a system entity may be traced uniquely to that
entity, which can then be held responsible for its actions. [Huff] entity, which can then be held responsible for its actions. [Huff]
(See: audit service.) (See: audit service.)
Tutorial: Accountability (a.k.a. "individual accountability") Tutorial: Accountability (a.k.a. individual accountability)
typically requires a system ability to positively associate the typically requires a system ability to positively associate the
identity of a user with the time, method, and mode of the user's identity of a user with the time, method, and mode of the user's
access to the system. This ability supports detection and access to the system. This ability supports detection and
subsequent investigation of security breaches. Individual persons subsequent investigation of security breaches. Individual persons
who are system users are held accountable for their actions after who are system users are held accountable for their actions after
being notified of the rules of behavior for using the system and being notified of the rules of behavior for using the system and
the penalties associated with violating those rules. the penalties associated with violating those rules.
$ accounting $ accounting
See: COMSEC accounting. See: COMSEC accounting.
skipping to change at page 18, line 14 skipping to change at page 17, line 21
network security technology. However, many of the security network security technology. However, many of the security
problems that the 1972 report called "current" still plague problems that the 1972 report called "current" still plague
information systems today. information systems today.
$ anomaly detection $ anomaly detection
(I) A intrusion detection method that searches for activity that (I) A intrusion detection method that searches for activity that
is different from the normal behavior of system entities and is different from the normal behavior of system entities and
system resources. (See: IDS. Compare: misuse detection.) system resources. (See: IDS. Compare: misuse detection.)
$ anonymity $ anonymity
(I) The condition of having a name that is unknown or concealed. (I) The condition of an identity being unknown or concealed. (See:
(See: alias, anonymizer, anonymous credential, anonymous login, alias, anonymizer, anonymous credential, anonymous login,
onion routing, persona certificate. Compare: privacy.) identity, onion routing, persona certificate. Compare: privacy.)
Tutorial: An application may require security services that Tutorial: An application may require security services that
maintain anonymity of users or other system entities, perhaps to maintain anonymity of users or other system entities, perhaps to
preserve their privacy or hide them from attack. To hide an preserve their privacy or hide them from attack. To hide an
entity's real name, an alias may be used. For example, a financial entity's real name, an alias may be used; for example, a financial
institution may assign an account number. Parties to a transaction institution may assign account numbers. Parties to transactions
can thus remain relatively anonymous, but can also accept the can thus remain relatively anonymous, but can also accept the
transaction as legitimate. Real names of the parties cannot be transactions as legitimate. Real names of the parties cannot be
easily determined by observers of the transaction, but an easily determined by observers of the transactions, but an
authorized third party may be able to map an alias to a real name, authorized third party may be able to map an alias to a real name,
such as by presenting the institution with a court order. In other such as by presenting the institution with a court order. In other
applications, anonymous entities may be completely untraceable. applications, anonymous entities may be completely untraceable.
$ anonymizer $ anonymizer
(I) A internetwork service, usually provided via a proxy server, (I) A internetwork service, usually provided via a proxy server,
that provides anonymity and privacy for clients. That is, the that provides anonymity and privacy for clients. That is, the
service enables a client to access servers (a) without allowing service enables a client to access servers (a) without allowing
anyone to gather information about which servers the client anyone to gather information about which servers the client
accesses and (b) without allowing the accessed servers to gather accesses and (b) without allowing the accessed servers to gather
information about the client, such as its IP address. information about the client, such as its IP address.
$ anonymous credential $ anonymous credential
(D) /U.S. Government/ A credential that (a) can be used to (D) /U.S. Government/ A credential that (a) can be used to
authenticate a person as having a specific attribute or being a authenticate a person as having a specific attribute or being a
member of a specific group (e.g., military veterans or U.S. member of a specific group (e.g., military veterans or U.S.
citizens) but (b) does not reveal the individual identity of the citizens) but (b) does not reveal the individual identity of the
person that presents the credential. [M0404] (See: anonymity.) person that presents the credential. [M0404] (See: anonymity.)
Deprecated term: ISDs SHOULD NOT use this term; it mixes concepts Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts
in a potentially misleading way. For example, when the credential in a potentially misleading way. For example, when the credential
is an X.509 certificate, the term could be misunderstood to mean is an X.509 certificate, the term could be misunderstood to mean
that the certificate was signed by a CA that has a persona that the certificate was signed by a CA that has a persona
certificate. Instead, use "attribute certificate", "organizational certificate. Instead, use "attribute certificate", "organizational
certificate", or "persona certificate" depending on what is meant, certificate", or "persona certificate" depending on what is meant,
and provide additional explanations as needed. and provide additional explanations as needed.
$ anonymous login $ anonymous login
(I) An access control feature (actually, an access control (I) An access control feature (actually, an access control
vulnerability) in many Internet hosts that enables users to gain vulnerability) in many Internet hosts that enables users to gain
skipping to change at page 19, line 48 skipping to change at page 19, line 5
$ Application Layer $ Application Layer
See: Internet Protocol Suite, OSIRM. See: Internet Protocol Suite, OSIRM.
$ application program $ application program
(I) A computer program that performs a specific function directly (I) A computer program that performs a specific function directly
for a user (as opposed to a program that is part of a computer for a user (as opposed to a program that is part of a computer
operating system and exists to perform functions in support of operating system and exists to perform functions in support of
application programs). application programs).
$ architecture
(I) See: security architecture, system architecture.
$ archive $ archive
1a. (I) /noun/ A collection of data that is stored for a 1a. (I) /noun/ A collection of data that is stored for a
relatively long period of time for historical and other purposes, relatively long period of time for historical and other purposes,
such as to support audit service, availability service, or system such as to support audit service, availability service, or system
integrity service. (Compare: backup, repository.) integrity service. (Compare: backup, repository.)
1b. (I) /verb/ To store data in such a way as to create an 1b. (I) /verb/ To store data in such a way as to create an
archive. (Compare: back up.) archive. (Compare: back up.)
Tutorial: A digital signature may need to be verified many years Tutorial: A digital signature may need to be verified many years
after the signing occurs. The CA -- the one that issued the after the signing occurs. The CA -- the one that issued the
certificate containing the public key needed to verify that certificate containing the public key needed to verify that
signature -- may not stay in operation that long. So every CA signature -- may not stay in operation that long. So every CA
needs to provide for long-term storage of the information needed needs to provide for long-term storage of the information needed
to verify the signatures of those to whom it issues certificates. to verify the signatures of those to whom it issues certificates.
$ ARPANET $ ARPANET
(I) Advanced Research Projects Agency (ARPA) Network, a pioneer (I) Advanced Research Projects Agency (ARPA) Network, a pioneer
packet-switched network that (a) was designed, implemented, packet-switched network that (a) was designed, implemented,
skipping to change at page 21, line 34 skipping to change at page 20, line 44
Tutorial: Asymmetric algorithms have key management advantages Tutorial: Asymmetric algorithms have key management advantages
over equivalently strong symmetric ones. First, one key of the over equivalently strong symmetric ones. First, one key of the
pair need not be known by anyone but its owner; so it can more pair need not be known by anyone but its owner; so it can more
easily be kept secret. Second, although the other key is shared by easily be kept secret. Second, although the other key is shared by
all entities that use the algorithm, that key need not be kept all entities that use the algorithm, that key need not be kept
secret from other, non-using entities; thus, the key-distribution secret from other, non-using entities; thus, the key-distribution
part of key management can be done more easily. part of key management can be done more easily.
Asymmetric cryptography can be used to create algorithms for Asymmetric cryptography can be used to create algorithms for
encryption, digital signature, and key agreement: encryption, digital signature, and key agreement:
- In an asymmetric encryption algorithm (e.g., see: RSA), when - In an asymmetric encryption algorithm (e.g., "RSA"), when Alice
Alice wants to ensure confidentiality for data she sends to wants to ensure confidentiality for data she sends to Bob, she
Bob, she encrypts the data with a public key provided by Bob. encrypts the data with a public key provided by Bob. Only Bob
Only Bob has the matching private key that is needed to decrypt has the matching private key that is needed to decrypt the
the data. (Compare: seal.) data. (Compare: seal.)
- In an asymmetric digital signature algorithm (e.g., see: DSA), - In an asymmetric digital signature algorithm (e.g., "DSA"),
when Alice wants to ensure data integrity or provide when Alice wants to ensure data integrity or provide
authentication for data she sends to Bob, she uses her private authentication for data she sends to Bob, she uses her private
key to sign the data (i.e., create a digital signature based on key to sign the data (i.e., create a digital signature based on
the data). To verify the signature, Bob uses the matching the data). To verify the signature, Bob uses the matching
public key that Alice has provided. public key that Alice has provided.
- In an asymmetric key-agreement algorithm (e.g., see: Diffie- - In an asymmetric key-agreement algorithm (e.g., "Diffie-
Hellman), Alice and Bob each send their own public key to the Hellman"), Alice and Bob each send their own public key to the
other party. Then each uses their own private key and the other party. Then each uses their own private key and the
other's public key to compute the new key value. other's public key to compute the new key value.
$ asymmetric key $ asymmetric key
(I) A cryptographic key that is used in an asymmetric (I) A cryptographic key that is used in an asymmetric
cryptographic algorithm. (See: asymmetric cryptography, private cryptographic algorithm. (See: asymmetric cryptography, private
key, public key.) key, public key.)
$ ATIS $ ATIS
(N) See: "Alliance for Telecommunications Industry Solutions" (N) See: "Alliance for Telecommunications Industry Solutions"
skipping to change at page 22, line 19 skipping to change at page 21, line 30
That is, an actual assault on system security that derives from an That is, an actual assault on system security that derives from an
intelligent threat. (See: penetration, violation, vulnerability.) intelligent threat. (See: penetration, violation, vulnerability.)
2. (I) A method or technique used in an assault (e.g., 2. (I) A method or technique used in an assault (e.g.,
masquerade). (See: blind attack, distributed attack.) masquerade). (See: blind attack, distributed attack.)
Tutorial: Attacks can be characterized according to intent: Tutorial: Attacks can be characterized according to intent:
- An "active attack" attempts to alter system resources or affect - An "active attack" attempts to alter system resources or affect
their operation. their operation.
- A "passive attack" attempts to learn or make use of information - A "passive attack" attempts to learn or make use of information
from the system but does not affect system resources. (E.g., from a system but does not affect system resources of that
see: wiretapping.) system. (See: wiretapping.)
The object of a passive attack might be to obtain data that is The object of a passive attack might be to obtain data that is
needed for an off-line attack. needed for an off-line attack.
- An "off-line attack" is one in which the attacker obtains data - An "off-line attack" is one in which the attacker obtains data
from the target system and then analyzes the data on a from the target system and then analyzes the data on a
different system of the attacker's own choosing, possibly in different system of the attacker's own choosing, possibly in
preparation for a second stage of attack on the target. preparation for a second stage of attack on the target.
Attacks can be characterized according to point of initiation: Attacks can be characterized according to point of initiation:
- An "inside attack" is one that is initiated by an entity inside - An "inside attack" is one that is initiated by an entity inside
the security perimeter (an "insider"), i.e., an entity that is the security perimeter (an "insider"), i.e., an entity that is
authorized to access system resources but uses them in a way authorized to access system resources but uses them in a way
not approved by those who granted the authorization. not approved by the party that granted the authorization.
- An "outside attack" is initiated from outside the perimeter, by - An "outside attack" is initiated from outside the security
an unauthorized or illegitimate user of the system (an perimeter, by an unauthorized or illegitimate user of the
"outsider"). In the Internet, potential outside attackers range system (an "outsider"). In the Internet, potential outside
from amateur pranksters to organized criminals, international attackers range from amateur pranksters to organized criminals,
terrorists, and hostile governments. international terrorists, and hostile governments.
Attacks can be characterized according to method of delivery:
- In a "direct attack", the attacker addresses attacking packets
to the intended victim(s).
- In an "indirect attack", the attacker addresses packets to a
third party, and the packets either have the address(es) of the
intended victim(s) as their source address(es) or indicate the
intended victim(s) in some other way. The third party responds
by sending one or more attacking packets to the intended
victims. The attacker can use third parties as attack
amplifiers by providing a broadcast address as the victim
address (e.g., "smurf attack"). (See: reflector attack.
Compare: reflection attack, replay attack.)
The term "attack" relates to some other basic security terms as The term "attack" relates to some other basic security terms as
shown in the following diagram: shown in the following diagram:
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+ + - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
| An Attack: | |Counter- | | A System Resource: | | An Attack: | |Counter- | | A System Resource: |
| i.e., A Threat Action | | measure | | Target of the Attack | | i.e., A Threat Action | | measure | | Target of the Attack |
| +----------+ | | | | +-----------------+ | | +----------+ | | | | +-----------------+ |
| | Attacker |<==================||<========= | | | | Attacker |<==================||<========= | |
| | i.e., | Passive | | | | | Vulnerability | | | | i.e., | Passive | | | | | Vulnerability | |
skipping to change at page 23, line 36 skipping to change at page 23, line 6
The final nodes on the paths outward from the root, i.e., the leaf The final nodes on the paths outward from the root, i.e., the leaf
nodes, represent different ways to initiate an attack. Each node nodes, represent different ways to initiate an attack. Each node
other than a leaf is either an AND-node or an OR-node. To achieve other than a leaf is either an AND-node or an OR-node. To achieve
the goal represented by an AND-node, the subgoals represented by the goal represented by an AND-node, the subgoals represented by
all of that node's subnodes must be achieved; and for an OR-node, all of that node's subnodes must be achieved; and for an OR-node,
at least one of the subgoals must be achieved. Branches can be at least one of the subgoals must be achieved. Branches can be
labeled with values representing difficulty, cost, or other attack labeled with values representing difficulty, cost, or other attack
attributes, so that alternative attacks can be compared. attributes, so that alternative attacks can be compared.
$ attribute $ attribute
1. (N) The information of a particular type concerning an 1. (N) Information of a particular type concerning an identifiable
identifiable system entity or object. An "attribute type" is the system entity or object. An "attribute type" is the component of
component of an attribute that indicates the class of information an attribute that indicates the class of information given by the
given by the attribute; and an "attribute value" is a particular attribute; and an "attribute value" is a particular instance of
instance of the class of information indicated by an attribute the class of information indicated by an attribute type. (See:
type. (See: attribute certificate.) attribute certificate.)
$ attribute authority (AA) $ attribute authority (AA)
1. (N) A CA that issues attribute certificates. 1. (N) A CA that issues attribute certificates.
2. (O) "An authority [that] assigns privileges by issuing 2. (O) "An authority [that] assigns privileges by issuing
attribute certificates." [X509] attribute certificates." [X509]
Deprecated Abbreviation: The abbreviation "AA" SHOULD NOT be used Deprecated Usage: The abbreviation "AA" SHOULD NOT be used in an
in an ISD unless it is first defined in the ISD. ISD unless it is first defined in the ISD.
$ attribute certificate $ attribute certificate
1. (I) A digital certificate that binds a set of descriptive data 1. (I) A digital certificate that binds a set of descriptive data
items, other than a public key, either directly to a subject name items, other than a public key, either directly to a subject name
or to the identifier of another certificate that is a public-key or to the identifier of another certificate that is a public-key
certificate. (See: capability token.) certificate. (See: capability token.)
2. (O) "A data structure, digitally signed by an [a]ttribute 2. (O) "A data structure, digitally signed by an [a]ttribute
[a]uthority, that binds some attribute values with identification [a]uthority, that binds some attribute values with identification
information about its holder." [X509] information about its holder." [X509]
Tutorial: A public-key certificate binds a subject name to a Tutorial: A public-key certificate binds a subject name to a
public key value, along with information needed to perform certain public key value, along with information needed to perform certain
cryptographic functions using that key. Other attributes of a cryptographic functions using that key. Other attributes of a
subject, such as a security clearance, may be certified in a subject, such as a security clearance, may be certified in a
separate kind of digital certificate, called an attribute separate kind of digital certificate, called an attribute
certificate. A subject may have multiple attribute certificates certificate. A subject may have multiple attribute certificates
skipping to change at page 24, line 46 skipping to change at page 24, line 19
(I) A security service that records information needed to (I) A security service that records information needed to
establish accountability for system events and for the actions of establish accountability for system events and for the actions of
system entities that cause them. (See: security audit.) system entities that cause them. (See: security audit.)
$ audit trail $ audit trail
(I) See: security audit trail. (I) See: security audit trail.
$ AUTH $ AUTH
(I) See: POP3 AUTH. (I) See: POP3 AUTH.
$ authentic signature
(I) A signature (especially a digital signature) that can be
trusted because it can be verified. (See: validate vs. verify.)
$ authenticate $ authenticate
(I) Verify (i.e., establish the truth of) an identity claimed by (I) Verify (i.e., establish the truth of) an attribute value
or for a system entity. (See: authentication, validate vs. verify, claimed by or for a system entity or system resource. (See:
"relationship between data integrity service and authentication authentication, validate vs. verify, "relationship between data
services" under "data integrity service".) integrity service and authentication services" under "data
integrity service".)
Deprecated Usage: In general English usage, this term is used with Deprecated Usage: In general English usage, this term is used with
the meaning "to prove genuine" (e.g., an art expert authenticates the meaning "to prove genuine" (e.g., an art expert authenticates
a Michelangelo painting); but this Internet definition restricts a Michelangelo painting); but ISDs should restrict usage as
usage as follows: follows:
- ISDs SHOULD NOT use this term to refer to proving or checking - ISDs SHOULD NOT use this term to refer to proving or checking
that data has not been changed, destroyed or lost in an that data has not been changed, destroyed or lost in an
unauthorized or accidental manner. Instead use "verify". unauthorized or accidental manner. Instead use "verify".
- ISDs SHOULD NOT use this term to refer to proving the truth or - ISDs SHOULD NOT use this term to refer to proving the truth or
accuracy of a fact or value such as a digital signature. accuracy of a fact or value such as a digital signature.
Instead, use "verify". Instead, use "verify".
- ISDs SHOULD NOT use this term to refer to establishing the - ISDs SHOULD NOT use this term to refer to establishing the
soundness or correctness of a construct, such as a digital soundness or correctness of a construct, such as a digital
certificate. Instead, use "validate". certificate. Instead, use "validate".
$ authentication $ authentication
(I) The process of verifying an identity claimed by or for a (I) The process of verifying a claim that a system entity or
system entity. (See: authenticate, authentication exchange, system resource has a certain attribute value. (See: attribute,
authentication information, credential, data origin authenticate, authentication exchange, authentication information,
authentication, peer entity authentication, "relationship between credential, data origin authentication, peer entity
data integrity service and authentication services" under "data authentication, "relationship between data integrity service and
integrity service", simple authentication, strong authentication, authentication services" under "data integrity service", simple
X.509.) authentication, strong authentication, verification, X.509.)
Tutorial: An authentication process consists of two steps: Tutorial: Security services frequently depend on authentication of
- Identification step: Presenting an identifier to the security the identity of users, but authentication may involve any type of
system. (Identifiers should be assigned carefully, because attribute that is recognized by a system. A claim may be made by a
authenticated identities are the basis for other security subject about itself (e.g., at login, a user typically asserts its
services, such as access control service.) identity) or a claim may be made on behalf of a subject or object
by some other system entity (e.g., a user may claim that a data
object originates from a specific source, or that a data object is
classified at a specific security level).
An authentication process consists of two basic steps:
- Identification step: Presenting the claimed attribute value
(e.g., a user identifier) to the authentication subsystem.
- Verification step: Presenting or generating authentication - Verification step: Presenting or generating authentication
information that acts as evidence to prove the binding between information (e.g., a value signed with a private key) that acts
the claimant and the identifier. (See: verification.) as evidence to prove the binding between the attribute and that
for which it is claimed. (See: verification.)
$ authentication code $ authentication code
(D) Synonym for a checksum based on cryptography. (Compare: Data (D) Synonym for a checksum based on cryptography. (Compare: Data
Authentication Code, Message Authentication Code.) Authentication Code, Message Authentication Code.)
Deprecated Term: ISDs SHOULD NOT use this uncapitalized term as a Deprecated Term: ISDs SHOULD NOT use this uncapitalized term as a
synonym for any kind of checksum, regardless of whether or not the synonym for any kind of checksum, regardless of whether or not the
checksum is cryptographic. Instead, use "checksum", "Data checksum is cryptographic. Instead, use "checksum", "Data
Authentication Code", "error detection code", "hash", "keyed Authentication Code", "error detection code", "hash", "keyed
hash", "Message Authentication Code", "protected checksum", or hash", "Message Authentication Code", "protected checksum", or
skipping to change at page 27, line 9 skipping to change at page 26, line 37
peer entity authentication service. peer entity authentication service.
$ authenticity $ authenticity
(I) The property of being genuine and able to be verified and be (I) The property of being genuine and able to be verified and be
trusted. (See: authenticate, authentication, validate vs. verify.) trusted. (See: authenticate, authentication, validate vs. verify.)
$ authority $ authority
(D) "An entity, responsible for the issuance of certificates." (D) "An entity, responsible for the issuance of certificates."
[X509] [X509]
Deprecated Term: ISDs SHOULD NOT use this term as a synonym for Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for
attribute authority, certification authority, registration attribute authority, certification authority, registration
authority, or similar terms; the shortened form may cause authority, or similar terms; the shortened form may cause
confusion. Instead, use the full term at the first instance of confusion. Instead, use the full term at the first instance of
usage and then, if it is necessary to shorten text, use AA, CA, usage and then, if it is necessary to shorten text, use AA, CA,
RA, and other abbreviations defined in this Glossary. RA, and other abbreviations defined in this Glossary.
$ authority certificate $ authority certificate
(D) "A certificate issued to an authority (e.g. either to a (D) "A certificate issued to an authority (e.g. either to a
certification authority or to an attribute authority)." [X509] certification authority or to an attribute authority)." [X509]
(See: authority.) (See: authority.)
Deprecated Term: ISDs SHOULD NOT use this term as defined here; it Deprecated Term: ISDs SHOULD NOT use this term because it is
is ambiguous. Instead, use the full term "certification authority ambiguous. Instead, use the full term "certification authority
certificate", "attribute authority certificate", "registration certificate", "attribute authority certificate", "registration
authority certificate", etc. at the first instance of usage and authority certificate", etc. at the first instance of usage and
then, if it is necessary to shorten text, use AA, CA, RA, and then, if it is necessary to shorten text, use AA, CA, RA, and
other abbreviations defined in this Glossary. other abbreviations defined in this Glossary.
$ Authority Information Access extension $ Authority Information Access extension
(I) The private extension defined by PKIX for X.509 certificates (I) The private extension defined by PKIX for X.509 certificates
to indicate "how to access CA information and services for the to indicate "how to access CA information and services for the
issuer of the certificate in which the extension appears. issuer of the certificate in which the extension appears.
Information and services may include on-line validation services Information and services may include on-line validation services
skipping to change at page 28, line 46 skipping to change at page 28, line 22
accessible, or usable or operational upon demand, by an authorized accessible, or usable or operational upon demand, by an authorized
system entity, according to performance specifications for the system entity, according to performance specifications for the
system; i.e., a system is available if it provides services system; i.e., a system is available if it provides services
according to the system design whenever users request them. (See: according to the system design whenever users request them. (See:
critical, denial of service. Compare: precedence, reliability, critical, denial of service. Compare: precedence, reliability,
survivability.) survivability.)
2. (O) "The property of being accessible and usable upon demand by 2. (O) "The property of being accessible and usable upon demand by
an authorized entity." [I7498-2] an authorized entity." [I7498-2]
3. (D) "Timely, reliable access to data and information services
for authorized users." [C4009]
Deprecated Definition: ISDs SHOULD NOT use the term with
definition 3; the definition mixes "availability" with
"reliability", which is a different property. (See: reliability.)
Tutorial: Availability requirements can be specified by Tutorial: Availability requirements can be specified by
quantitative metrics, but sometimes are stated qualitatively, such quantitative metrics, but sometimes are stated qualitatively, such
as in the following: as in the following:
- "Flexible tolerance for delay" may mean that brief system - "Flexible tolerance for delay" may mean that brief system
outages do not endanger mission accomplishment, but extended outages do not endanger mission accomplishment, but extended
outages may endanger the mission. outages may endanger the mission.
- "Minimum tolerance for delay" may mean that mission - "Minimum tolerance for delay" may mean that mission
accomplishment requires the system to provide requested accomplishment requires the system to provide requested
services in a short time. services in a short time.
skipping to change at page 30, line 5 skipping to change at page 29, line 41
$ backup $ backup
(I) /noun or adjective/ Refers to alternate means of performing (I) /noun or adjective/ Refers to alternate means of performing
system functions despite loss of system resources. (See: system functions despite loss of system resources. (See:
contingency plan). contingency plan).
Example: A reserve copy of data, preferably one that is stored Example: A reserve copy of data, preferably one that is stored
separately from the original, for use if the original becomes lost separately from the original, for use if the original becomes lost
or damaged. (Compare: archive.) or damaged. (Compare: archive.)
$ bagbiter
(D) /slang/ "An entity, such as a program or a computer, that
fails to work or that works in a remarkably clumsy manner. A
person who has caused some trouble, inadvertently or otherwise,
typically by failing to program the computer properly." [NCSSG]
(See: flaw.)
Deprecated Term: It is likely that other cultures use different
metaphors for these concepts. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book.")
$ baggage $ baggage
(O) /SET/ An "opaque encrypted tuple, which is included in a SET (O) /SET/ An "opaque encrypted tuple, which is included in a SET
message but appended as external data to the PKCS encapsulated message but appended as external data to the PKCS encapsulated
data. This avoids superencryption of the previously encrypted data. This avoids superencryption of the previously encrypted
tuple, but guarantees linkage with the PKCS portion of the tuple, but guarantees linkage with the PKCS portion of the
message." [SET2] message." [SET2]
Deprecated Usage: ISDs SHOULD NOT use this term to describe a data Deprecated Usage: ISDs SHOULD NOT use this term to describe a data
element, except in the form "SET(trademark) baggage" with the element, except in the form "SET(trademark) baggage" with the
meaning given above. meaning given above.
$ baked-in security $ baked-in security
(I) The inclusion of security mechanisms in an information system (D) The inclusion of security mechanisms in an information system
beginning at an early point in the system's life cycle, i.e., beginning at an early point in the system's life cycle, i.e.,
during the design phase, or at least early in the implementation during the design phase, or at least early in the implementation
phase. (Compare: add-on security.) phase. (Compare: add-on security.)
Deprecated Term: It is likely that other cultures use different Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book".) Usage under "Green Book".)
$ bandwidth $ bandwidth
skipping to change at page 33, line 4 skipping to change at page 32, line 52
with their roles. with their roles.
$ BIN $ BIN
(O) See: bank identification number. (O) See: bank identification number.
$ bind $ bind
(I) To inseparably associate by applying some security mechanism. (I) To inseparably associate by applying some security mechanism.
Example: A CA creates a public-key certificate by using a digital Example: A CA creates a public-key certificate by using a digital
signature to bind together (a) a subject name, (b) a public key, signature to bind together (a) a subject name, (b) a public key,
and usually (c) some additional data items (e.g., see "X.509 and usually (c) some additional data items (e.g., "X.509 public-
public-key certificate"). key certificate").
$ biometric authentication $ biometric authentication
(I) A method of generating authentication information for a person (I) A method of generating authentication information for a person
by digitizing measurements of a physical or behavioral by digitizing measurements of a physical or behavioral
characteristic, such as a fingerprint, hand shape, retina pattern, characteristic, such as a fingerprint, hand shape, retina pattern,
voiceprint, handwriting style, or face. voiceprint, handwriting style, or face.
$ birthday attack $ birthday attack
(I) A class of attacks against cryptographic functions, including (I) A class of attacks against cryptographic functions, including
both encryption functions and hash functions. The attacks take both encryption functions and hash functions. The attacks take
skipping to change at page 33, line 46 skipping to change at page 33, line 44
$ bit $ bit
(I) A contraction of the term "binary digit"; the smallest unit of (I) A contraction of the term "binary digit"; the smallest unit of
information storage, which has two possible states or values. The information storage, which has two possible states or values. The
values usually are represented by the symbols "0" (zero) and "1" values usually are represented by the symbols "0" (zero) and "1"
(one). (See: block, byte, word.) (one). (See: block, byte, word.)
$ bit string $ bit string
(I) A sequence of bits, each of which is either "0" or "1". (I) A sequence of bits, each of which is either "0" or "1".
$ BLACK $ BLACK
1. (I) Designation for data that consists only of cipher text, and 1. (N) Designation for data that consists only of cipher text, and
for information system equipment items or facilities that handle for information system equipment items or facilities that handle
only cipher text. Example: "BLACK key".(See: color change, only cipher text. Example: "BLACK key".(See: color change,
RED/BLACK separation. Compare: RED.) RED/BLACK separation. Compare: RED.)
2. (O) /U.S. Government/ "Designation applied to information 2. (O) /U.S. Government/ "Designation applied to information
systems, and to associated areas, circuits, components, and systems, and to associated areas, circuits, components, and
equipment, in which national security information is encrypted or equipment, in which national security information is encrypted or
is not processed." [C4009] is not processed." [C4009]
$ BLACK/Crypto/RED (BCR) $ BLACK/Crypto/RED (BCR)
(N) An experimental, end-to-end, network packet encryption system (N) An experimental, end-to-end, network packet encryption system
developed in a working prototype form by BBN and the Collins Radio developed in a working prototype form by BBN and the Collins Radio
division of Rockwell Corporation in the 1975-1980 time frame for division of Rockwell Corporation in the 1975-1980 time frame for
the U.S. DoD. BCR was the first network security system to support the U.S. DoD. BCR was the first network security system to support
TCP/IP traffic, and it incorporated the first DES chips that were TCP/IP traffic, and it incorporated the first DES chips that were
validated by the U.S. National Bureau of Standards (now called validated by the U.S. National Bureau of Standards (now called
NIST). BCR also was the first to use a KDC and an ACC to manage NIST). BCR also was the first to use a KDC and an ACC to manage
connections. connections.
$ BLACK key $ BLACK key
(I) A key that is protected with a key-encrypting key and that (N) A key that is protected with a key-encrypting key and that
must be decrypted before use. (See: BLACK. Compare: RED key.) must be decrypted before use. (See: BLACK. Compare: RED key.)
$ BLACKER $ BLACKER
(O) An end-to-end encryption system for computer data networks (O) An end-to-end encryption system for computer data networks
that was developed by the U.S. DoD in the 1980s to provide host- that was developed by the U.S. DoD in the 1980s to provide host-
to-host data confidentiality service for datagrams at OSIRM Layer to-host data confidentiality service for datagrams at OSIRM Layer
3. [Weis] (Compare: Caneware, IPsec.) 3. [Weis] (Compare: Caneware, IPsec.)
Tutorial: Each user host connects to its own bump-in-the-wire Tutorial: Each user host connects to its own bump-in-the-wire
encryption device called a BLACKER Front End (BFE, TSEC/KI-111), encryption device called a BLACKER Front End (BFE, TSEC/KI-111),
skipping to change at page 35, line 42 skipping to change at page 35, line 39
external interface, such as that of a stream cipher, by using a external interface, such as that of a stream cipher, by using a
mode of cryptographic operation to package the basic algorithm. mode of cryptographic operation to package the basic algorithm.
(See: CBC, CFB, DEA, ECB, OFB.) (See: CBC, CFB, DEA, ECB, OFB.)
$ Blowfish $ Blowfish
(N) A symmetric block cipher with variable-length key (32 to 448 (N) A symmetric block cipher with variable-length key (32 to 448
bits) designed in 1993 by Bruce Schneier as an unpatented, bits) designed in 1993 by Bruce Schneier as an unpatented,
license-free, royalty-free replacement for DES or IDEA. [Schn] license-free, royalty-free replacement for DES or IDEA. [Schn]
(See: Twofish.) (See: Twofish.)
$ brain-damaged
(D) /slang/ "Obviously wrong: extremely poorly designed. Calling
something brain-damaged is very extreme. The word implies that the
thing is completely unusable, and that its failure to work is due
to poor design, not accident." [NCSSG] (See: flaw.)
Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book.")
$ brand $ brand
1. (I) A distinctive mark or name that identifies a product or 1. (I) A distinctive mark or name that identifies a product or
business entity. business entity.
2. (O) /SET/ The name of a payment card. (See: BCA.) 2. (O) /SET/ The name of a payment card. (See: BCA.)
Tutorial: Financial institutions and other companies have founded Tutorial: Financial institutions and other companies have founded
payment card brands, protect and advertise the brands, establish payment card brands, protect and advertise the brands, establish
and enforce rules for use and acceptance of their payment cards, and enforce rules for use and acceptance of their payment cards,
and provide networks to interconnect the financial institutions. and provide networks to interconnect the financial institutions.
These brands combine the roles of issuer and acquirer in These brands combine the roles of issuer and acquirer in
interactions with cardholders and merchants. [SET1] interactions with cardholders and merchants. [SET1]
$ brand certification authority (BCA) $ brand certification authority (BCA)
(O) /SET/ A CA owned by a payment card brand, such as MasterCard, (O) /SET/ A CA owned by a payment card brand, such as MasterCard,
Visa, or American Express. [SET2] (See: certification hierarchy, Visa, or American Express. [SET2] (See: certification hierarchy,
skipping to change at page 53, line 23 skipping to change at page 53, line 30
(I) A algorithm-independent transaction format, defined by PKCS (I) A algorithm-independent transaction format, defined by PKCS
#10 and used in PKIX, that contains a DN, a public key, and #10 and used in PKIX, that contains a DN, a public key, and
optionally a set of attributes, collectively signed by the entity optionally a set of attributes, collectively signed by the entity
requesting certification, and sent to a CA, which transforms the requesting certification, and sent to a CA, which transforms the
request to an X.509 public-key certificate or another type of request to an X.509 public-key certificate or another type of
certificate. certificate.
$ certify $ certify
1. (I) Issue a digital certificate and thus vouch for the truth, 1. (I) Issue a digital certificate and thus vouch for the truth,
accuracy, and binding between data items in the certificate (e.g., accuracy, and binding between data items in the certificate (e.g.,
see: X.509 public-key certificate), such as the identity of the "X.509 public-key certificate"), such as the identity of the
certificate's subject and the ownership of a public key. (See: certificate's subject and the ownership of a public key. (See:
certification.) certification.)
Usage: To "certify a public key" means to issue a public-key Usage: To "certify a public key" means to issue a public-key
certificate that vouches for the binding between the certificate's certificate that vouches for the binding between the certificate's
subject and the key. subject and the key.
2. (I) The act by which a CA uses measures to verify the truth, 2. (I) The act by which a CA uses measures to verify the truth,
accuracy, and binding between data items in a digital certificate. accuracy, and binding between data items in a digital certificate.
skipping to change at page 55, line 38 skipping to change at page 55, line 45
$ chosen-plaintext attack $ chosen-plaintext attack
(I) A cryptanalysis technique in which the analyst tries to (I) A cryptanalysis technique in which the analyst tries to
determine the key from knowledge of cipher text that corresponds determine the key from knowledge of cipher text that corresponds
to plain text selected (i.e., dictated) by the analyst. to plain text selected (i.e., dictated) by the analyst.
$ CIAC $ CIAC
(O) See: Computer Incident Advisory Capability. (O) See: Computer Incident Advisory Capability.
$ CIK $ CIK
(I) See: cryptographic ignition key. (N) See: cryptographic ignition key.
$ cipher $ cipher
(I) A cryptographic algorithm for encryption and decryption. (I) A cryptographic algorithm for encryption and decryption.
$ cipher block chaining (CBC) $ cipher block chaining (CBC)
(N) A block cipher mode that enhances ECB mode by chaining (N) A block cipher mode that enhances ECB mode by chaining
together blocks of cipher text it produces. [FP081] (See: [R1829], together blocks of cipher text it produces. [FP081] (See: [R1829],
[R2405], [R2451].) [R2405], [R2451].)
Tutorial: This mode operates by combining (exclusive OR-ing) the Tutorial: This mode operates by combining (exclusive OR-ing) the
skipping to change at page 58, line 41 skipping to change at page 58, line 49
Usage: Usually understood to involve data confidentiality, but Usage: Usually understood to involve data confidentiality, but
ISDs SHOULD make this clear when data also is sensitive in other ISDs SHOULD make this clear when data also is sensitive in other
ways and SHOULD use other terms for those other sensitivity ways and SHOULD use other terms for those other sensitivity
concepts. (See: sensitive information, data integrity.) concepts. (See: sensitive information, data integrity.)
$ classified $ classified
1. (I) Refers to information (stored or conveyed, in any form) 1. (I) Refers to information (stored or conveyed, in any form)
that is formally required by a security policy to receive data that is formally required by a security policy to receive data
confidentiality service and to be marked with a security label confidentiality service and to be marked with a security label
(which in some cases might be implicit) to indicate its protected (which in some cases might be implicit) to indicate its protected
status. (See: classify, security level. Compare: unclassified.) status. (See: classify, collateral information, SAP, security
level. Compare: unclassified.)
Usage: Usually understood to involve data confidentiality, but Usage: Usually understood to involve data confidentiality, but
ISDs SHOULD make this clear when data also is sensitive in other ISDs SHOULD make this clear when data also is sensitive in other
ways and SHOULD use other terms for those other sensitivity ways and SHOULD use other terms for those other sensitivity
concepts. (See: sensitive information, data integrity.) concepts. (See: sensitive information, data integrity.)
Mainly used by federal governments, especially by the military,
Tutorial: The term is mainly used in government, especially in the but the underlying concept also applies outside government.
military, but the underlying concept also applies outside
government.
2. (O) /U.S. DoD/ Information that has been determined pursuant to 2. (O) /U.S. DoD/ Information that has been determined pursuant to
Executive Order 12958 ("Classified National Security Information", Executive Order 12958 ("Classified National Security Information",
20 April 1995) or any predecessor order to require protection 20 April 1995) or any predecessor order to require protection
against unauthorized disclosure and is marked to indicate its against unauthorized disclosure and is marked to indicate its
classified status when in documentary form. classified status when in documentary form.
$ classify $ classify
(I) To officially designate an information item or type of (I) To officially designate an information item or type of
information as being classified and assigned to a specific information as being classified and assigned to a specific
skipping to change at page 59, line 20 skipping to change at page 59, line 27
$ clean system $ clean system
(I) A computer system in which the operating system and (I) A computer system in which the operating system and
application system software and files have been freshly installed application system software and files have been freshly installed
from trusted software distribution media. (Compare: secure state.) from trusted software distribution media. (Compare: secure state.)
$ clear $ clear
(D) /verb/ Synonym for "erase". [C4009] (D) /verb/ Synonym for "erase". [C4009]
Deprecated Definition: ISDs SHOULD NOT use the term with this Deprecated Definition: ISDs SHOULD NOT use the term with this
definition; it could be confused with "clear text" in which definition; that could be confused with "clear text" in which
information is directly recoverable. information is directly recoverable.
$ clear text $ clear text
1. (I) /noun/ Data in which the semantic information content 1. (I) /noun/ Data in which the semantic information content
(i.e., the meaning) is intelligible or is directly available, (i.e., the meaning) is intelligible or is directly available,
i.e., not encrypted. (See: cleartext, in the clear. Compare: i.e., not encrypted. (See: cleartext, in the clear. Compare:
cipher text, plain text.) cipher text, plain text.)
2. (O) "Intelligible data, the semantic content of which is 2. (O) "Intelligible data, the semantic content of which is
available." [I7498-2] available." [I7498-2]
skipping to change at page 62, line 8 skipping to change at page 62, line 15
2. (I) An encryption algorithm that uses a word substitution 2. (I) An encryption algorithm that uses a word substitution
technique. [C4009] (See: code, ECB.) technique. [C4009] (See: code, ECB.)
$ code signing $ code signing
(I) A security mechanism that uses a digital signature to provide (I) A security mechanism that uses a digital signature to provide
data integrity and data origin authentication for software that is data integrity and data origin authentication for software that is
being distributed for use. (See: mobile code, trusted being distributed for use. (See: mobile code, trusted
distribution.) distribution.)
$ code word
(O) /U.S. Government/ "A single word assigned a classified meaning
by appropriate authority to ensure proper security concerning
intentions and to safeguard information pertaining to actual,
real-world military plans or operations classified as CONFIDENTIAL
or higher."
$ collateral information
(O) /U.S. Government/ "Information identified as National Security
Information under the provisions of [Executive Order] 12958 but
which is not subject to enhanced security protection required for
SAP information."
$ COI $ COI
(I) See: community of interest. (I) See: community of interest.
$ cold start $ cold start
(N) /cryptographic module/ A procedure for initially keying (N) /cryptographic module/ A procedure for initially keying
cryptographic equipment. [C4009] cryptographic equipment. [C4009]
$ color change $ color change
(I) In a system being operated in periods processing mode, the act (I) In a system being operated in periods processing mode, the act
of purging all information from one processing period and then of purging all information from one processing period and then
skipping to change at page 63, line 8 skipping to change at page 63, line 28
Tutorial: Canada, France, Germany, the Netherlands, the United Tutorial: Canada, France, Germany, the Netherlands, the United
Kingdom, and the United States (NIST and NSA) began developing Kingdom, and the United States (NIST and NSA) began developing
this standard in 1993, based on the European ITSEC, the Canadian this standard in 1993, based on the European ITSEC, the Canadian
Trusted Computer Product Evaluation Criteria (CTCPEC), and the Trusted Computer Product Evaluation Criteria (CTCPEC), and the
U.S. "Federal Criteria for Information Technology Security" and U.S. "Federal Criteria for Information Technology Security" and
its precursor, the TCSEC. Work was done in cooperation with its precursor, the TCSEC. Work was done in cooperation with
ISO/IEC Joint Technical Committee 1 (Information Technology), ISO/IEC Joint Technical Committee 1 (Information Technology),
Subcommittee 27 (Security Techniques), Working Group 3 (Security Subcommittee 27 (Security Techniques), Working Group 3 (Security
Criteria). Version 2.0 of the Criteria has been issued as ISO's Criteria). Version 2.0 of the Criteria has been issued as ISO's
International Standard 15408. The U.S. Government intends this International Standard 15408. The U.S. Government intends this
standard to supersede both the TCSEC and FIPS PUB 140-1. (See: standard to supersede both the TCSEC and FIPS PUB 140. (See:
NIAP.) NIAP.)
The standard addresses data confidentiality, data integrity, and The standard addresses data confidentiality, data integrity, and
availability and may apply to other aspects of security. It availability and may apply to other aspects of security. It
focuses on threats to information arising from human activities, focuses on threats to information arising from human activities,
malicious or otherwise, but may apply to non-human threats. It malicious or otherwise, but may apply to non-human threats. It
applies to security measures implemented in hardware, firmware, or applies to security measures implemented in hardware, firmware, or
software. It does not apply to (a) administrative security not software. It does not apply to (a) administrative security not
related directly to technical security, (b) technical physical related directly to technical security, (b) technical physical
aspects of security such as electromagnetic emanation control, (c) aspects of security such as electromagnetic emanation control, (c)
skipping to change at page 66, line 32 skipping to change at page 66, line 53
disclosure or alteration may have occurred. (See: compromise.) disclosure or alteration may have occurred. (See: compromise.)
Tutorial: A CKL is issued by an CA, like a CRL is issued. But a Tutorial: A CKL is issued by an CA, like a CRL is issued. But a
CKL lists only KMIDs, not subjects that hold the keys, and not CKL lists only KMIDs, not subjects that hold the keys, and not
certificates in which the keys are bound. certificates in which the keys are bound.
$ COMPUSEC $ COMPUSEC
(I) See: computer security. (I) See: computer security.
$ computer system $ computer system
(I) A synonym for "information system", or a component thereof. (I) Synonym for "information system", or a component thereof.
(Compare: computer platform.) (Compare: computer platform.)
$ computer emergency response team (CERT) $ computer emergency response team (CERT)
(I) An organization that studies computer and network INFOSEC in (I) An organization that studies computer and network INFOSEC in
order to provide incident response services to victims of attacks, order to provide incident response services to victims of attacks,
publish alerts concerning vulnerabilities and threats, and offer publish alerts concerning vulnerabilities and threats, and offer
other information to help improve computer and network security. other information to help improve computer and network security.
(See: CSIRT, security incident.) (See: CSIRT, security incident.)
Examples: CERT Coordination Center at Carnegie-Mellon University Examples: CERT Coordination Center at Carnegie-Mellon University
skipping to change at page 67, line 11 skipping to change at page 67, line 34
and types, ranging from the complex Internet to a simple system and types, ranging from the complex Internet to a simple system
composed of a personal computer dialing in as a remote terminal of composed of a personal computer dialing in as a remote terminal of
another computer. another computer.
$ computer platform $ computer platform
(I) A combination of computer hardware and an operating system (I) A combination of computer hardware and an operating system
(which may consist of software, firmware, or both) for that (which may consist of software, firmware, or both) for that
hardware. (Compare: computer system.) hardware. (Compare: computer system.)
$ computer security (COMPUSEC) $ computer security (COMPUSEC)
(I) Measures to implement and assure security services in a 1. (I) Measures to implement and assure security services in a
computer system, particularly those that assure access control computer system, particularly those that assure access control
service. service.
Usage: Usually refers to internal controls (functions, features, Usage: Usually refers to internal controls (functions, features,
and technical characteristics) that are implemented in software and technical characteristics) that are implemented in software
(especially in operating systems); sometimes refers to internal (especially in operating systems); sometimes refers to internal
controls implemented in hardware; rarely used to refer to external controls implemented in hardware; rarely used to refer to external
controls. controls.
(O) "The protection afforded to an automated information system in 2. (O) "The protection afforded to an automated information system
order to attain the applicable objectives of preserving the in order to attain the applicable objectives of preserving the
integrity, availability and confidentiality of information system integrity, availability and confidentiality of information system
resources (includes hardware, software, firmware, resources (includes hardware, software, firmware,
information/data, and telecommunications)." [SP12] information/data, and telecommunications)." [SP12]
$ computer security incident response team (CSIRT) $ computer security incident response team (CSIRT)
(I) An organization "that coordinates and supports the response to (I) An organization "that coordinates and supports the response to
security incidents that involve sites within a defined security incidents that involve sites within a defined
constituency." [R2350] (See: CERT, FIRST, security incident.) constituency." [R2350] (See: CERT, FIRST, security incident.)
Tutorial: To be considered a CSIRT, an organization must do as Tutorial: To be considered a CSIRT, an organization must do as
skipping to change at page 69, line 44 skipping to change at page 70, line 15
keying material.) keying material.)
$ COMSEC Material Control System (CMCS) $ COMSEC Material Control System (CMCS)
(O) /U.S. Government/ "Logistics and accounting system through (O) /U.S. Government/ "Logistics and accounting system through
which COMSEC material marked 'CRYPTO' is distributed, controlled, which COMSEC material marked 'CRYPTO' is distributed, controlled,
and safeguarded." [C4009] (See: COMSEC account, COMSEC custodian.) and safeguarded." [C4009] (See: COMSEC account, COMSEC custodian.)
$ confidentiality $ confidentiality
See: data confidentiality. See: data confidentiality.
$ concealment system
(O) "A method of achieving confidentiality in which sensitive
information is hidden by embedding it in irrelevant data." [NCS04]
(Compare: steganography.)
$ configuration control $ configuration control
(I) The process of regulating changes to hardware, firmware, (I) The process of regulating changes to hardware, firmware,
software, and documentation throughout the development and software, and documentation throughout the development and
operational life of a system. (See: administrative security, operational life of a system. (See: administrative security,
harden, trusted distribution.) harden, trusted distribution.)
Tutorial: Configuration control helps protect against unauthorized Tutorial: Configuration control helps protect against unauthorized
or malicious alteration of a system and thus provides assurance of or malicious alteration of a system and thus provides assurance of
system integrity. (See: malicious logic.) system integrity. (See: malicious logic.)
skipping to change at page 70, line 28 skipping to change at page 71, line 4
time the policy is defined, and then continues to be satisfied time the policy is defined, and then continues to be satisfied
until the constraint is removed. until the constraint is removed.
- "Dynamic constraint": A constraint that may be defined to apply - "Dynamic constraint": A constraint that may be defined to apply
at various times that the identity, role, or other object of at various times that the identity, role, or other object of
the constraint is active in the system. the constraint is active in the system.
$ content filter $ content filter
(I) /World Wide Web/ Application software used to prevent access (I) /World Wide Web/ Application software used to prevent access
to certain Web servers, such as by parents who do not want their to certain Web servers, such as by parents who do not want their
children to access pornography. (See: filter, guard.) children to access pornography. (See: filter, guard.)
Tutorial: The filter is usually browser-based, but could be part Tutorial: The filter is usually browser-based, but could be part
of an intermediate cache server. The two basic content filtering of an intermediate cache server. The two basic content filtering
techniques are (a) to block a specified list of URLs and (b) to techniques are (a) to block a specified list of URLs and (b) to
block material that contains specified words and phrases. block material that contains specified words and phrases.
$ contingency plan $ contingency plan
(I) A plan for emergency response, backup operations, and post- (I) A plan for emergency response, backup operations, and post-
disaster recovery in a system as part of a security program to disaster recovery in a system as part of a security program to
ensure availability of critical system resources and facilitate ensure availability of critical system resources and facilitate
continuity of operations in a crisis. [NCS04] (See: availability.) continuity of operations in a crisis. [NCS04] (See: availability.)
$ control zone
(O) "The space, expressed in feet of radius, surrounding equipment
processing sensitive information, that is under sufficient
physical and technical control to preclude an unauthorized entry
or compromise." [NCSSG] (Compare: inspectable space, TEMPEST
zone.)
$ controlled access protection $ controlled access protection
(O) /TCSEC/ The level of evaluation criteria for a C2 computer (O) /TCSEC/ The level of evaluation criteria for a C2 computer
system. system.
Tutorial: The major features of the C2 level are individual Tutorial: The major features of the C2 level are individual
accountability, audit, access control, and object reuse. accountability, audit, access control, and object reuse.
$ controlled cryptographic item (CCI) $ controlled cryptographic item (CCI)
(O) /U.S. Government/ "Secure telecommunications or information (O) /U.S. Government/ "Secure telecommunications or information
handling equipment, or associated cryptographic component, that is handling equipment, or associated cryptographic component, that is
skipping to change at page 73, line 10 skipping to change at page 73, line 45
$ correctness proof $ correctness proof
(I) A mathematical proof of consistency between a specification (I) A mathematical proof of consistency between a specification
for system security and the implementation of that specification. for system security and the implementation of that specification.
(See: correctness, formal specification.) (See: correctness, formal specification.)
$ corruption $ corruption
(I) A type of threat action that undesirably alters system (I) A type of threat action that undesirably alters system
operation by adversely modifying system functions or data. (See: operation by adversely modifying system functions or data. (See:
disruption.) disruption.)
Usage: This type includes the following subtypes: Usage: This type of threat action includes the following subtypes:
- "Tampering": In context of corruption, deliberately altering a - "Tampering": In context of corruption, deliberately altering a
system's logic, data, or control information to interrupt or system's logic, data, or control information to interrupt or
prevent correct operation of system functions. (See: misuse, prevent correct operation of system functions. (See: misuse,
main entry for "tampering".) main entry for "tampering".)
- "Malicious logic": In context of corruption, any hardware, - "Malicious logic": In context of corruption, any hardware,
firmware, or software (e.g., a computer virus) intentionally firmware, or software (e.g., a computer virus) intentionally
introduced into a system to modify system functions or data. introduced into a system to modify system functions or data.
(See: incapacitation, main entry for "malicious logic", (See: incapacitation, main entry for "malicious logic",
masquerade, misuse.) masquerade, misuse.)
- "Human error": In context of corruption, human action or - "Human error": In context of corruption, human action or
skipping to change at page 75, line 11 skipping to change at page 75, line 44
$ CPS $ CPS
(I) See: certification practice statement. (I) See: certification practice statement.
$ cracker $ cracker
(I) Someone who tries to break the security of, and gain (I) Someone who tries to break the security of, and gain
unauthorized access to, someone else's system, often with unauthorized access to, someone else's system, often with
malicious intent. (See: adversary, intruder, packet monkey, script malicious intent. (See: adversary, intruder, packet monkey, script
kiddy. Compare: hacker.) kiddy. Compare: hacker.)
Usage: Was sometimes spelled "kracker". [NCSSG]
$ CRAM $ CRAM
(I) See: Challenge-Response Authentication Mechanism. (I) See: Challenge-Response Authentication Mechanism.
$ CRC $ CRC
(I) See: cyclic redundancy check. (I) See: cyclic redundancy check.
$ credential $ credential
1. (I) /authentication/ "identifier credential": A data object 1. (I) /authentication/ "identifier credential": A data object
that is a portable representation of the association between a that is a portable representation of the association between a
identifier and a unit of authentication information, and that can identifier and a unit of authentication information, and that can
skipping to change at page 78, line 15 skipping to change at page 78, line 52
that an end entity in either PKI can validate certificates issued that an end entity in either PKI can validate certificates issued
in the other PKI. in the other PKI.
Second, X.509 says that two CAs in some complex, multi-CA PKI can Second, X.509 says that two CAs in some complex, multi-CA PKI can
cross-certify one another for the purpose of shortening the cross-certify one another for the purpose of shortening the
certification paths constructed by end entities. Whether or not a certification paths constructed by end entities. Whether or not a
CA may perform this or any other form of cross-certification, and CA may perform this or any other form of cross-certification, and
how such certificates may be used by end entities, should be how such certificates may be used by end entities, should be
addressed by the local certificate policy and CPS. addressed by the local certificate policy and CPS.
$ cross-domain solution
(O) /U.S. Government/ A process or subsystem that provides a
capability (which could be either manual or automated) to access
two or more differing security domains in a system, or to transfer
information between such domains. (See: guard.)
$ cryptanalysis $ cryptanalysis
1. (I) The mathematical science that deals with analysis of a 1. (I) The mathematical science that deals with analysis of a
cryptographic system in order to gain knowledge needed to break or cryptographic system in order to gain knowledge needed to break or
circumvent the protection that the system is designed to provide. circumvent the protection that the system is designed to provide.
(See: cryptology.) (See: cryptology.)
2. (O) "The analysis of a cryptographic system and/or its inputs 2. (O) "The analysis of a cryptographic system and/or its inputs
and outputs to derive confidential variables and/or sensitive data and outputs to derive confidential variables and/or sensitive data
including cleartext." [I7498-2] including cleartext." [I7498-2]
skipping to change at page 79, line 41 skipping to change at page 80, line 31
card. card.
$ cryptographic component $ cryptographic component
(I) A generic term for any system component that involves (I) A generic term for any system component that involves
cryptography. (See: cryptographic module.) cryptography. (See: cryptographic module.)
$ cryptographic hash $ cryptographic hash
(I) See: secondary definition under "hash function". (I) See: secondary definition under "hash function".
$ cryptographic ignition key (CIK) $ cryptographic ignition key (CIK)
1. (I) A physical (usually electronic) token used to store, 1. (N) A physical (usually electronic) token used to store,
transport, and protect cryptographic keys and activation data. transport, and protect cryptographic keys and activation data.
Usage: Sometimes abbreviated as "crypto-ignition key". (Compare: Usage: Sometimes abbreviated as "crypto-ignition key". (Compare:
fill device.) fill device.)
Tutorial: A key-encrypting key could be divided (see: split key) Tutorial: A key-encrypting key could be divided (see: split key)
between a CIK and a cryptographic module, so that it would be between a CIK and a cryptographic module, so that it would be
necessary to combine the two to regenerate the key, use it to necessary to combine the two to regenerate the key, use it to
decrypt other keys and data contained in the module, and thus decrypt other keys and data contained in the module, and thus
activate the module. activate the module.
skipping to change at page 83, line 17 skipping to change at page 84, line 6
$ data $ data
(I) Information in a specific representation, usually as a (I) Information in a specific representation, usually as a
sequence of symbols that have meaning. sequence of symbols that have meaning.
Usage: Refers to both (a) representations that can be recognized, Usage: Refers to both (a) representations that can be recognized,
processed, or produced by a computer or other type of machine, and processed, or produced by a computer or other type of machine, and
(b) representations that can be handled by a human. (b) representations that can be handled by a human.
$ Data Authentication Algorithm, data authentication algorithm $ Data Authentication Algorithm, data authentication algorithm
(N) /capitalized/ The ANSI standard for a keyed hash function that 1. (N) /capitalized/ The ANSI standard for a keyed hash function
is equivalent to DES cipher block chaining with IV = 0. [A9009] that is equivalent to DES cipher block chaining with IV = 0.
[A9009]
(D) /not capitalized/ Synonym for some kind of "checksum". 2. (D) /not capitalized/ Synonym for some kind of "checksum".
Deprecated Term: ISDs SHOULD NOT use the uncapitalized form "data Deprecated Term: ISDs SHOULD NOT use the uncapitalized form "data
authentication algorithm" as a synonym for any kind of checksum, authentication algorithm" as a synonym for any kind of checksum,
regardless of whether or not the checksum is based on a hash. regardless of whether or not the checksum is based on a hash.
Instead, use "checksum", "Data Authentication Code", "error Instead, use "checksum", "Data Authentication Code", "error
detection code", "hash", "keyed hash", "Message Authentication detection code", "hash", "keyed hash", "Message Authentication
Code", "protected checksum", or some other specific term, Code", "protected checksum", or some other specific term,
depending on what is meant. depending on what is meant.
The uncapitalized term can be confused with the Data Authenticaton The uncapitalized term can be confused with the Data Authenticaton
skipping to change at page 83, line 52 skipping to change at page 84, line 42
2. (D) /not capitalized/ Synonym for some kind of "checksum". 2. (D) /not capitalized/ Synonym for some kind of "checksum".
Deprecated Term: ISDs SHOULD NOT use the uncapitalized form "data Deprecated Term: ISDs SHOULD NOT use the uncapitalized form "data
authentication code" as a synonym for any kind of checksum, authentication code" as a synonym for any kind of checksum,
regardless of whether or not the checksum is based on the Data regardless of whether or not the checksum is based on the Data
Authentication Algorithm. The uncapitalized term can be confused Authentication Algorithm. The uncapitalized term can be confused
with the Data Authentication Code and also mixes concepts in a with the Data Authentication Code and also mixes concepts in a
potentially misleading way (see: authentication code). potentially misleading way (see: authentication code).
$ data compromise $ data compromise
(I) A security incident in which information is exposed to 1. (I) A security incident in which information is exposed to
potential unauthorized access, such that unauthorized disclosure, potential unauthorized access, such that unauthorized disclosure,
alteration, or use of the information might have occurred. alteration, or use of the information might have occurred.
(Compare: security compromise.) (Compare: security compromise.)
(O) A "compromise" is a "communication or physical transfer of
information to an unauthorized recipient." [DoD5] 2. (O) /U.S. DoD/ A "compromise" is a "communication or physical
transfer of information to an unauthorized recipient." [DoD5]
3. (O) /U.S. Government/ A "compromise" is an "unauthorized
disclosre of classified information."
$ data confidentiality $ data confidentiality
(I) The property that data is not disclosed to system entities 1. (I) The property that data is not disclosed to system entities
unless they have been authorized to know the data. (See: Bell- unless they have been authorized to know the data. (See: Bell-
LaPadula model, classification, data confidentiality service. LaPadula model, classification, data confidentiality service.
Compare: privacy.) Compare: privacy.)
(D) "The property that information is not made available or 2. (D) "The property that information is not made available or
disclosed to unauthorized individuals, entities, or processes disclosed to unauthorized individuals, entities, or processes
[i.e., to any unauthorized system entity]." [I7498-2]. [i.e., to any unauthorized system entity]." [I7498-2].
Deprecated Definition: The phrase "made available" might be Deprecated Definition: The phrase "made available" might be
interpreted to mean that the data could be altered, and that would interpreted to mean that the data could be altered, and that would
confuse this term with the concept of "data integrity". confuse this term with the concept of "data integrity".
$ data confidentiality service $ data confidentiality service
(I) A security service that protects data against unauthorized (I) A security service that protects data against unauthorized
disclosure. (See: access control, data confidentiality, datagram disclosure. (See: access control, data confidentiality, datagram
confidentiality service, flow control, inference control.) confidentiality service, flow control, inference control.)
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for
for "privacy", which is a different concept. "privacy", which is a different concept.
$ Data Encryption Algorithm (DEA) $ Data Encryption Algorithm (DEA)
(N) A symmetric block cipher, defined in the U.S. Government's (N) A symmetric block cipher, defined in the U.S. Government's
DES. DEA uses a 64-bit key, of which 56 bits are independently DES. DEA uses a 64-bit key, of which 56 bits are independently
chosen and 8 are parity bits, and maps a 64-bit block into another chosen and 8 are parity bits, and maps a 64-bit block into another
64-bit block. [FP046] (See: AES, symmetric cryptography.) 64-bit block. [FP046] (See: AES, symmetric cryptography.)
Usage: This algorithm is usually referred to as "DES". The Usage: This algorithm is usually referred to as "DES". The
algorithm has also been adopted in standards outside the algorithm has also been adopted in standards outside the
Government (e.g., [A3092]). Government (e.g., [A3092]).
skipping to change at page 90, line 36 skipping to change at page 91, line 29
$ delta CRL $ delta CRL
(I) A partial CRL that only contains entries for X.509 (I) A partial CRL that only contains entries for X.509
certificates that have been revoked since the issuance of a prior, certificates that have been revoked since the issuance of a prior,
base CRL. This method can be used to partition CRLs that become base CRL. This method can be used to partition CRLs that become
too large and unwieldy. (Compare: CRL distribution point.) too large and unwieldy. (Compare: CRL distribution point.)
$ demilitarized zone (DMZ) $ demilitarized zone (DMZ)
(D) Synonym for "buffer zone". (D) Synonym for "buffer zone".
Deprecated Usage: ISDs SHOULD NOT use this definition because such Deprecated Term: ISDs SHOULD NOT use this term because it mixes
usage would mix concepts in a potentially misleading way. (See: concepts in a potentially misleading way. (See: Deprecated Usage
Deprecated Usage under "Green Book".) under "Green Book".)
$ denial of service $ denial of service
(I) The prevention of authorized access to a system resource or (I) The prevention of authorized access to a system resource or
the delaying of system operations and functions. (See: the delaying of system operations and functions. (See:
availability, critical, flooding.) availability, critical, flooding.)
Tutorial: A denial-of-service attack can prevent the normal Tutorial: A denial-of-service attack can prevent the normal
conduct of business on the Internet. There are four types of conduct of business on the Internet. There are four types of
solutions to this security problem: solutions to this security problem:
- Awareness: Maintaining cognizance of security threats and - Awareness: Maintaining cognizance of security threats and
skipping to change at page 93, line 6 skipping to change at page 93, line 51
defined for encrypting the content encryption key. defined for encrypting the content encryption key.
$ Digital ID(service mark) $ Digital ID(service mark)
(D) Synonym for "digital certificate". (D) Synonym for "digital certificate".
Deprecated Term: ISDs SHOULD NOT use this term. It is a service Deprecated Term: ISDs SHOULD NOT use this term. It is a service
mark of a commercial firm, and it unnecessarily duplicates the mark of a commercial firm, and it unnecessarily duplicates the
meaning of a better-established term. (See: credential.) meaning of a better-established term. (See: credential.)
$ digital key $ digital key
(D) A synonym for an input parameter of a cryptographic algorithm (D) Synonym for an input parameter of a cryptographic algorithm or
or other process. (See: key.) other process. (See: key.)
Deprecated Usage: The adjective "digital" need not be used with Deprecated Usage: The adjective "digital" need not be used with
"key" or "cryptographic key", unless the context is insufficient "key" or "cryptographic key", unless the context is insufficient
to distinguish the digital key from another kind of key, such as a to distinguish the digital key from another kind of key, such as a
metal key for a door lock. metal key for a door lock.
$ digital notary $ digital notary
(I) An electronic functionary analogous to a notary public. (I) An electronic functionary analogous to a notary public.
Provides a trusted time stamp for a digital document, so that Provides a trusted time stamp for a digital document, so that
someone can later prove that the document existed at that point in someone can later prove that the document existed at that point in
skipping to change at page 93, line 55 skipping to change at page 94, line 48
transformed using a private key of the signer. The final resulting transformed using a private key of the signer. The final resulting
value is called the digital signature of the data object. The value is called the digital signature of the data object. The
signature value is a protected checksum, because the properties of signature value is a protected checksum, because the properties of
a cryptographic hash ensure that if the data object is changed, a cryptographic hash ensure that if the data object is changed,
the digital signature will no longer match it. The digital the digital signature will no longer match it. The digital
signature is unforgeable because one cannot be certain of signature is unforgeable because one cannot be certain of
correctly creating or changing the signature without knowing the correctly creating or changing the signature without knowing the
private key of the supposed signer. private key of the supposed signer.
Some digital signature schemes use an asymmetric encryption Some digital signature schemes use an asymmetric encryption
algorithm (e.g., see: RSA) to transform the hash result. Thus, algorithm (e.g., "RSA") to transform the hash result. Thus, when
when Alice needs to sign a message to send to Bob, she can use her Alice needs to sign a message to send to Bob, she can use her
private key to encrypt the hash result. Bob receives both the private key to encrypt the hash result. Bob receives both the
message and the digital signature. Bob can use Alice's public key message and the digital signature. Bob can use Alice's public key
to decrypt the signature, and then compare the plaintext result to to decrypt the signature, and then compare the plaintext result to
the hash result that he computes by hashing the message himself. the hash result that he computes by hashing the message himself.
If the values are equal, Bob accepts the message because he is If the values are equal, Bob accepts the message because he is
certain that it is from Alice and has arrived unchanged. If the certain that it is from Alice and has arrived unchanged. If the
values are not equal, Bob rejects the message because either the values are not equal, Bob rejects the message because either the
message or the signature was altered in transit. message or the signature was altered in transit.
Other digital signature schemes (e.g., see: DSS) transform the Other digital signature schemes (e.g., "DSS") transform the hash
hash result with an algorithm (e.g., see: DSA, El Gamal) that result with an algorithm (e.g., "DSA", "El Gamal") that cannot be
cannot be directly used to encrypt data. Such a scheme creates a directly used to encrypt data. Such a scheme creates a signature
signature value from the hash and provides a way to verify the value from the hash and provides a way to verify the signature
signature value, but does not provide a way to recover the hash value, but does not provide a way to recover the hash result from
result from the signature value. In some countries, such a scheme the signature value. In some countries, such a scheme may improve
may improve exportability and avoid other legal constraints on exportability and avoid other legal constraints on usage. Alice
usage. Alice sends the signature value to Bob along with both the sends the signature value to Bob along with both the message and
message and its hash result. The algorithm enables Bob to use its hash result. The algorithm enables Bob to use Alice's public
Alice's public signature key and the signature value to verify the signature key and the signature value to verify the hash result he
hash result he receives. Then, as before, he compares that hash receives. Then, as before, he compares that hash result she sent
result she sent to the one that he computes by hashing the message to the one that he computes by hashing the message himself.
himself.
$ Digital Signature Algorithm (DSA) $ Digital Signature Algorithm (DSA)
(N) An asymmetric cryptographic algorithm for a digital signature (N) An asymmetric cryptographic algorithm for a digital signature
in the form of a pair of large numbers. The signature is computed in the form of a pair of large numbers. The signature is computed
using rules and parameters such that the identity of the signer using rules and parameters such that the identity of the signer
and the integrity of the signed data can be verified. (See: DSS.) and the integrity of the signed data can be verified. (See: DSS.)
$ Digital Signature Standard (DSS) $ Digital Signature Standard (DSS)
(N) The U.S. Government standard [FP186] that specifies the DSA. (N) The U.S. Government standard [FP186] that specifies the DSA.
skipping to change at page 95, line 11 skipping to change at page 96, line 5
signatures. (Compare: digital signature). signatures. (Compare: digital signature).
Deprecated Term: ISDs SHOULD NOT use this term without including Deprecated Term: ISDs SHOULD NOT use this term without including
this definition. This term suggests careless use of "digital this definition. This term suggests careless use of "digital
signature", which is the term standardized by [I7498-2]. (See: signature", which is the term standardized by [I7498-2]. (See:
electronic signature.) electronic signature.)
$ DII $ DII
(O) See: Defense Information Infrastructure. (O) See: Defense Information Infrastructure.
$ direct attack
(I) See: secondary definition under "attack". Compare: indirect
attack.
$ directory, Directory $ directory, Directory
1. (I) /not capitalized/ Refers generically to a database server 1. (I) /not capitalized/ Refers generically to a database server
or other system that stores and provides access to values of or other system that stores and provides access to values of
descriptive or operational data items that are associated with the descriptive or operational data items that are associated with the
components of a system. (Compare: repository.) components of a system. (Compare: repository.)
2. (N) /capitalized/ Refers specifically to the X.500 Directory. 2. (N) /capitalized/ Refers specifically to the X.500 Directory.
(See: DN, X.500.) (See: DN, X.500.)
$ Directory Access Protocol (DAP) $ Directory Access Protocol (DAP)
skipping to change at page 99, line 45 skipping to change at page 100, line 40
information such as security policies or cryptographic algorithms information such as security policies or cryptographic algorithms
and modes. Example: See [R2407]. and modes. Example: See [R2407].
Derivation: The DOI concept is based on work by the TSIG's CIPSO Derivation: The DOI concept is based on work by the TSIG's CIPSO
Working Group. Working Group.
$ dominate $ dominate
(I) Security level A is said to "dominate" security level B if the (I) Security level A is said to "dominate" security level B if the
(hierarchical) classification level of A is greater (higher) than (hierarchical) classification level of A is greater (higher) than
or equal to that of B, and A's (nonhierarchical) categories or equal to that of B, and A's (nonhierarchical) categories
include all of B's categories. (See: lattice, lattice model.) include (as a subset) all of B's categories. (See: lattice,
lattice model.)
$ dongle $ dongle
(I) A portable, physical, usually electronic device that is (I) A portable, physical, usually electronic device that is
required to be attached to a computer to enable a particular required to be attached to a computer to enable a particular
software program to run. (See: token.) software program to run. (See: token.)
Tutorial: A dongle is essentially a physical key used for copy Tutorial: A dongle is essentially a physical key used for copy
protection of software; that is, the program will not run unless protection of software; that is, the program will not run unless
the matching dongle is attached. When the software runs, it the matching dongle is attached. When the software runs, it
periodically queries the dongle and quits if the dongle does not periodically queries the dongle and quits if the dongle does not
skipping to change at page 101, line 4 skipping to change at page 101, line 53
Tutorial: Generated by hashing each message separately, Tutorial: Generated by hashing each message separately,
concatenating the two hash results, and then hashing that value concatenating the two hash results, and then hashing that value
and encrypting the result with the signer's private key. Done to and encrypting the result with the signer's private key. Done to
reduce the number of encryption operations and to enable reduce the number of encryption operations and to enable
verification of data integrity without complete disclosure of the verification of data integrity without complete disclosure of the
data. data.
$ dual-use certificate $ dual-use certificate
(O) A certificate that is intended for use with both digital (O) A certificate that is intended for use with both digital
signature and data encryption services. [SP32] signature and data encryption services. [SP32]
Usage: ISDs that use this term SHOULD state a definition for it by Usage: ISDs that use this term SHOULD state a definition for it by
identifying the intended uses of the certificate, because there identifying the intended uses of the certificate, because there
are more than just these two uses mentioned in the NIST are more than just these two uses mentioned in the NIST
publication. A v3 X.509 public-key certificate may have a "key publication. A v3 X.509 public-key certificate may have a "key
Usage" extension, which indicates the purposes for which the Usage" extension, which indicates the purposes for which the
public key may be used. (See: certificate profile.) public key may be used. (See: certificate profile.)
$ duty $ duty
(I) An attribute of a role that obligates an entity playing the (I) An attribute of a role that obligates an entity playing the
role to perform one or more tasks, which usually are essential for role to perform one or more tasks, which usually are essential for
the functioning of the system. [Sand] (Compare authorization, the functioning of the system. [Sand] (Compare authorization,
privilege. See: role, billet.) privilege. See: role, billet.)
$ e-cash $ e-cash
(O) Electronic cash; money that is in the form of data and can be (O) Electronic cash; money that is in the form of data and can be
used as a payment mechanism on the Internet. used as a payment mechanism on the Internet.
Deprecated Usage: ISDs that use this term SHOULD state a Usage: ISDs that use this term SHOULD state a definition for it
definition for it because many different types of electronic cash because many different types of electronic cash have been devised
have been devised with a variety of security mechanisms. with a variety of security mechanisms.
$ EAP $ EAP
(I) See: Extensible Authentication Protocol. (I) See: Extensible Authentication Protocol.
$ EAL $ EAL
(O) See: evaluation assurance level. (O) See: evaluation assurance level.
$ Easter egg $ Easter egg
(D) "Hidden functionality within an application program, which (O) "Hidden functionality within an application program, which
becomes activated when an undocumented, and often convoluted, set becomes activated when an undocumented, and often convoluted, set
of commands and keystrokes is entered. Easter eggs are typically of commands and keystrokes is entered. Easter eggs are typically
used to display the credits for the development team and [are] used to display the credits for the development team and [are]
intended to be non-threatening" [SP28], but Easter eggs have the intended to be non-threatening" [SP28], but Easter eggs have the
potential to contain malicious code. potential to contain malicious code.
Deprecated Usage: It is likely that other cultures use different Deprecated Usage: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book".) Usage under "Green Book".)
skipping to change at page 102, line 38 skipping to change at page 103, line 33
Deprecated Abbreviation: ISDs SHOULD NOT use this abbreviation; Deprecated Abbreviation: ISDs SHOULD NOT use this abbreviation;
there could be confusion among "end entity", "end-to-end there could be confusion among "end entity", "end-to-end
encryption", "escrowed encryption standard", and other terms. encryption", "escrowed encryption standard", and other terms.
$ EES $ EES
(O) See: Escrowed Encryption Standard. (O) See: Escrowed Encryption Standard.
$ effective key length $ effective key length
(O) "A measure of strength of a cryptographic algorithm, (O) "A measure of strength of a cryptographic algorithm,
regardless of actual key length." [IATF] regardless of actual key length." [IATF] (See: work factor.)
$ effectiveness $ effectiveness
(O) /ITSEC/ A property of a TOE representing how well it provides (O) /ITSEC/ A property of a TOE representing how well it provides
security in the context of its actual or proposed operational use. security in the context of its actual or proposed operational use.
$ El Gamal algorithm $ El Gamal algorithm
(N) An algorithm for asymmetric cryptography, invented in 1985 by (N) An algorithm for asymmetric cryptography, invented in 1985 by
Taher El Gamal, that is based on the difficulty of calculating Taher El Gamal, that is based on the difficulty of calculating
discrete logarithms and can be used for both encryption and discrete logarithms and can be used for both encryption and
digital signatures. digital signatures.
skipping to change at page 105, line 46 skipping to change at page 106, line 40
1. (I) A set of system resources that operate in the same security 1. (I) A set of system resources that operate in the same security
domain and that share the protection of a single, common, domain and that share the protection of a single, common,
continuous security perimeter. (Compare: domain.) continuous security perimeter. (Compare: domain.)
2. (D) /U.S. Government/ "Collection of computing environments 2. (D) /U.S. Government/ "Collection of computing environments
connected by one or more internal networks under the control of a connected by one or more internal networks under the control of a
single authority and security policy, including personnel and single authority and security policy, including personnel and
physical security." [C4009] physical security." [C4009]
Deprecated Definition: ISDs SHOULD NOT use this term with Deprecated Definition: ISDs SHOULD NOT use this term with
definition 2, because this definition applies to what is usually definition 2 because the definition applies to what is usually
called a "security domain". That is, a security domain is set of called a "security domain". That is, a security domain is set of
of one or more security enclaves. of one or more security enclaves.
$ encode $ encode
1. (I) Use a system of symbols to represent information, which 1. (I) Use a system of symbols to represent information, which
might originally have some other representation. Example: Morse might originally have some other representation. Example: Morse
code. (See: ASCII, BER.) (See: code, decode.) code. (See: ASCII, BER.) (See: code, decode.)
2. (D) Synonym for "encrypt". 2. (D) Synonym for "encrypt".
skipping to change at page 111, line 6 skipping to change at page 112, line 4
with caution. The levels do not derive assurance in the same with caution. The levels do not derive assurance in the same
manner, and exact mappings do not exist. manner, and exact mappings do not exist.
$ expire $ expire
(I) See: certificate expiration. (I) See: certificate expiration.
$ exposure $ exposure
(I) A type of threat action whereby sensitive data is directly (I) A type of threat action whereby sensitive data is directly
released to an unauthorized entity. (See: unauthorized released to an unauthorized entity. (See: unauthorized
disclosure.) disclosure.)
Usage: This type of threat action includes the following subtypes:
Usage: This type includes the following subtypes:
- "Deliberate Exposure": Intentional release of sensitive data to - "Deliberate Exposure": Intentional release of sensitive data to
an unauthorized entity. an unauthorized entity.
- "Scavenging": Searching through data residue in a system to - "Scavenging": Searching through data residue in a system to
gain unauthorized knowledge of sensitive data. gain unauthorized knowledge of sensitive data.
- "Human error": In context of exposure, human action or inaction - "Human error": In context of exposure, human action or inaction
that unintentionally results in an entity gaining unauthorized that unintentionally results in an entity gaining unauthorized
knowledge of sensitive data. (Compare: corruption, knowledge of sensitive data. (Compare: corruption,
incapacitation.) incapacitation.)
- "Hardware or software error": In context of exposure, system - "Hardware or software error": In context of exposure, system
failure that unintentionally results in an entity gaining failure that unintentionally results in an entity gaining
skipping to change at page 112, line 26 skipping to change at page 113, line 23
Tutorial: An extranet can be implemented securely, either on the Tutorial: An extranet can be implemented securely, either on the
Internet or using Internet technology, by constructing the Internet or using Internet technology, by constructing the
extranet as a VPN. extranet as a VPN.
$ extraction resistance $ extraction resistance
(O) Ability of cryptographic equipment to resist efforts to (O) Ability of cryptographic equipment to resist efforts to
extract keying material directly from the equipment (as opposed to extract keying material directly from the equipment (as opposed to
gaining knowledge of keying material by cryptanalysis). [C4009] gaining knowledge of keying material by cryptanalysis). [C4009]
$ fail safe $ fail-safe
(I) A mode of termination of system functions (when a failure (I) A mode of termination of system functions (when a failure
occurs or is detected in the system) that automatically leaves occurs or is detected in the system) that automatically leaves
system processes and components in a secure state. system processes and components in a secure state. (See: failure
control.)
$ fail soft $ fail-soft
(I) Selective termination of affected, non-essential system (I) Selective termination of affected, non-essential system
functions when a failure occurs or is detected in the system. functions when a failure occurs or is detected in the system.
(See: failure control.)
$ failure control $ failure control
(I) A methodology used to provide fail-safe or fail-soft (I) A methodology used to provide fail-safe or fail-soft
termination and recovery of system functions. [FP039] termination and recovery of system functions. [FP039]
$ fairness $ fairness
(I) A property of an access protocol for a system resource whereby (I) A property of an access protocol for a system resource whereby
the resource is made equitably or impartially available to all the resource is made equitably or impartially available to all
eligible users. (RFC 3753) eligible users. (RFC 3753)
skipping to change at page 112, line 55 skipping to change at page 113, line 54
denial-of-service attacks on a system connected to a network. denial-of-service attacks on a system connected to a network.
However, this technique assumes that the system can properly However, this technique assumes that the system can properly
receive and process inputs from the network. Therefore, the receive and process inputs from the network. Therefore, the
technique can mitigate flooding but is ineffective against technique can mitigate flooding but is ineffective against
jamming. jamming.
$ falsification $ falsification
(I) A type of threat action whereby false data deceives an (I) A type of threat action whereby false data deceives an
authorized entity. (See: active wiretapping, deception.) authorized entity. (See: active wiretapping, deception.)
Usage: This type includes the following subtypes: Usage: This type of threat action includes the following subtypes:
- "Substitution": Altering or replacing valid data with false - "Substitution": Altering or replacing valid data with false
data that serves to deceive an authorized entity. data that serves to deceive an authorized entity.
- "Insertion": Introducing false data that serves to deceive an - "Insertion": Introducing false data that serves to deceive an
authorized entity. authorized entity.
$ fault tree $ fault tree
(I) A branching, hierarchical data structure that is used to (I) A branching, hierarchical data structure that is used to
represent events and to determine the various combinations of represent events and to determine the various combinations of
component failures and human acts that could result in a specified component failures and human acts that could result in a specified
undesirable system event. (See: attack tree, flaw hypothesis undesirable system event. (See: attack tree, flaw hypothesis
skipping to change at page 115, line 4 skipping to change at page 115, line 55
$ financial institution $ financial institution
(N) "An establishment responsible for facilitating customer- (N) "An establishment responsible for facilitating customer-
initiated transactions or transmission of funds for the extension initiated transactions or transmission of funds for the extension
of credit or the custody, loan, exchange, or issuance of money." of credit or the custody, loan, exchange, or issuance of money."
[SET2] [SET2]
$ fingerprint $ fingerprint
1. (I) A pattern of curves formed by the ridges on a fingertip. 1. (I) A pattern of curves formed by the ridges on a fingertip.
(See: biometric authentication. Compare: thumbprint.) (See: biometric authentication. Compare: thumbprint.)
2. (D) /PGP/ A hash result ("key fingerprint") used to 2. (D) /PGP/ A hash result ("key fingerprint") used to
authenticate a public key or other data. [PGP] authenticate a public key or other data. [PGP]
Deprecated Definition: ISDs SHOULD NOT use this term with Deprecated Definition: ISDs SHOULD NOT use this term with
definition 2, and SHOULD NOT use this term as a synonym for "hash definition 2, and SHOULD NOT use this term as a synonym for "hash
result" of *any* kind. Either use would mix concepts in a result" of *any* kind. Either use would mix concepts in a
potentially misleading way. potentially misleading way.
$ FIPS $ FIPS
(N) See: Federal Information Processing Standards. (N) See: Federal Information Processing Standards.
$ FIPS PUB 140-1 $ FIPS PUB 140
(N) The U.S. Government standard [FP140] for security requirements (N) The U.S. Government standard [FP140] for security requirements
to be met by a cryptographic module when the module is used to to be met by a cryptographic module when the module is used to
protect unclassified information in computer and communication protect unclassified information in computer and communication
systems. (See: Common Criteria, FIPS, Federal Standard 1027.) systems. (See: Common Criteria, FIPS, Federal Standard 1027.)
Tutorial: The standard specifies four increasing levels (from Tutorial: The standard specifies four increasing levels (from
"Level 1" to "Level 4") of requirements to cover a wide range of "Level 1" to "Level 4") of requirements to cover a wide range of
potential applications and environments. The requirements address potential applications and environments. The requirements address
basic design and documentation, module interfaces, authorized basic design and documentation, module interfaces, authorized
roles and services, physical security, software security, roles and services, physical security, software security,
skipping to change at page 116, line 27 skipping to change at page 117, line 26
(I) Computer programs and data stored in hardware -- typically in (I) Computer programs and data stored in hardware -- typically in
read-only memory (ROM) or programmable read-only memory (PROM) -- read-only memory (ROM) or programmable read-only memory (PROM) --
such that the programs and data cannot be dynamically written or such that the programs and data cannot be dynamically written or
modified during execution of the programs. (See: hardware, modified during execution of the programs. (See: hardware,
software.) software.)
$ FIRST $ FIRST
(N) See: Forum of Incident Response and Security Teams. (N) See: Forum of Incident Response and Security Teams.
$ flaw $ flaw
(I) An error of commission, omission, or oversight in the design, 1. (I) An error in the design, implementation, or operation of an
implementation, or operation of an information system. A flaw may information system. A flaw may result in a vulnerability.
result in a vulnerability. (Compare: vulnerability.) (Compare: vulnerability.)
2. (D) "An error of commission, omission, or oversight in a system
that allows protection mechanisms to be bypassed." [NCSSG]
(Compare: vulnerability. See: brain-damaged.)
Deprecated Definition: ISDs SHOULD NOT use this term with
definition 2; not every flaw is a vulnerability.
$ flaw hypothesis methodology $ flaw hypothesis methodology
(I) An evaluation or attack technique in which specifications and (I) An evaluation or attack technique in which specifications and
documentation for a system are analyzed to hypothesize flaws in documentation for a system are analyzed to hypothesize flaws in
the system. The list of hypothetical flaws is prioritized on the the system. The list of hypothetical flaws is prioritized on the
basis of the estimated probability that a flaw exists and, basis of the estimated probability that a flaw exists and,
assuming it does, on the ease of exploiting it and the extent of assuming it does, on the ease of exploiting it and the extent of
control or compromise it would provide. The prioritized list is control or compromise it would provide. The prioritized list is
used to direct a penetration test or attack against the system. used to direct a penetration test or attack against the system.
[NCS04] (See: fault tree, flaw.) [NCS04] (See: fault tree, flaw.)
skipping to change at page 117, line 7 skipping to change at page 118, line 13
2. (I) The process of delivering data or control messages to every 2. (I) The process of delivering data or control messages to every
node of a network. (RFC 3753) node of a network. (RFC 3753)
$ flow analysis $ flow analysis
(I) An analysis performed on a nonprocedural, formal, system (I) An analysis performed on a nonprocedural, formal, system
specification that locates potential flows of information between specification that locates potential flows of information between
system variables. By assigning security levels to the variables, system variables. By assigning security levels to the variables,
the analysis can find some types of covert channels. [Huff] the analysis can find some types of covert channels. [Huff]
$ flow control $ flow control
(I) A procedure or technique to ensure that information transfers 1. (I) A procedure or technique to ensure that information
within a system are not made from one security level to another transfers within a system are not made from one security level to
security level, and especially not from a higher level to a lower another security level, and especially not from a higher level to
level. [Denns] (See: covert channel, confinement property, a lower level. [Denns] (See: covert channel, confinement property,
information flow policy, simple security property.) information flow policy, simple security property.)
2. (O) "A concept requiring that information transfers within a
system be controlled so that information in certain types of
objects cannot, via any channel within the system, flow to certain
other types of objects." [NCSSG]
$ For Official Use Only (FOUO) $ For Official Use Only (FOUO)
(O) /U.S. DoD/ A U.S. Government designation for information that (O) /U.S. DoD/ A U.S. Government designation for information that
has not been given a security classification pursuant to the has not been given a security classification pursuant to the
criteria of an Executive Order dealing with national security, but criteria of an Executive Order dealing with national security, but
which may be withheld from the public because disclosure would which may be withheld from the public because disclosure would
cause a foreseeable harm to an interest protected by one of the cause a foreseeable harm to an interest protected by one of the
exemptions stated in the Freedom of Information Act (Section 552 exemptions stated in the Freedom of Information Act (Section 552
of title 5, United States Code). (See: security label, security of title 5, United States Code). (See: security label, security
marking. Compare: classified.) marking. Compare: classified.)
skipping to change at page 117, line 41 skipping to change at page 118, line 52
category.) category.)
$ Formal Development Methodology $ Formal Development Methodology
(O) See: Ina Jo. (O) See: Ina Jo.
$ formal model $ formal model
(I) A security model that is formal. Example: Bell-LaPadula model. (I) A security model that is formal. Example: Bell-LaPadula model.
[Land] (See: formal, security model.) [Land] (See: formal, security model.)
$ formal proof $ formal proof
(I) A complete and convincing mathematical argument presenting the (I) "A complete and convincing mathematical argument, presenting
full logical justification for each step in the proof of the truth the full logical justification for each step in the proof, for the
of a theorem or set of theorems. truth of a theorem or set of theorems." [NCSSG]
$ formal specification $ formal specification
(I) A specification of hardware or software functionality in a (I) A specification of hardware or software functionality in a
computer-readable language; usually a precise mathematical computer-readable language; usually a precise mathematical
description of the behavior of the system with the aim of description of the behavior of the system with the aim of
providing a correctness proof. [Huff] (See: Affirm, Gypsy, HDM, providing a correctness proof. [Huff] (See: Affirm, Gypsy, HDM,
Ina Jo.) Ina Jo.)
$ formulary $ formulary
(I) A technique for enabling a decision to grant or deny access to (I) A technique for enabling a decision to grant or deny access to
skipping to change at page 118, line 37 skipping to change at page 119, line 49
$ forward secrecy $ forward secrecy
See: public-key forward secrecy. See: public-key forward secrecy.
$ FOUO $ FOUO
(O) See: For Official Use Only. (O) See: For Official Use Only.
$ FPKI $ FPKI
(O) See: Federal Public-Key Infrastructure. (O) See: Federal Public-Key Infrastructure.
$ fraggle attack
(D) /slang/ A synonym for "smurf attack".
Deprecated Term: ISDs SHOULD NOT use this term. It is not listed
in most English dictionaries, and other cultures are likely to use
different metaphors for this concept.
Derivation: The Fraggles are a fictional race of small humanoids
(represented as hand puppets in a children's television series,
"Fraggle Rock) that live in underground caves.
$ frequency hopping $ frequency hopping
(N) "Repeated switching of frequencies during radio transmission (N) "Repeated switching of frequencies during radio transmission
according to a specified algorithm." [C4009] (See: spread according to a specified algorithm." [C4009] (See: spread
spectrum.) spectrum.)
Tutorial: Frequency hopping is a TRANSEC technique to minimize the Tutorial: Frequency hopping is a TRANSEC technique to minimize the
potential for unauthorized interception or jamming. potential for unauthorized interception or jamming.
$ fresh $ fresh
(I) Original; not yet processed. (I) Original; not yet processed.
skipping to change at page 120, line 12 skipping to change at page 121, line 34
(O) /SET/ In a SET certification hierarchy, an optional level that (O) /SET/ In a SET certification hierarchy, an optional level that
is certified by a BCA and that may certify cardholder CAs, is certified by a BCA and that may certify cardholder CAs,
merchant CAs, and payment gateway CAs. Using GCAs enables a brand merchant CAs, and payment gateway CAs. Using GCAs enables a brand
to distribute responsibility for managing certificates to to distribute responsibility for managing certificates to
geographic or political regions, so that brand policies can vary geographic or political regions, so that brand policies can vary
between regions as needed. between regions as needed.
$ GIG $ GIG
(O) See: Global Information Grid. (O) See: Global Information Grid.
$ Global Information Grid. $ Global Information Grid (GIG)
(O) /U.S. DoD/ "A globally interconnected, end-to-end set of (O) /U.S. DoD/ "A globally interconnected, end-to-end set of
information capabilities, associated processes and personnel for information capabilities, associated processes and personnel for
collecting, processing, storing, disseminating, and managing collecting, processing, storing, disseminating, and managing
information on demand to warfighters, policy makers, and support information on demand to warfighters, policy makers, and support
personnel." [IATF] Usage: Formerly called the DII. personnel." [IATF] Usage: Formerly called the DII.
$ good engineering practice(s) $ good engineering practice(s)
(N) A term used to specify or characterize design, implementation, (N) A term used to specify or characterize design, implementation,
installation, or operating practices for an information system, installation, or operating practices for an information system,
when a more explicit specification is not possible. Generally when a more explicit specification is not possible. Generally
skipping to change at page 121, line 42 skipping to change at page 123, line 12
include a registration protocol SA, a rekey protocol SA, and one include a registration protocol SA, a rekey protocol SA, and one
or more data security protocol SAs." [R3740] or more data security protocol SAs." [R3740]
$ GSS-API $ GSS-API
(I) See: Generic Security Service Application Program Interface. (I) See: Generic Security Service Application Program Interface.
$ guard $ guard
(I) A computer system that (a) acts as gateway between two (I) A computer system that (a) acts as gateway between two
information systems operating under different security policies information systems operating under different security policies
and (b) is trusted to mediate information data transfers between and (b) is trusted to mediate information data transfers between
the two. (See: controlled interface, domain, filter. Compare: the two. (See: controlled interface, cross-domain solution,
firewall.) domain, filter. Compare: firewall.)
Usage: Frequently understood to mean that one system is operating Usage: Frequently understood to mean that one system is operating
at a higher security level than the other, and that the gateway's at a higher security level than the other, and that the gateway's
purpose is to prevent unauthorized disclosure of data from the purpose is to prevent unauthorized disclosure of data from the
higher system to the lower. However, the purpose might also be to higher system to the lower. However, the purpose might also be to
protect the data integrity, availability, or general system protect the data integrity, availability, or general system
integrity of one system from threats posed by connecting to the integrity of one system from threats posed by connecting to the
other system. The mediation may be entirely automated or may other system. The mediation may be entirely automated or may
involve reliable human review. involve reliable human review.
skipping to change at page 122, line 35 skipping to change at page 124, line 4
prank on, or penetrate, a system. (See: hacker, cracker.) prank on, or penetrate, a system. (See: hacker, cracker.)
2. (I) /noun/ An item of completed work or an instance of dealing 2. (I) /noun/ An item of completed work or an instance of dealing
with a problem, especially when that involves computer programming with a problem, especially when that involves computer programming
or other use of a computer. or other use of a computer.
$ hacker $ hacker
1. (I) Someone with a strong interest in computers, who enjoys 1. (I) Someone with a strong interest in computers, who enjoys
learning about them, programming them, and experimenting and learning about them, programming them, and experimenting and
otherwise working with them. (See: hack. Compare: cracker.) otherwise working with them. (See: hack. Compare: cracker.)
Usage: This first definition is the original meaning of the term Usage: This first definition is the original meaning of the term
(circa 1960); it then had a neutral or positive connotation of (circa 1960); it then had a neutral or positive connotation of
"someone who figures things out and makes something cool happen". "someone who figures things out and makes something cool happen".
2. (D) Synonym for "cracker". 2. (O) "An individual who spends an inordinate amount of time
working on computer systems for other than professional purposes."
[NCSSG]
Deprecated Usage: Today, the term is frequently misused 3. (D) Synonym for "cracker".
(especially by journalists) with this second meaning.
Deprecated Usage: Today, the term is frequently (mis)used
(especially by journalists) with definition 3.
$ handle $ handle
1. (I) /verb/ Perform processing operations on data, such as 1. (I) /verb/ Perform processing operations on data, such as
receive and transmit, collect and disseminate, create and delete, receive and transmit, collect and disseminate, create and delete,
store and retrieve, read and write, and compare. (See: access.) store and retrieve, read and write, and compare. (See: access.)
2. (I) /noun/ An on-line pseudonym, particularly one used by a 2. (I) /noun/ An on-line pseudonym, particularly one used by a
cracker; derived from citizens band radio culture. cracker; derived from citizens band radio culture.
$ handling restriction $ handling restriction
skipping to change at page 129, line 16 skipping to change at page 130, line 43
authentication service and is not intended for authorization or authentication service and is not intended for authorization or
access control. At best, it provides additional auditing access control. At best, it provides additional auditing
information with respect to TCP. information with respect to TCP.
$ identifier $ identifier
(I) A data object -- often, a printable, non-blank character (I) A data object -- often, a printable, non-blank character
string -- that definitively represents a specific identity of a string -- that definitively represents a specific identity of a
system entity, distinguishing that identity from all others. system entity, distinguishing that identity from all others.
(Compare: identity.) (Compare: identity.)
Tutorial: Identifiers for system entities must be assigned very
carefully, because authenticated identities are the basis for
other security services, such as access control service.
$ identifier credential $ identifier credential
1. (I) See: /authentication/ under "credential". 1. (I) See: /authentication/ under "credential".
2. (D) Synonym for "signature certificate". 2. (D) Synonym for "signature certificate".
Usage: ISDs that use this term SHOULD state a definition for it Usage: ISDs that use this term SHOULD state a definition for it
because the term is used in many ways and could easily be because the term is used in many ways and could easily be
misunderstood. misunderstood.
$ identity $ identity
(I) The collective aspect of a set of attribute values (i.e., (I) The collective aspect of a set of attribute values (i.e., a
characteristics) by which a system entity is recognizable or set of characteristics) by which a system user or other system
known, and which is sufficient to (a) distinguish the entity from entity is recognizable or known. (See: authenticate, registration.
all other entities in the system and (b) distinguish the identity Compare: identifier.)
from any other identities of the same entity. (See: authenticate,
registration. Compare: identifier.)
Tutorial: At the time when a user's identity is being registered Usage: An ISD MAY apply this term to either a single entity or a
in a system, the system may require presentation of evidence that set of entities. If an ISD involves both meanings, the ISD SHOULD
proves both the user's eligibility to register and the identity's use the following terms and definitions to avoid ambiguity:
authenticity (i.e., that the user has the right to claim the - "Singular identity": An identity that is registered for an
identity). entity that is one person or one process.
- "Shared identity": An identity that is registered for an entity
that is a set of singular entities (1) in which each member is
authorized to assume the identity individually and (2) for
which the registering system maintains a record of the singular
entities that comprise the set. In this case, we would expect
each member entity to be registered with a singular identity
before becoming associated with the shared identity.
- "Group identity": An identity that is registered for an entity
(1) that is a set of entities (2) for which the registering
system does not maintain a record of singular entities that
comprise the set.
The set of attributes used to recognize identities must, of Tutorial: When security services are based on identities, two
course, be sufficient to uniquely represent each entity, i.e., to properties are desirable for the set of attributes used to define
distinguish each entity from all others in the system. However, a identities:
PKI or other system may permit a subscriber to have two or more
concurrent identities. (This is different from concurrently
associating two different identifiers with the same identity, and
also different from a single identity concurrently accessing the
system in two different roles. (See: principal, role-based access
control.)) Having two or more identities registered in a system
for the same entity implies that the entity has two separate
justifications for registration eligibility. In that case, the set
of attributes used for identities must be able to uniquely
represent multiple identities for a single entity.
An ISD may apply this term to a user that is an individual entity - The set should be sufficient to distinguish each entity from
or one that is a set. If an ISD involves both meanings, the ISD all other entities, i.e., to represent each entity uniquely.
SHOULD use the following definitions to avoid ambiguity: - The set should be sufficient to distinguish each identity from
any other identities of the same entity.
- "Singular identity": An identity that is registered for a user The second property is needed if a system permits an entity to
that is exactly one person or one process. register two or more concurrent identities. Having two or more
- "Shared identity": An identity that is registered for a user identities for the same entity implies that the entity has two
that is a set of entities of which each member is authorized to separate justifications for registration. In that case, the set of
assume the identity individually and for which the registering attributes used for identities must be sufficient to represent
system maintains a record of the singular entities that multiple identities for a single entity.
comprise the set. In this case, we would expect each member
entity to be registered with a singular identity. Having two or more identities registered for the same entity is
- "Group identity": An identity that is registered for a user different from concurrently associating two different identifiers
that is a set of entities for which the registering system does with the same identity, and also is different from a single
not maintain a record of the singular entities that comprise identity concurrently accessing the system in two different roles.
the set. (See: principal, role-based access control.)
When an identity of a user is being registered in a system, the
system may require presentation of evidence that proves the
identity's authenticity (i.e., that the user has the right to
claim or use the identity) and its eligibility (i.e., that the
identity is qualified to be registered and needs to be
registered).
The following diagram illustrates how this term relates to some The following diagram illustrates how this term relates to some
other terms in a PKI system: authentication information, other terms in a PKI system: authentication information,
identifier, identifier credential, registration, registered user, identifier, identifier credential, registration, registered user,
subscriber, and user. subscriber, and user.
Relationships: === one-to-one, ==> one-to-many, <=> many-to-many. Relationships: === one-to-one, ==> one-to-many, <=> many-to-many.
+- - - - - - - - - - - - - - - - - - - - - - - - - - + +- - - - - - - - - - - - - - - - - - - - - - - - - - +
| PKI System | | PKI System |
+ - - - - + | +------------------+ +-------------------------+ | + - - - - + | +------------------+ +-------------------------+ |
skipping to change at page 132, line 15 skipping to change at page 133, line 54
$ Ina Jo $ Ina Jo
(O) A methodology, language, and integrated set of software tools (O) A methodology, language, and integrated set of software tools
developed at the System Development Corporation for specifying, developed at the System Development Corporation for specifying,
coding, and verifying software to produce correct and reliable coding, and verifying software to produce correct and reliable
programs. Usage: a.k.a. the Formal Development Methodology. [Cheh] programs. Usage: a.k.a. the Formal Development Methodology. [Cheh]
$ incapacitation $ incapacitation
(I) A type of threat action that prevents or interrupts system (I) A type of threat action that prevents or interrupts system
operation by disabling a system component. (See: disruption.) operation by disabling a system component. (See: disruption.)
Usage: This type includes the following subtypes: Usage: This type of threat action includes the following subtypes:
- "Malicious logic": In context of incapacitation, any hardware, - "Malicious logic": In context of incapacitation, any hardware,
firmware, or software (e.g., logic bomb) intentionally firmware, or software (e.g., logic bomb) intentionally
introduced into a system to destroy system functions or introduced into a system to destroy system functions or
resources. (See: corruption, main entry for "malicious logic", resources. (See: corruption, main entry for "malicious logic",
masquerade, misuse.) masquerade, misuse.)
- "Physical destruction": Deliberate destruction of a system - "Physical destruction": Deliberate destruction of a system
component to interrupt or prevent system operation. component to interrupt or prevent system operation.
- "Human error": In context of incapacitation, action or inaction - "Human error": In context of incapacitation, action or inaction
that unintentionally disables a system component. (See: that unintentionally disables a system component. (See:
corruption, exposure.) corruption, exposure.)
skipping to change at page 132, line 46 skipping to change at page 134, line 33
$ INCITS $ INCITS
(N) See: "International Committee for Information Technology (N) See: "International Committee for Information Technology
Standardization" under "ANSI". Standardization" under "ANSI".
$ indicator $ indicator
(N) An action -- either specific, generalized, or theoretical -- (N) An action -- either specific, generalized, or theoretical --
that an adversary might be expected to take in preparation for an that an adversary might be expected to take in preparation for an
attack. [C4009] (See: attack sensing, warning, and response.) attack. [C4009] (See: attack sensing, warning, and response.)
$ indirect attack
(I) See: secondary definition under "attack". Compare: direct
attack.
$ indirect certificate revocation list (ICRL) $ indirect certificate revocation list (ICRL)
(N) In X.509, a CRL that may contain certificate revocation (N) In X.509, a CRL that may contain certificate revocation
notifications for certificates issued by CAs other than the issuer notifications for certificates issued by CAs other than the issuer
(i.e., signer) of the ICRL. (i.e., signer) of the ICRL.
$ indistinguishability $ indistinguishability
(I) An attribute of an encryption algorithm that is a (I) An attribute of an encryption algorithm that is a
formalization of the notion that the encryption of some string is formalization of the notion that the encryption of some string is
indistinguishable from the encryption of an equal-length string of indistinguishable from the encryption of an equal-length string of
nonsense. (Compare: semantic security.) nonsense. (Compare: semantic security.)
skipping to change at page 133, line 47 skipping to change at page 135, line 38
"tracker". [Denns] "tracker". [Denns]
$ INFOCON $ INFOCON
(O) See: information operations condition (O) See: information operations condition
$ informal $ informal
(N) Expressed in natural language. [CCIB] (Compare: formal, (N) Expressed in natural language. [CCIB] (Compare: formal,
semiformal.) semiformal.)
$ information $ information
(I) Facts and ideas, which can be represented (encoded) as various 1. (I) Facts and ideas, which can be represented (encoded) as
forms of data. various forms of data.
2. (O) /U.S. Government/ "Any knowledge that can be communicated
or documentary maerial, regardless of its physical form or
characteristics, that is owned by, produced by or for, or is under
the control of the United States Government. 'Control' means the
authority of the agency that originates information, or its
successor in function, to regulare access to the information."
$ information assurance $ information assurance
(N) /U.S. Government/ "Measures that protect and defend (N) /U.S. Government/ "Measures that protect and defend
information and information systems by ensuring their availability information and information systems by ensuring their availability
integrity, authentication, confidentiality, and non-repudiation. integrity, authentication, confidentiality, and non-repudiation.
These measures include providing for restoration of information These measures include providing for restoration of information
systems by incorporating protection, detection, and reaction systems by incorporating protection, detection, and reaction
capabilities." [C4009] capabilities." [C4009]
$ Information Assurance Technical Framework (IATF) $ Information Assurance Technical Framework (IATF)
skipping to change at page 134, line 52 skipping to change at page 136, line 51
$ information security (INFOSEC) $ information security (INFOSEC)
(N) Measures that implement and assure security services in (N) Measures that implement and assure security services in
information systems, including in computer systems (see: COMPUSEC) information systems, including in computer systems (see: COMPUSEC)
and in communication systems (see: COMSEC). and in communication systems (see: COMSEC).
$ information system $ information system
(I) An organized assembly of computing and communication resources (I) An organized assembly of computing and communication resources
and procedures -- i.e., equipment and services, together with and procedures -- i.e., equipment and services, together with
their supporting infrastructure, facilities, and personnel -- that their supporting infrastructure, facilities, and personnel -- that
collect, record, process, store, transport, retrieve, display, create, collect, record, process, store, transport, retrieve,
disseminate, or dispose of information to accomplish a specified display, disseminate, control, or dispose of information to
set of functions. (See: system entity, system resource.) accomplish a specified set of functions. (See: system entity,
system resource.)
$ Information Technology Security Evaluation Criteria (ITSEC) $ Information Technology Security Evaluation Criteria (ITSEC)
(N) A Standard [ITSEC] jointly developed by France, Germany, the (N) A Standard [ITSEC] jointly developed by France, Germany, the
Netherlands, and the United Kingdom for use in the European Union; Netherlands, and the United Kingdom for use in the European Union;
accommodates a wider range of security assurance and functionality accommodates a wider range of security assurance and functionality
combinations than the TCSEC. Superseded by the Common Criteria. combinations than the TCSEC. Superseded by the Common Criteria.
$ INFOSEC $ INFOSEC
(I) See: information security. (I) See: information security.
skipping to change at page 136, line 38 skipping to change at page 138, line 38
3. (O) A person with an organizational status that causes the 3. (O) A person with an organizational status that causes the
system or members of the organization to view access requests as system or members of the organization to view access requests as
being authorized. Example: In this sense, a purchasing agent is an being authorized. Example: In this sense, a purchasing agent is an
insider but a vendor is not. [NRC98] insider but a vendor is not. [NRC98]
$ inspectable space $ inspectable space
(O) /EMSEC/ "Three-dimensional space surrounding equipment that (O) /EMSEC/ "Three-dimensional space surrounding equipment that
process classified and/or sensitive information within which process classified and/or sensitive information within which
TEMPEST exploitation is not considered practical or where legal TEMPEST exploitation is not considered practical or where legal
authority to identify and/or remove a potential TEMPEST authority to identify and/or remove a potential TEMPEST
exploitation exists." [C4009] exploitation exists." [C4009] (Compare: control zone, TEMPEST
zone.)
$ Institute of Electrical and Electronics Engineers, Inc. (IEEE) $ Institute of Electrical and Electronics Engineers, Inc. (IEEE)
(N) The IEEE is a not-for-profit association of approximately (N) The IEEE is a not-for-profit association of approximately
300,000 individual members in 150 countries. The IEEE produces 300,000 individual members in 150 countries. The IEEE produces
nearly one third of the world's published literature in electrical nearly one third of the world's published literature in electrical
engineering, computers, and control technology; holds hundreds of engineering, computers, and control technology; holds hundreds of
major, annual conferences; and maintains more than 800 active major, annual conferences; and maintains more than 800 active
standards, with many more under development. (See: SILS.) standards, with many more under development. (See: SILS.)
$ integrity $ integrity
skipping to change at page 137, line 29 skipping to change at page 139, line 32
operational ability to detect and exploit a vulnerability and also operational ability to detect and exploit a vulnerability and also
has the demonstrated, presumed, or inferred intent to do so. (See: has the demonstrated, presumed, or inferred intent to do so. (See:
threat.) threat.)
$ interception $ interception
(I) A type of threat action whereby an unauthorized entity (I) A type of threat action whereby an unauthorized entity
directly accesses sensitive data while the data is traveling directly accesses sensitive data while the data is traveling
between authorized sources and destinations. (See: unauthorized between authorized sources and destinations. (See: unauthorized
disclosure.) disclosure.)
Usage: This type includes the following subtypes: Usage: This type of threat action includes the following subtypes:
- "Theft": Gaining access to sensitive data by stealing a - "Theft": Gaining access to sensitive data by stealing a
shipment of a physical medium, such as a magnetic tape or disk, shipment of a physical medium, such as a magnetic tape or disk,
that holds the data. that holds the data.
- "Wiretapping (passive)": Monitoring and recording data that is - "Wiretapping (passive)": Monitoring and recording data that is
flowing between two points in a communication system. (See: flowing between two points in a communication system. (See:
wiretapping.) wiretapping.)
- "Emanations analysis": Gaining direct knowledge of communicated - "Emanations analysis": Gaining direct knowledge of communicated
data by monitoring and resolving a signal that is emitted by a data by monitoring and resolving a signal that is emitted by a
system and that contains the data but was not intended to system and that contains the data but was not intended to
communicate the data. (See: emanation.) communicate the data. (See: emanation.)
skipping to change at page 145, line 51 skipping to change at page 147, line 52
$ intrusion $ intrusion
1. (I) A security event, or a combination of multiple security 1. (I) A security event, or a combination of multiple security
events, that constitutes a security incident in which an intruder events, that constitutes a security incident in which an intruder
gains, or attempts to gain, access to a system or system resource gains, or attempts to gain, access to a system or system resource
without having authorization to do so. (See: IDS.) without having authorization to do so. (See: IDS.)
2. (I) A type of threat action whereby an unauthorized entity 2. (I) A type of threat action whereby an unauthorized entity
gains access to sensitive data by circumventing a system's gains access to sensitive data by circumventing a system's
security protections. (See: unauthorized disclosure.) security protections. (See: unauthorized disclosure.)
Usage: This type includes the following subtypes: Usage: This type of threat action includes the following subtypes:
- "Trespass": Gaining physical access to sensitive data by - "Trespass": Gaining physical access to sensitive data by
circumventing a system's protections. circumventing a system's protections.
- "Penetration": Gaining logical access to sensitive data by - "Penetration": Gaining logical access to sensitive data by
circumventing a system's protections. circumventing a system's protections.
- "Reverse engineering": Acquiring sensitive data by - "Reverse engineering": Acquiring sensitive data by
disassembling and analyzing the design of a system component. disassembling and analyzing the design of a system component.
- "Cryptanalysis": Transforming encrypted data into plain text - "Cryptanalysis": Transforming encrypted data into plain text
without having prior knowledge of encryption parameters or without having prior knowledge of encryption parameters or
processes. (See: main entry for "cryptanalysis".) processes. (See: main entry for "cryptanalysis".)
$ intrusion detection $ intrusion detection
(I) Sensing and analyzing system events for the purpose of (I) Sensing and analyzing system events for the purpose of
noticing (i.e., becoming aware of) attempts to access system noticing (i.e., becoming aware of) attempts to access system
resources in an unauthorized manner. (See: anomaly detection, IDS, resources in an unauthorized manner. (See: anomaly detection, IDS,
skipping to change at page 150, line 16 skipping to change at page 152, line 18
Tutorial: The Department of State represents the United States. Tutorial: The Department of State represents the United States.
ITU-T works on many kinds of communication systems. ITU-T ITU-T works on many kinds of communication systems. ITU-T
cooperates with ISO on communication protocol standards, and many cooperates with ISO on communication protocol standards, and many
Recommendations in that area are also published as an ISO standard Recommendations in that area are also published as an ISO standard
with an ISO name and number. with an ISO name and number.
$ IV $ IV
(I) See: initialization value. (I) See: initialization value.
$ jamming $ jamming
(I) An attack that attempts to interfere with the reception of (N) An attack that attempts to interfere with the reception of
broadcast communications. (See: anti-jam, denial of service. broadcast communications. (See: anti-jam, denial of service.
Compare: flooding.) Compare: flooding.)
Tutorial: Jamming uses "interference" as a type of "obstruction" Tutorial: Jamming uses "interference" as a type of "obstruction"
intended to cause "disruption". Jamming a broadcast signal is intended to cause "disruption". Jamming a broadcast signal is
typically done by broadcasting a second signal that receivers typically done by broadcasting a second signal that receivers
cannot separate from the first one. Jamming is mainly thought of cannot separate from the first one. Jamming is mainly thought of
in the context of wireless communication, but also can be done in in the context of wireless communication, but also can be done in
some wired technologies, such as LANs that use contention some wired technologies, such as LANs that use contention
techniques to share a broadcast medium. techniques to share a broadcast medium.
skipping to change at page 155, line 32 skipping to change at page 157, line 34
2. (O) /OSIRM/ "The generation, storage, distribution, deletion, 2. (O) /OSIRM/ "The generation, storage, distribution, deletion,
archiving and application of keys in accordance with a security archiving and application of keys in accordance with a security
policy." [I7498-2] policy." [I7498-2]
$ Key Management Protocol (KMP) $ Key Management Protocol (KMP)
(N) A protocol to establish a shared symmetric key between a pair (N) A protocol to establish a shared symmetric key between a pair
(or a group) of users. (One version of KMP was developed by SDNS, (or a group) of users. (One version of KMP was developed by SDNS,
and another by SILS.) Superseded by ISAKMP and IKE. and another by SILS.) Superseded by ISAKMP and IKE.
$ key material $ key material
(D) A synonym for "keying material". (D) Synonym for "keying material".
Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for
"keying material". "keying material".
$ key pair $ key pair
(I) A set of mathematically related keys -- a public key and a (I) A set of mathematically related keys -- a public key and a
private key -- that are used for asymmetric cryptography and are private key -- that are used for asymmetric cryptography and are
generated in a way that makes it computationally infeasible to generated in a way that makes it computationally infeasible to
derive the private key from knowledge of the public key. (See: derive the private key from knowledge of the public key. (See:
Diffie-Hellman, RSA.) Diffie-Hellman, RSA.)
skipping to change at page 157, line 18 skipping to change at page 159, line 20
2. (O) Irreversible cryptographic process that modifies a key to 2. (O) Irreversible cryptographic process that modifies a key to
produce a new key. [C4009] produce a new key. [C4009]
$ key validation $ key validation
1. (I) "The procedure for the receiver of a public key to check 1. (I) "The procedure for the receiver of a public key to check
that the key conforms to the arithmetic requirements for such a that the key conforms to the arithmetic requirements for such a
key in order to thwart certain types of attacks." [A9042] (See: key in order to thwart certain types of attacks." [A9042] (See:
weak key) weak key)
2. (D) A synonym for "certificate validation". 2. (D) Synonym for "certificate validation".
Deprecated Usage: ISDs SHOULD NOT use the term as a synonym for Deprecated Usage: ISDs SHOULD NOT use the term as a synonym for
"certificate validation"; that would unnecessarily duplicate the "certificate validation"; that would unnecessarily duplicate the
meaning of the latter term and mix concepts in a potentially meaning of the latter term and mix concepts in a potentially
misleading way. In validating an X.509 public-key certificate, the misleading way. In validating an X.509 public-key certificate, the
public key contained in the certificate is normally treated as an public key contained in the certificate is normally treated as an
opaque data object. opaque data object.
$ keyed hash $ keyed hash
(I) A cryptographic hash (e.g., [R1828]) in which the mapping to a (I) A cryptographic hash (e.g., [R1828]) in which the mapping to a
skipping to change at page 157, line 46 skipping to change at page 159, line 48
threat of an active attack on the data. There are two basic types threat of an active attack on the data. There are two basic types
of keyed hash: of keyed hash:
- A function based on a keyed encryption algorithm. Example: Data - A function based on a keyed encryption algorithm. Example: Data
Authentication Code. Authentication Code.
- A function based on a keyless hash that is enhanced by - A function based on a keyless hash that is enhanced by
combining (e.g., by concatenating) the input data object combining (e.g., by concatenating) the input data object
parameter with a key parameter before mapping to the hash parameter with a key parameter before mapping to the hash
result. Example: HMAC. result. Example: HMAC.
$ keying material $ keying material
(I) Data that is needed to establish and maintain a cryptographic 1. (I) Data that is needed to establish and maintain a
security association, such as keys, key pairs, and IVs. cryptographic security association, such as keys, key pairs, and
IVs.
(O) "Key, code, or authentication information in physical or 2. (O) "Key, code, or authentication information in physical or
magnetic form." [C4009] (Compare: COMSEC material.) magnetic form." [C4009] (Compare: COMSEC material.)
$ keying material identifier (KMID) $ keying material identifier (KMID)
1. (I) An identifier assigned to an item of keying material. 1. (I) An identifier assigned to an item of keying material.
2. (O) /MISSI/ A 64-bit identifier that is assigned to a key pair 2. (O) /MISSI/ A 64-bit identifier that is assigned to a key pair
when the public key is bound in a MISSI X.509 public-key when the public key is bound in a MISSI X.509 public-key
certificate. certificate.
$ Khafre $ Khafre
skipping to change at page 158, line 37 skipping to change at page 160, line 42
$ KMID $ KMID
(I) See: keying material identifier. (I) See: keying material identifier.
$ known-plaintext attack $ known-plaintext attack
(I) A cryptanalysis technique in which the analyst tries to (I) A cryptanalysis technique in which the analyst tries to
determine the key from knowledge of some plaintext-ciphertext determine the key from knowledge of some plaintext-ciphertext
pairs (although the analyst may also have other clues, such as pairs (although the analyst may also have other clues, such as
knowing the cryptographic algorithm). knowing the cryptographic algorithm).
$ kracker
(O) Old spelling for "cracker".
$ KSOS, KSOS-6, KSOS-11 $ KSOS, KSOS-6, KSOS-11
(O) See: Kernelized Secure Operating System. (O) See: Kernelized Secure Operating System.
$ L2F $ L2F
(N) See: Layer 2 Forwarding Protocol. (N) See: Layer 2 Forwarding Protocol.
$ L2TP $ L2TP
(N) See: Layer 2 Tunneling Protocol. (N) See: Layer 2 Tunneling Protocol.
$ label $ label
skipping to change at page 161, line 5 skipping to change at page 163, line 12
trust and (b) the extent to which each component is trusted. trust and (b) the extent to which each component is trusted.
(Compare: least privilege, trust level.) (Compare: least privilege, trust level.)
$ legacy system $ legacy system
(I) A system that is in operation but will not be improved or (I) A system that is in operation but will not be improved or
expanded while a new system is being developed to supersede it. expanded while a new system is being developed to supersede it.
$ legal non-repudiation $ legal non-repudiation
(I) See: secondary definition under "non-repudiation". (I) See: secondary definition under "non-repudiation".
$ leap of faith
1. (I) /general security/ Operating a system as though it began
operation in a secure state, even though it cannot be proven that
such a state was established (i.e., even though a security
compromise might have occurred at or before the time when
operation began).
2. (I) /COMSEC/ The initial part, i.e., the first communication
step or steps, of a protocol that is vulnerable to attack
(especially a man-in-the-middle attack) during that part but, if
that part is completed without being attacked, is subsequently not
vulnerable in later steps (i.e., results in a secure communication
association for which no man-in-the-middle attack is possible).
Usage: This term is listed in English dictionaries, but their
definitions are broad and can be interpreted in many ways in
Internet contexts. Similarly, the definition stated here can be
interpreted in several ways. Therefore, ISDs that use this term
(especially ISDs that are protocol specifications) SHOULD state a
more specific definition for it.
Tutorial: In a protocol, a leap of faith typically consists of
accepting a claim of peer identity, data origin, or data integrity
without authenticating that claim. When a protocol includes such a
step, the protocol might also be designed so that if a man-in-the-
middle attack succeeds during the vulnerable first part, then the
attacker must remain in the middle for all subsequent exchanges or
else one of the legitimate parties will be able to detect the
attack.
$ level of concern $ level of concern
(N) /U.S. DoD/ A rating assigned to an information system that (N) /U.S. DoD/ A rating assigned to an information system that
indicates the extent to which protective measures, techniques, and indicates the extent to which protective measures, techniques, and
procedures must be applied. (See: critical, sensitive, level of procedures must be applied. (See: critical, sensitive, level of
robustness.) robustness.)
$ level of robustness $ level of robustness
(N) /U.S. DoD/ A characterization of (a) the strength of a (N) /U.S. DoD/ A characterization of (a) the strength of a
security function, mechanism, service, or solution and (b) the security function, mechanism, service, or solution and (b) the
assurance (or confidence) that it is implemented and functioning. assurance (or confidence) that it is implemented and functioning.
[Cons, IATF] (See: level of concern.) [Cons, IATF] (See: level of concern.)
$ Liberty Alliance
(O) An international consortium of more than 150 commercial,
nonprofit, and government organizations that was created in 2001
to address technical, business, and policy problems of identity
and identity-based Web services and develop a standard for
federated network identity that supports current and emerging
network devices.
$ Lightweight Directory Access Protocol (LDAP) $ Lightweight Directory Access Protocol (LDAP)
(I) An Internet client-server protocol (RFC 3377) that supports (I) An Internet client-server protocol (RFC 3377) that supports
basic use of the X.500 Directory (or other directory servers) basic use of the X.500 Directory (or other directory servers)
without incurring the resource requirements of the full Directory without incurring the resource requirements of the full Directory
Access Protocol (DAP). Access Protocol (DAP).
Tutorial: Designed for simple management and browser applications Tutorial: Designed for simple management and browser applications
that provide simple read/write interactive directory service. that provide simple read/write interactive directory service.
Supports both simple authentication and strong authentication of Supports both simple authentication and strong authentication of
the client to the directory server. the client to the directory server.
skipping to change at page 162, line 15 skipping to change at page 165, line 8
i.e., that the data is not being replayed, by either the i.e., that the data is not being replayed, by either the
originator or a third party, from a previous transmission. (See: originator or a third party, from a previous transmission. (See:
fresh, nonce, replay attack.) fresh, nonce, replay attack.)
$ logic bomb $ logic bomb
(I) Malicious logic that activates when specified conditions are (I) Malicious logic that activates when specified conditions are
met. Usually intended to cause denial of service or otherwise met. Usually intended to cause denial of service or otherwise
damage system resources. (See: Trojan horse, virus, worm.) damage system resources. (See: Trojan horse, virus, worm.)
$ login $ login
(I) The act by which a system entity establishes a session in (I) 1a. An act by which a system entity establishes a session in
which the entity can use system resources. (See: principal, which the entity can use system resources. (See: principal,
session.) session.)
Usage: Usually understood to be accomplished by providing a user (I) 1b. An act by which a system user has its identity
name and password to an access control system that authenticates authenticated by the system. (See: principal, session.)
the user, but sometimes refers to establishing a connection with a
Usage: Usually understood to be accomplished by providing an
identifier and matching authentication information (e.g., a
password) to a security mechanism that authenticates the user's
identity; but sometimes refers to establishing a connection with a
server when no authentication or specific authorization is server when no authentication or specific authorization is
involved. involved.
Derivation: Refers to "log" file", a security audit trail that Derivation: Refers to "log" file", a security audit trail that
records (a) security events, such as the beginning of a session, records (a) security events, such as the beginning of a session,
and (b) the names of the system entities that initiate events. and (b) the names of the system entities that initiate events.
$ long title $ long title
(O) /U.S. Government/ "Descriptive title of [an item of COMSEC (O) /U.S. Government/ "Descriptive title of [an item of COMSEC
material]." [C4009] (Compare: short title.) material]." [C4009] (Compare: short title.)
skipping to change at page 164, line 48 skipping to change at page 167, line 46
Deprecated Term: It is likely that other cultures use different Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book".) Usage under "Green Book".)
$ masquerade $ masquerade
(I) A type of threat action whereby an unauthorized entity gains (I) A type of threat action whereby an unauthorized entity gains
access to a system or performs a malicious act by illegitimately access to a system or performs a malicious act by illegitimately
posing as an authorized entity. (See: deception.) posing as an authorized entity. (See: deception.)
Usage: This type includes the following subtypes: Usage: This type of threat action includes the following subtypes:
- "Spoof": Attempt by an unauthorized entity to gain access to a - "Spoof": Attempt by an unauthorized entity to gain access to a
system by posing as an authorized user. system by posing as an authorized user.
- "Malicious logic": In context of masquerade, any hardware, - "Malicious logic": In context of masquerade, any hardware,
firmware, or software (e.g., Trojan horse) that appears to firmware, or software (e.g., Trojan horse) that appears to
perform a useful or desirable function, but actually gains perform a useful or desirable function, but actually gains
unauthorized access to system resources or tricks a user into unauthorized access to system resources or tricks a user into
executing other malicious logic. (See: corruption, executing other malicious logic. (See: corruption,
incapacitation, main entry for "malicious logic", misuse.) incapacitation, main entry for "malicious logic", misuse.)
$ MCA $ MCA
skipping to change at page 166, line 10 skipping to change at page 169, line 7
(I) A non-hierarchical PKI architecture in which there are several (I) A non-hierarchical PKI architecture in which there are several
trusted CAs rather than a single root. Each certificate user bases trusted CAs rather than a single root. Each certificate user bases
path validations on the public key of one of the trusted CAs, path validations on the public key of one of the trusted CAs,
usually the one that issued that user's own public-key usually the one that issued that user's own public-key
certificate. Rather than having superior-to-subordinate certificate. Rather than having superior-to-subordinate
relationships between CAs, the relationships are peer-to-peer, and relationships between CAs, the relationships are peer-to-peer, and
CAs issue cross-certificates to each other. (Compare: hierarchical CAs issue cross-certificates to each other. (Compare: hierarchical
PKI, trust-file PKI.) PKI, trust-file PKI.)
$ Message Authentication Code, message authentication code $ Message Authentication Code, message authentication code
(N) /capitalized/ A specific ANSI standard for a checksum that is 1. (N) /capitalized/ A specific ANSI standard for a checksum that
computed with a keyed hash that is based on DES. [A9009] Usage: is computed with a keyed hash that is based on DES. [A9009] Usage:
a.k.a. Data Authentication Code, which is a U.S. Government a.k.a. Data Authentication Code, which is a U.S. Government
standard. [FP113] (See: MAC.) standard. [FP113] (See: MAC.)
(D) /not capitalized/ Synonym for "error detection code". 2. (D) /not capitalized/ Synonym for "error detection code".
Deprecated Term: ISDs SHOULD NOT use the uncapitalized form Deprecated Term: ISDs SHOULD NOT use the uncapitalized form
"message authentication code". Instead, use "checksum", "error "message authentication code". Instead, use "checksum", "error
detection code", "hash", "keyed hash", "Message Authentication detection code", "hash", "keyed hash", "Message Authentication
Code", or "protected checksum", depending on what is meant. (See: Code", or "protected checksum", depending on what is meant. (See:
authentication code.) authentication code.)
The uncapitalized form mixes concepts in a potentially misleading The uncapitalized form mixes concepts in a potentially misleading
way. The word "message" is misleading because it implies that the way. The word "message" is misleading because it implies that the
mechanism is particularly suitable for or limited to electronic mechanism is particularly suitable for or limited to electronic
skipping to change at page 166, line 44 skipping to change at page 169, line 41
(D) Synonym for "hash result". (See: cryptographic hash.) (D) Synonym for "hash result". (See: cryptographic hash.)
Deprecated Term: ISDs SHOULD NOT use this term as a synonym for Deprecated Term: ISDs SHOULD NOT use this term as a synonym for
"hash result"; the term unnecessarily duplicates the meaning of "hash result"; the term unnecessarily duplicates the meaning of
the other, more general term and mixes concepts in a potentially the other, more general term and mixes concepts in a potentially
misleading way. The word "message" is misleading because it misleading way. The word "message" is misleading because it
implies that the mechanism is particularly suitable for or limited implies that the mechanism is particularly suitable for or limited
to electronic mail (see: Message Handling Systems). to electronic mail (see: Message Handling Systems).
$ message handling system $ message handling system
(D) A synonym for the Internet electronic mail system. (D) Synonym for the Internet electronic mail system.
Deprecated Term: ISDs SHOULD NOT use this term, because it could Deprecated Term: ISDs SHOULD NOT use this term, because it could
be confused with Message Handling System. Instead, use "Internet be confused with Message Handling System. Instead, use "Internet
electronic mail" or some other, more specific term. electronic mail" or some other, more specific term.
$ Message Handling System $ Message Handling System
(O) A ITU-T system concept that encompasses the notion of (O) A ITU-T system concept that encompasses the notion of
electronic mail but defines more comprehensive OSI systems and electronic mail but defines more comprehensive OSI systems and
services that enable users to exchange messages on a store-and- services that enable users to exchange messages on a store-and-
forward basis. (The ISO equivalent is "Message Oriented Text forward basis. (The ISO equivalent is "Message Oriented Text
skipping to change at page 168, line 7 skipping to change at page 171, line 4
- Usage management: Data categories, keywords, classifications. - Usage management: Data categories, keywords, classifications.
Meta-data can be associated with a data object in two basic ways: Meta-data can be associated with a data object in two basic ways:
- Explicitly: Be part of the data object (e.g., a header field of - Explicitly: Be part of the data object (e.g., a header field of
a data file or packet) or be linked to the object. a data file or packet) or be linked to the object.
- Implicitly: Be associated with the data object because of some - Implicitly: Be associated with the data object because of some
other, explicit attribute of the object. other, explicit attribute of the object.
$ metadata, Metadata(trademark), METADATA(trademark) $ metadata, Metadata(trademark), METADATA(trademark)
(D) Proprietary variants of "meta-data". (See: SPAM(trademark).) (D) Proprietary variants of "meta-data". (See: SPAM(trademark).)
Deprecated Usage: ISDs SHOULD NOT use these unhypenated forms;
Deprecated Terms: ISDs SHOULD NOT use these unhypenated forms;
ISDs SHOULD use only the uncapitalized, hyphenated "meta-data". ISDs SHOULD use only the uncapitalized, hyphenated "meta-data".
The terms "Metadata" and "METADATA" are claimed as registered The terms "Metadata" and "METADATA" are claimed as registered
trademarks (numbers 1,409,260 and 2,185,504) owned by The Metadata trademarks (numbers 1,409,260 and 2,185,504) owned by The Metadata
Company, originally known as Metadata Information Partners, a Company, originally known as Metadata Information Partners, a
company founded by Jack Myers. The status of "metadata" is company founded by Jack Myers. The status of "metadata" is
unclear. unclear.
$ MHS $ MHS
(N) See: message handling system. (N) See: message handling system.
skipping to change at page 168, line 43 skipping to change at page 171, line 39
(N) A technical description to provide a basis for interoperation (N) A technical description to provide a basis for interoperation
between PKI components from different vendors; consists primarily between PKI components from different vendors; consists primarily
of a profile of certificate and CRL extensions and a set of of a profile of certificate and CRL extensions and a set of
transactions for PKI operation. [SP15] transactions for PKI operation. [SP15]
$ misappropriation $ misappropriation
(I) A type of threat action whereby an entity assumes unauthorized (I) A type of threat action whereby an entity assumes unauthorized
logical or physical control of a system resource. (See: logical or physical control of a system resource. (See:
usurpation.) usurpation.)
Usage: This type includes the following subtypes: Usage: This type of threat action includes the following subtypes:
- Theft of data: Unauthorized acquisition and use of data - Theft of data: Unauthorized acquisition and use of data
contained in a system. contained in a system.
- Theft of service: Unauthorized use of a system service. - Theft of service: Unauthorized use of a system service.
- Theft of functionality: Unauthorized acquisition of actual - Theft of functionality: Unauthorized acquisition of actual
hardware, firmware, or software of a system component. hardware, firmware, or software of a system component.
$ MISPC $ MISPC
(N) See: Minimum Interoperability Specification for PKI (N) See: Minimum Interoperability Specification for PKI
Components. Components.
skipping to change at page 169, line 50 skipping to change at page 172, line 47
$ misuse $ misuse
1. (I) The intentional use (by authorized users) of system 1. (I) The intentional use (by authorized users) of system
resources for other than authorized purposes. Example: An resources for other than authorized purposes. Example: An
authorized system administrator creates an unauthorized account authorized system administrator creates an unauthorized account
for a friend. for a friend.
2. (I) A type of threat action that causes a system component to 2. (I) A type of threat action that causes a system component to
perform a function or service that is detrimental to system perform a function or service that is detrimental to system
security. (See: usurpation.) security. (See: usurpation.)
Usage: This type includes the following subtypes: Usage: This type of threat action includes the following subtypes:
- "Tampering": In context of misuse, deliberately altering a - "Tampering": In context of misuse, deliberately altering a
system's logic, data, or control information to cause the system's logic, data, or control information to cause the
system to perform unauthorized functions or services. (See: system to perform unauthorized functions or services. (See:
corruption, main entry for "tampering".) corruption, main entry for "tampering".)
- "Malicious logic": In context of misuse, any hardware, - "Malicious logic": In context of misuse, any hardware,
firmware, or software intentionally introduced into a system to firmware, or software intentionally introduced into a system to
perform or control execution of an unauthorized function or perform or control execution of an unauthorized function or
service. (See: corruption, incapacitation, main entry for service. (See: corruption, incapacitation, main entry for
"malicious logic", masquerade.) "malicious logic", masquerade.)
- "Violation of authorizations": Action by an entity that exceeds - "Violation of authorizations": Action by an entity that exceeds
skipping to change at page 173, line 51 skipping to change at page 176, line 48
- Working to establish a formal, international mutual recognition - Working to establish a formal, international mutual recognition
scheme for a Common Criteria-based evaluation. scheme for a Common Criteria-based evaluation.
$ National Institute of Standards and Technology (NIST) $ National Institute of Standards and Technology (NIST)
(N) A U.S. Department of Commerce organization that promotes U.S. (N) A U.S. Department of Commerce organization that promotes U.S.
economic growth by working with industry to develop and apply economic growth by working with industry to develop and apply
technology, measurements, and standards. Has primary Government technology, measurements, and standards. Has primary Government
responsibility for INFOSEC standards for sensitive unclassified responsibility for INFOSEC standards for sensitive unclassified
information. (See: ANSI, DES, DSA, DSS, FIPS, NIAP, NSA.) information. (See: ANSI, DES, DSA, DSS, FIPS, NIAP, NSA.)
$ national security
(O) /U.S. Government/ The national defense or foreign relations of
the United States of America.
$ National Security Agency (NSA) $ National Security Agency (NSA)
(N) A U.S. DoD organization that has primary Government (N) A U.S. DoD organization that has primary Government
responsibility for INFOSEC standards for classified information responsibility for INFOSEC standards for classified information
and for sensitive unclassified information handled by national and for sensitive unclassified information handled by national
security systems. (See: FORTEZZA, KEA, MISSI, national security security systems. (See: FORTEZZA, KEA, MISSI, national security
system, NIAP, NIST, SKIPJACK.) system, NIAP, NIST, SKIPJACK.)
$ national security information $ national security information
(O) /U.S. Government/ Information that has been determined, (O) /U.S. Government/ Information that has been determined,
pursuant to Executive Order 12958 or any predecessor order, to pursuant to Executive Order 12958 or any predecessor order, to
skipping to change at page 180, line 4 skipping to change at page 183, line 4
$ object reuse $ object reuse
(N) /COMPUSEC/ Reassignment and reuse of an area of a storage (N) /COMPUSEC/ Reassignment and reuse of an area of a storage
medium (e.g., random-access memory, floppy disk, magnetic tape) medium (e.g., random-access memory, floppy disk, magnetic tape)
that once contained sensitive data objects. Before being that once contained sensitive data objects. Before being
reassigned for use by a new subject, the area needs to be erased reassigned for use by a new subject, the area needs to be erased
or, in some cases, purged. [NCS04] or, in some cases, purged. [NCS04]
$ obstruction $ obstruction
(I) A type of threat action that interrupts delivery of system (I) A type of threat action that interrupts delivery of system
services by hindering system operations. (See: disruption.) services by hindering system operations. (See: disruption.)
Tutorial: This type includes the following subtypes: Tutorial: This type of threat action includes the following
subtypes:
- "Interference": Disruption of system operations by blocking - "Interference": Disruption of system operations by blocking
communication of user data or control information. (See: communication of user data or control information. (See:
jamming.) jamming.)
- "Overload": Hindrance of system operation by placing excess - "Overload": Hindrance of system operation by placing excess
burden on the performance capabilities of a system component. burden on the performance capabilities of a system component.
(See: flooding.) (See: flooding.)
$ OCSP $ OCSP
(I) See: On-line Certificate Status Protocol. (I) See: On-line Certificate Status Protocol.
skipping to change at page 180, line 32 skipping to change at page 183, line 33
$ OFB $ OFB
(N) See: output feedback. (N) See: output feedback.
$ off-line attack $ off-line attack
(I) See: secondary definition under "attack". (I) See: secondary definition under "attack".
$ ohnosecond $ ohnosecond
(D) That minuscule fraction of time in which you realize that your (D) That minuscule fraction of time in which you realize that your
private key has been compromised. private key has been compromised.
Deprecated Usage: This is a joke for English speakers. (See: Deprecated Usage: ISDs SHOULD NOT use this term; it is a joke for
Deprecated Usage under "Green Book".) English speakers. (See: Deprecated Usage under "Green Book".)
$ OID $ OID
(N) See: object identifier. (N) See: object identifier.
$ On-line Certificate Status Protocol (OCSP) $ On-line Certificate Status Protocol (OCSP)
(I) An Internet protocol [R2560] used by a client to obtain from a (I) An Internet protocol [R2560] used by a client to obtain from a
server the validity status and other information about a digital server the validity status and other information about a digital
certificate. certificate.
Tutorial: In some applications, such as those involving high-value Tutorial: In some applications, such as those involving high-value
skipping to change at page 184, line 52 skipping to change at page 187, line 54
(D) /slang/ Synonym for "Trusted Computer System Evaluation (D) /slang/ Synonym for "Trusted Computer System Evaluation
Criteria" [CSC001, DoD1]. Criteria" [CSC001, DoD1].
Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for
"Trusted Computer System Evaluation Criteria" [CSC001, DoD1]. "Trusted Computer System Evaluation Criteria" [CSC001, DoD1].
Instead, use the full, proper name of the document or, in Instead, use the full, proper name of the document or, in
subsequent references, the abbreviation "TCSEC". (See: Deprecated subsequent references, the abbreviation "TCSEC". (See: Deprecated
Usage under "Green Book".) Usage under "Green Book".)
$ organizational certificate $ organizational certificate
(I) An X.509 certificate in which the "subject" field contains the 1. (I) An X.509 public-key certificate in which the "subject"
name of an institution or set (e.g., a business, government, field contains the name of an institution or set (e.g., a
school, labor union, club, ethnic group, nationality, system, or business, government, school, labor union, club, ethnic group,
group of individuals playing the same role), rather than the name nationality, system, or group of individuals playing the same
of an individual person or device. (Compare: persona certificate, role), rather than the name of an individual person or device.
role certificate.) (Compare: persona certificate, role certificate.)
Tutorial: Such a certificate might be issued for one of the Tutorial: Such a certificate might be issued for one of the
following purposes: following purposes:
- To enable an individual to prove membership in the - To enable an individual to prove membership in the
organization. organization.
- To enable an individual to represent the organization, i.e., to - To enable an individual to represent the organization, i.e., to
act in its name and with it powers or permissions. act in its name and with it powers or permissions.
(O) /MISSI/ A type of MISSI X.509 public-key certificate that is 2. (O) /MISSI/ A type of MISSI X.509 public-key certificate that
issued to support organizational message handling for the U.S. is issued to support organizational message handling for the U.S.
DoD's Defense Message System. DoD's Defense Message System.
$ organizational registration authority (ORA) $ organizational registration authority (ORA)
1. (I) /PKI/ An RA for an organization. 1. (I) /PKI/ An RA for an organization.
2. (O) /MISSI/ An end entity that (a) assists a PCA, CA, or SCA to 2. (O) /MISSI/ An end entity that (a) assists a PCA, CA, or SCA to
register other end entities, by gathering, verifying, and entering register other end entities, by gathering, verifying, and entering
data and forwarding it to the signing authority and (b) may also data and forwarding it to the signing authority and (b) may also
assist with card management functions. An ORA is a local assist with card management functions. An ORA is a local
administrative authority, and the term refers both to the role and administrative authority, and the term refers both to the role and
skipping to change at page 189, line 27 skipping to change at page 192, line 28
$ passive user $ passive user
(I) See: secondary definition under "user". (I) See: secondary definition under "user".
$ passive wiretapping $ passive wiretapping
(I) A wiretapping attack that attempts only to observe a (I) A wiretapping attack that attempts only to observe a
communication flow and gain knowledge of the data it contains, but communication flow and gain knowledge of the data it contains, but
does not alter or otherwise affect that flow. (See: wiretapping. does not alter or otherwise affect that flow. (See: wiretapping.
Compare: passive attack, active wiretapping.) Compare: passive attack, active wiretapping.)
$ password $ password
(I) A secret data value, usually a character string, that is 1a. (I) A secret data value, usually a character string, that is
presented to a system by a user to authenticate the user's presented to a system by a user to authenticate the user's
identity. (See: authentication information, challenge-response, identity. (See: authentication information, challenge-response,
PIN, simple authentication.) PIN, simple authentication.)
(O) "A character string used to authenticate an identity." [CSC2] 1b. (O) "A character string used to authenticate an identity."
[CSC2]
(O) "A string of characters (letters, numbers, and other symbols) 1c. (O) "A string of characters (letters, numbers, and other
used to authenticate an identity or to verify access symbols) used to authenticate an identity or to verify access
authorization." [FP140] authorization." [FP140]
(O) "A secret that a claimant memorizes and uses to authenticate 1d. (O) "A secret that a claimant memorizes and uses to
his or her identity. Passwords are typically character strings." authenticate his or her identity. Passwords are typically
[SP63] character strings." [SP63]
Tutorial: A password is usually paired with a user identifier that Tutorial: A password is usually paired with a user identifier that
is explicit in the authentication process, although in some cases is explicit in the authentication process, although in some cases
the identifier may be implicit. A password is usually verified by the identifier may be implicit. A password is usually verified by
matching it to a stored value held by the access control system matching it to a stored value held by the access control system
for that identifier. for that identifier.
Using a password as authentication information is based on Using a password as authentication information is based on
assuming that the password is known only by the system entity for assuming that the password is known only by the system entity for
which the identity is being authenticated. Therefore, in a network which the identity is being authenticated. Therefore, in a network
skipping to change at page 190, line 55 skipping to change at page 194, line 4
gateways and is operated on behalf of a payment card brand, an gateways and is operated on behalf of a payment card brand, an
acquirer, or another party according to brand rules. A SET PCA acquirer, or another party according to brand rules. A SET PCA
issues a CRL for compromised payment gateway certificates. [SET2] issues a CRL for compromised payment gateway certificates. [SET2]
(See: PCA.) (See: PCA.)
$ PC card $ PC card
(N) A type of credit card-sized, plug-in peripheral device that (N) A type of credit card-sized, plug-in peripheral device that
was originally developed to provide memory expansion for portable was originally developed to provide memory expansion for portable
computers, but is also used for other kinds of functional computers, but is also used for other kinds of functional
expansion. (See: FORTEZZA, PCMCIA.) expansion. (See: FORTEZZA, PCMCIA.)
Tutorial: The international PC Card Standard defines a non- Tutorial: The international PC Card Standard defines a non-
proprietary form factor in three sizes -- Types I, II and III -- proprietary form factor in three sizes -- Types I, II and III --
each of which have a 68-pin interface between the card and the each of which have a 68-pin interface between the card and the
socket into which it plugs. All three types have the same length socket into which it plugs. All three types have the same length
and width, roughly the size of a credit card, but differ in their and width, roughly the size of a credit card, but differ in their
thickness from 3.3 to 10.5 mm. Examples include storage modules, thickness from 3.3 to 10.5 mm. Examples include storage modules,
modems, device interface adapters, and cryptographic modules. modems, device interface adapters, and cryptographic modules.
$ PCA $ PCA
(D) Abbreviation of various kinds of "certification authority". (D) Abbreviation of various kinds of "certification authority".
(See: Internet policy certification authority, (MISSI) policy (See: Internet policy certification authority, (MISSI) policy
creation authority, (SET) payment gateway certification creation authority, (SET) payment gateway certification
authority.) authority.)
Deprecated Abbreviation: An ISD that uses this abbreviation SHOULD Deprecated Usage: An ISD that uses this abbreviation SHOULD define
define it at the point of first use. it at the point of first use.
$ PCI $ PCI
(N) See: "protocol control information" under "protocol data (N) See: "protocol control information" under "protocol data
unit". unit".
$ PCMCIA $ PCMCIA
(N) Personal Computer Memory Card International Association, a (N) Personal Computer Memory Card International Association, a
group of manufacturers, developers, and vendors, founded in 1989 group of manufacturers, developers, and vendors, founded in 1989
to standardize plug-in peripheral memory cards for personal to standardize plug-in peripheral memory cards for personal
computers and now extended to deal with any technology that works computers and now extended to deal with any technology that works
skipping to change at page 192, line 9 skipping to change at page 195, line 10
service requires an association to exist between the two entities, service requires an association to exist between the two entities,
and the corroboration provided by the service is valid only at the and the corroboration provided by the service is valid only at the
current time that the service is provided. (See: "relationship current time that the service is provided. (See: "relationship
between data integrity service and authentication services" under between data integrity service and authentication services" under
"data integrity service"). "data integrity service").
$ PEM $ PEM
(I) See: Privacy Enhanced Mail. (I) See: Privacy Enhanced Mail.
$ penetrate $ penetrate
1a. Circumvent a system's security protections. (See: attack, 1a. (I) Circumvent a system's security protections. (See: attack,
break, violation.) break, violation.)
1b. (I) Successfully and repeatedly gain unauthorized access to a 1b. (I) Successfully and repeatedly gain unauthorized access to a
protected system resource. [Huff] protected system resource. [Huff]
$ penetration test $ penetration test
(I) A system test, often part of system certification, in which (I) A system test, often part of system certification, in which
evaluators attempt to circumvent the security features of a evaluators attempt to circumvent the security features of a
system. [NCS04, SP42] (See: tiger team.) system. [NCS04, SP42] (See: tiger team.)
skipping to change at page 192, line 55 skipping to change at page 196, line 6
interval of time and then is changed for the following interval of interval of time and then is changed for the following interval of
time. A period extends from the secure initialization of the time. A period extends from the secure initialization of the
system to the completion of any purging of sensitive data handled system to the completion of any purging of sensitive data handled
by the system during the period. by the system during the period.
$ permanent storage $ permanent storage
(I) Non-volatile media that, once written into, can never be (I) Non-volatile media that, once written into, can never be
completely erased. completely erased.
$ permission $ permission
1a. (I) A synonym for "authorization". (Compare: privilege.) 1a. (I) Synonym for "authorization". (Compare: privilege.)
1b. (N) An authorization or set of authorizations to perform 1b. (N) An authorization or set of authorizations to perform
security-relevant functions in the context of role-based access security-relevant functions in the context of role-based access
control. [ANSI] control. [ANSI]
Tutorial: A permission is a positively stated authorization for Tutorial: A permission is a positively stated authorization for
access that (a) can be associated with one or more roles and (b) access that (a) can be associated with one or more roles and (b)
enables a user in a role to access a specified set of system enables a user in a role to access a specified set of system
resources by causing a specific set of system actions to be resources by causing a specific set of system actions to be
performed on the resources. performed on the resources.
skipping to change at page 215, line 28 skipping to change at page 218, line 41
2a. (I) /system integrity/ The process of restoring a secure state 2a. (I) /system integrity/ The process of restoring a secure state
in a system after there has been an accidental failure or a in a system after there has been an accidental failure or a
successful attack. (See: secondary definition under "security", successful attack. (See: secondary definition under "security",
system integrity.) system integrity.)
2b. (I) /system integrity/ The process of restoring an information 2b. (I) /system integrity/ The process of restoring an information
system's assets and operation following damage or destruction. system's assets and operation following damage or destruction.
(See: contingency plan.) (See: contingency plan.)
$ RED $ RED
1. (I) Designation for data that consists only of clear text, and 1. (N) Designation for data that consists only of clear text, and
for information system equipment items and facilities that handle for information system equipment items and facilities that handle
clear text. Example: "RED key". (See: color change, RED/BLACK clear text. Example: "RED key". (See: color change, RED/BLACK
separation. Compare: BLACK.) separation. Compare: BLACK.)
Derivation: From the practice of marking equipment with colors to Derivation: From the practice of marking equipment with colors to
prevent operational errors. prevent operational errors.
2. (O) /U.S. Government/ Designation applied to information 2. (O) /U.S. Government/ Designation applied to information
systems, and to associated areas, circuits, components, and systems, and to associated areas, circuits, components, and
equipment, "in which unencrypted national security information is equipment, "in which unencrypted national security information is
being processed." [C4009] being processed." [C4009]
$ RED/BLACK separation $ RED/BLACK separation
(I) An architectural concept for cryptographic systems that (N) An architectural concept for cryptographic systems that
strictly separates the parts of a system that handle plain text strictly separates the parts of a system that handle plain text
(i.e., RED information) from the parts that handle cipher text (i.e., RED information) from the parts that handle cipher text
(i.e., BLACK information). (See: BLACK, RED.) (i.e., BLACK information). (See: BLACK, RED.)
$ Red Book $ Red Book
(D) /slang/ Synonym for "Trusted Network Interpretation of the (D) /slang/ Synonym for "Trusted Network Interpretation of the
Trusted Computer System Evaluation Criteria" [NCS05]. Trusted Computer System Evaluation Criteria" [NCS05].
Deprecated Term: ISDs SHOULD NOT use this term. Instead, use the Deprecated Term: ISDs SHOULD NOT use this term. Instead, use the
full proper name of the document or, in subsequent references, a full proper name of the document or, in subsequent references, a
more conventional abbreviation, e.g., TNI-TCSEC. (See: TCSEC, more conventional abbreviation, e.g., TNI-TCSEC. (See: TCSEC,
Rainbow Series, Deprecated Usage under "Green Book".) Rainbow Series, Deprecated Usage under "Green Book".)
$ RED key $ RED key
(I) A cleartext key, which is usable in its present form (i.e., it (N) A cleartext key, which is usable in its present form (i.e., it
does not need to be decrypted before being used). (See: RED. does not need to be decrypted before being used). (See: RED.
Compare: BLACK key.) Compare: BLACK key.)
$ reference monitor $ reference monitor
(I) "An access control concept that refers to an abstract machine (I) "An access control concept that refers to an abstract machine
that mediates all accesses to objects by subjects." [NCS04] (See: that mediates all accesses to objects by subjects." [NCS04] (See:
security kernel.) security kernel.)
Tutorial: This concept was described in the Anderson report. A Tutorial: This concept was described in the Anderson report. A
reference monitor should be (a) complete (i.e., it mediates every reference monitor should be (a) complete (i.e., it mediates every
access), (b) isolated (i.e., it cannot be modified by other system access), (b) isolated (i.e., it cannot be modified by other system
entities), and (c) verifiable (i.e., small enough to be subjected entities), and (c) verifiable (i.e., small enough to be subjected
to analysis and tests to ensure that it is correct). to analysis and tests to ensure that it is correct).
$ reflection attack $ reflection attack
(I) An attack in which a valid data transmission is maliciously or (I) An attack in which a valid data transmission is replayed to
fraudulently retransmitted, either by an adversary who intercepts the originator by an attacker who intercepts the original
the data or by its originator. (Compare: replay attack.) transmission. (Compare: indirect attack, replay attack.)
$ reflector attack
(D) Synonymn for "indirect attack".
Deprecated Term: ISDs SHOULD NOT use this term; it could be
confused with "reflection attack", which is a different concept.
$ registered user $ registered user
(I) A system entity that is authorized to receive a system's (I) A system entity that is authorized to receive a system's
products and services or otherwise access system resources. (See: products and services or otherwise access system resources. (See:
registration, user.) registration, user.)
$ registration $ registration
1. (I) /information system/ A system process that (a) initializes 1. (I) /information system/ A system process that (a) initializes
an identity (of a system entity) in the system, (b) establishes an an identity (of a system entity) in the system, (b) establishes an
identifier for that identity, (c) may associate authentication identifier for that identity, (c) may associate authentication
skipping to change at page 219, line 16 skipping to change at page 222, line 36
shared secret value, then checks the user's authentication shared secret value, then checks the user's authentication
information, and finally returns to the client all authorization information, and finally returns to the client all authorization
and configuration information needed by the client to deliver and configuration information needed by the client to deliver
service to the user. service to the user.
$ renew $ renew
See: certificate renewal. See: certificate renewal.
$ replay attack $ replay attack
(I) An attack in which a valid data transmission is maliciously or (I) An attack in which a valid data transmission is maliciously or
fraudulently repeated, either by the originator or by an adversary fraudulently repeated, either by the originator or by a third
who intercepts the data and retransmits it, possibly as part of a party who intercepts the data and retransmits it, possibly as part
masquerade attack. (See: active wiretapping, fresh, liveness, of a masquerade attack. (See: active wiretapping, fresh, liveness,
nonce. Compare: reflection attack.) nonce. Compare: indirect attack, reflection attack.)
$ reordering $ reordering
(I) /packet/ See: secondary definition under "stream integrity (I) /packet/ See: secondary definition under "stream integrity
service". service".
$ repository $ repository
1. (I) A system for storing and distributing digital certificates 1. (I) A system for storing and distributing digital certificates
and related information (including CRLs, CPSs, and certificate and related information (including CRLs, CPSs, and certificate
policies) to certificate users. (Compare: archive, directory.) policies) to certificate users. (Compare: archive, directory.)
skipping to change at page 220, line 18 skipping to change at page 223, line 37
1. (I) One of the documents in the archival series that is the 1. (I) One of the documents in the archival series that is the
official channel for ISDs and other publications of the Internet official channel for ISDs and other publications of the Internet
Engineering Steering Group, the Internet Architecture Board, and Engineering Steering Group, the Internet Architecture Board, and
the Internet community in general. (RFC 2026, 2223) (See: Internet the Internet community in general. (RFC 2026, 2223) (See: Internet
Standard.) Standard.)
2. (D) A popularly misused synonym for a document on the Internet 2. (D) A popularly misused synonym for a document on the Internet
Standards Track, i.e., an Internet Standard, Draft Standard, or Standards Track, i.e., an Internet Standard, Draft Standard, or
Proposed Standard. (See: Internet Standard.) Proposed Standard. (See: Internet Standard.)
Deprecated Definition: This term SHOULD NOT be used as a synonym Deprecated Definition: ISDs SHOULD NOT use this term with
for a document on the Internet Standards Track because many other definition 2 because many other types of documents also are
types of documents also are published as RFCs. published as RFCs.
$ residual risk $ residual risk
(I) The portion of an original risk or set of risks that remains (I) The portion of an original risk or set of risks that remains
after countermeasures have been applied. (Compare: acceptable after countermeasures have been applied. (Compare: acceptable
risk, risk analysis.) risk, risk analysis.)
$ restore $ restore
See: card restore. See: card restore.
$ revocation $ revocation
skipping to change at page 222, line 27 skipping to change at page 225, line 45
$ risk management $ risk management
1. (I) The process of identifying, measuring, and controlling 1. (I) The process of identifying, measuring, and controlling
(i.e., mitigating) risks in information systems so as to reduce (i.e., mitigating) risks in information systems so as to reduce
the risks to a level commensurate with the value of the assets the risks to a level commensurate with the value of the assets
protected. (See: risk analysis.) protected. (See: risk analysis.)
2. (I) The process of controlling uncertain events that may affect 2. (I) The process of controlling uncertain events that may affect
information system resources. information system resources.
3. (O) "The total process of identifying, controlling, and 3. (O) "The total process of identifying, controlling, and
mitigating information system- Drelated risks. It includes risk mitigating information system-Drelated risks. It includes risk
assessment; cost-benefit analysis; and the selection, assessment; cost-benefit analysis; and the selection,
implementation, test, and security evaluation of safeguards. This implementation, test, and security evaluation of safeguards. This
overall system security review considers both effectiveness and overall system security review considers both effectiveness and
efficiency, including impact on the mission and constraints due to efficiency, including impact on the mission and constraints due to
policy, regulations, and laws." [SP30] policy, regulations, and laws." [SP30]
$ risk transference $ risk transference
(I) See: secondary definition under "risk". (I) See: secondary definition under "risk".
$ Rivest Cipher #2 (RC2) $ Rivest Cipher #2 (RC2)
skipping to change at page 223, line 48 skipping to change at page 227, line 15
private key to get s. She sends m and s. Bob receives m' and s', private key to get s. She sends m and s. Bob receives m' and s',
either of which might have been changed from the m and s that either of which might have been changed from the m and s that
Alice sent. To test this, he decrypts s' with Alice's public key Alice sent. To test this, he decrypts s' with Alice's public key
to get v'. He then computes h(m') = v". If v' equals v", Bob is to get v'. He then computes h(m') = v". If v' equals v", Bob is
assured that m' is the same m that Alice sent. assured that m' is the same m that Alice sent.
$ robustness $ robustness
(N) See: level of robustness. (N) See: level of robustness.
$ role $ role
1. (I) A job function (or a job title that implies a function) to 1. (I) A job function or employment position to which people or
which people or other system entities may be assigned in a system. other system entities may be assigned in a system. (See: role-
(See: role-based access control. Compare: duty, billet, principal, based access control. Compare: duty, billet, principal, user.)
user.) f
2. (O) /Common Criteria/ A pre-defined set of rules establishing 2. (O) /Common Criteria/ A pre-defined set of rules establishing
the allowed interactions between a user and the TOE. the allowed interactions between a user and the TOE.
$ role-based access control $ role-based access control
(I) A form of identity-based access control wherein the system (I) A form of identity-based access control wherein the system
entities that are identified and controlled are functional entities that are identified and controlled are functional
positions in an organization or process. [Sand] (See: positions in an organization or process. [Sand] (See:
authorization, constraint, identity, principal, role.) authorization, constraint, identity, principal, role.)
Tutorial: Administrators assign permissions to roles as needed to Tutorial: Administrators assign permissions to roles as needed to
skipping to change at page 227, line 26 skipping to change at page 231, line 5
(I) See: Security Association Database. (I) See: Security Association Database.
$ safety $ safety
(I) The property of a system being free from risk of causing harm (I) The property of a system being free from risk of causing harm
(especially physical harm) to its system entities. (Compare: (especially physical harm) to its system entities. (Compare:
security.) security.)
$ SAID $ SAID
(I) See: security association identifier. (I) See: security association identifier.
$ salami swindle
(D) "Slicing off a small amount from each transaction. This kind
of theft was made worthwhile by automation. Given a high
transaction flow, even rounding down to the nearest cent and
putting the 'extra' in a bogus account can be very profitable."
[NCSSG]
Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book.")
$ salt $ salt
(I) A data value used to vary the results of a computation in a (I) A data value used to vary the results of a computation in a
security mechanism, so that an exposed computational result from security mechanism, so that an exposed computational result from
one instance of applying the mechanism cannot be reused by an one instance of applying the mechanism cannot be reused by an
attacker in another instance. (Compare: initialization value.) attacker in another instance. (Compare: initialization value.)
Example: A password-based access control mechanism might protect Example: A password-based access control mechanism might protect
against capture or accidental disclosure of its password file by against capture or accidental disclosure of its password file by
applying a one-way encryption algorithm to passwords before applying a one-way encryption algorithm to passwords before
storing them in the file. To increase the difficulty of off-line, storing them in the file. To increase the difficulty of off-line,
skipping to change at page 229, line 14 skipping to change at page 232, line 56
$ SDU $ SDU
(N) See: "service data unit" under "protocol data unit". (N) See: "service data unit" under "protocol data unit".
$ seal $ seal
1. (I) To use asymmetric cryptography to encrypt plain text with a 1. (I) To use asymmetric cryptography to encrypt plain text with a
public key in such a way that only the holder of the matching public key in such a way that only the holder of the matching
private key can learn what was the plain text. [Chau] (Compare: private key can learn what was the plain text. [Chau] (Compare:
shroud, wrap.) shroud, wrap.)
Deprecated Term: ISDs SHOULD NOT use this term as defined here; Deprecated Term: ISDs SHOULD NOT use this term with definition 1;
the definition duplicates the meaning of other, standard terms. the definition duplicates the meaning of other, standard terms.
Instead, use "encrypt" or another term that is specific with Instead, use "encrypt" or another term that is specific with
regard to the mechanism being used. regard to the mechanism being used.
Tutorial: The definition does *not* say "only the holder of the Tutorial: The definition does *not* say "only the holder of the
matching private key can decrypt the ciphertext to learn what was matching private key can decrypt the ciphertext to learn what was
the plaintext"; sealing is stronger than that. If Alice simply the plaintext"; sealing is stronger than that. If Alice simply
encrypts a plaintext P with a public key K to produce ciphertext C encrypts a plaintext P with a public key K to produce ciphertext C
= K(P), then if Bob guesses that P = X, Bob could verify the guess = K(P), then if Bob guesses that P = X, Bob could verify the guess
by checking whether K(P) = K(X). To "seal" P and block Bob's by checking whether K(P) = K(X). To "seal" P and block Bob's
skipping to change at page 230, line 9 skipping to change at page 233, line 49
Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts
in a potentially misleading way. In the context of asymmetric in a potentially misleading way. In the context of asymmetric
cryptography, ISDs SHOULD use "private key". In the context of cryptography, ISDs SHOULD use "private key". In the context of
symmetric cryptography, the adjective "secret" is unnecessary symmetric cryptography, the adjective "secret" is unnecessary
because all keys must be kept secret. because all keys must be kept secret.
$ secret-key cryptography $ secret-key cryptography
(D) Synonym for "symmetric cryptography". (D) Synonym for "symmetric cryptography".
Deprecated Term: ISDs SHOULD NOT use this term; it could be Deprecated Term: ISDs SHOULD NOT use this term; it could be
confused with asymmetric cryptography, in which the private key is confused with "asymmetric cryptography", in which the private key
kept secret. is kept secret.
Derivation: Symmetric cryptography is sometimes called "secret-key Derivation: Symmetric cryptography is sometimes called "secret-key
cryptography" because entities that share the key, such as the cryptography" because entities that share the key, such as the
originator and the recipient of a message, need to keep the key originator and the recipient of a message, need to keep the key
secret from other entities. secret from other entities.
$ Secure BGP (S-BGP) $ Secure BGP (S-BGP)
(I) A project of BBN Technologies, sponsored by the U.S. DoD's (I) A project of BBN Technologies, sponsored by the U.S. DoD's
Defense Advanced Research Projects Agency, to design and Defense Advanced Research Projects Agency, to design and
demonstrate an architecture to secure the Border Gateway Protocol demonstrate an architecture to secure the Border Gateway Protocol
skipping to change at page 236, line 45 skipping to change at page 240, line 33
$ security controls $ security controls
(N) The management, operational, and technical controls (N) The management, operational, and technical controls
(safeguards or countermeasures) prescribed for an information (safeguards or countermeasures) prescribed for an information
system which, taken together, satisfy the specified security system which, taken together, satisfy the specified security
requirements and adequately protect the confidentiality, requirements and adequately protect the confidentiality,
integrity, and availability of the system and its information. integrity, and availability of the system and its information.
[FP199] (See: security architecture.) [FP199] (See: security architecture.)
$ security doctrine $ security doctrine
1. (I) A specified set of procedures or practices that direct or (I) A specified set of procedures or practices that direct or
provide guidance for how to comply with security policy. (Compare: provide guidance for how to comply with security policy. (Compare:
security mechanism, security policy.) security mechanism, security policy.)
Tutorial: Security policy and security doctrine are closely Tutorial: Security policy and security doctrine are closely
related. However, policy deals mainly with strategy, and doctrine related. However, policy deals mainly with strategy, and doctrine
deals with tactics. deals with tactics.
Security doctrine is often understood to refer mainly to Security doctrine is often understood to refer mainly to
administrative security, personnel security, and physical administrative security, personnel security, and physical
security. For example, security mechanisms and devices that security. For example, security mechanisms and devices that
skipping to change at page 237, line 46 skipping to change at page 241, line 34
- Detecting an alarm condition reported by a cryptographic - Detecting an alarm condition reported by a cryptographic
module. module.
- Failing a built-in hardware self-test or a software system - Failing a built-in hardware self-test or a software system
integrity check. integrity check.
$ security fault analysis $ security fault analysis
(I) A security analysis, usually performed on hardware at the (I) A security analysis, usually performed on hardware at the
level of gate logic, gate-by-gate, to determine the security level of gate logic, gate-by-gate, to determine the security
properties of a device when a hardware fault is encountered. properties of a device when a hardware fault is encountered.
$ security function
(I) A function in a system that is relevant to the security of the
system; i.e., a system function that must operate correctly in
order to ensure adherence to the system's security policy.
$ security gateway $ security gateway
1. (I) An internetwork gateway that separates trusted (or 1. (I) An internetwork gateway that separates trusted (or
relatively more trusted) hosts on one side from untrusted (or less relatively more trusted) hosts on one side from untrusted (or less
trusted) hosts on the other side. (See: firewall and guard.) trusted) hosts on the other side. (See: firewall and guard.)
2. (O) /IPsec/ "An intermediate system that implements IPsec 2. (O) /IPsec/ "An intermediate system that implements IPsec
protocols." [R2401] protocols." [R2401]
Tutorial: IPsec's AH or ESP can be implemented on a gateway Tutorial: IPsec's AH or ESP can be implemented on a gateway
between a protected network and an unprotected network, in order between a protected network and an unprotected network, in order
to provide security services to the protected network's hosts when to provide security services to the protected network's hosts when
they communicate across the unprotected network to other hosts and they communicate across the unprotected network to other hosts and
gateways. gateways.
$ security incident $ security incident
1. (I) A security event that involves a security violation. (See: 1. (I) A security event that involves a security violation. (See:
CERT, security event, security intrusion, security violation.) CERT, security event, security intrusion, security violation.)
Tutorial: In other words, a security event in which the system's
Tutorial: In other words, a security-relevant system event in security policy is disobeyed or otherwise breached.
which the system's security policy is disobeyed or otherwise
breached.
2. (D) "Any adverse event [that] compromises some aspect of 2. (D) "Any adverse event [that] compromises some aspect of
computer or network security." [R2350] computer or network security." [R2350]
Deprecated Definition: ISDs SHOULD NOT use definition 2 because Deprecated Definition: ISDs SHOULD NOT use definition 2 because
(a) a security incident may occur without actually being harmful (a) a security incident may occur without actually being harmful
(i.e., adverse) and (b) this Glossary defines "compromise" more (i.e., adverse) and (b) this Glossary defines "compromise" more
narrowly in relation to unauthorized access. narrowly in relation to unauthorized access.
3. (D) "A violation or imminent threat of violation of computer 3. (D) "A violation or imminent threat of violation of computer
security policies, acceptable use policies, or standard computer security policies, acceptable use policies, or standard computer
security practices." [SP61] security practices." [SP61]
Deprecated Definition: ISDs SHOULD NOT use this definition because Deprecated Definition: ISDs SHOULD NOT use definition 3 because it
mixes concepts in way that does not agree with common usage; a mixes concepts in way that does not agree with common usage; a
security incident is commonly thought of as involving a security incident is commonly thought of as involving a
realization of a threat (see: threat action), not just a threat. realization of a threat (see: threat action), not just a threat.
$ security intrusion $ security intrusion
(I) A security event, or a combination of multiple security (I) A security event, or a combination of multiple security
events, that constitutes a security incident in which an intruder events, that constitutes a security incident in which an intruder
gains, or attempts to gain, access to a system or system resource gains, or attempts to gain, access to a system or system resource
without having authorization to do so. without having authorization to do so.
skipping to change at page 240, line 28 skipping to change at page 244, line 20
relevant attributes of the resource. (Compare: security label.) relevant attributes of the resource. (Compare: security label.)
Tutorial: A security label may be represented by various Tutorial: A security label may be represented by various
equivalent markings depending on the physical form taken by the equivalent markings depending on the physical form taken by the
labeled resource. For example, a document could have a marking labeled resource. For example, a document could have a marking
composed of a bit pattern [FP188] when the document is stored composed of a bit pattern [FP188] when the document is stored
electronically as a file in a computer, and also a marking of electronically as a file in a computer, and also a marking of
printed alphabetic characters when the document is in paper form. printed alphabetic characters when the document is in paper form.
$ security mechanism $ security mechanism
(I) A process (or a device incorporating such a process) that can (I) A method or process (or a device incorporating it) that can be
be used in a system to implement a security service that is used in a system to implement a security service that is provided
provided by or within the system. (See: Tutorial under "security by or within the system. (See: Tutorial under "security policy".
policy". Compare: security doctrine.) Compare: security doctrine.)
Usage: Usually understood to refer primarily to components of Usage: Usually understood to refer primarily to components of
communication security, computer security, and emanation security. communication security, computer security, and emanation security.
Examples: Authentication exchange, checksum, digital signature, Examples: Authentication exchange, checksum, digital signature,
encryption, and traffic padding. encryption, and traffic padding.
$ security model $ security model
(I) A schematic description of a set of entities and relationships (I) A schematic description of a set of entities and relationships
by which a specified set of security services are provided by or by which a specified set of security services are provided by or
within a system. Example: Bell-LaPadula model, OSIRM . (See: within a system. Example: Bell-LaPadula model, OSIRM . (See:
Tutorial under "security policy".) Tutorial under "security policy".)
$ security parameters index (SPI) $ security parameters index (SPI)
(I) /IPsec/ A 32-bit identifier used to distinguish among security 1. (I) /IPsec/ A 32-bit identifier used to distinguish among
associations that terminate at the same destination (IP address) security associations that terminate at the same destination (IP
and use the same security protocol (AH or ESP). Carried in AH and address) and use the same security protocol (AH or ESP). Carried
ESP to enable the receiving system to determine under which in AH and ESP to enable the receiving system to determine under
security association to process a received packet. which security association to process a received packet.
(I) /mobile IP/ A 32-bit index identifying a security association 2. (I) /mobile IP/ A 32-bit index identifying a security
from among the collection of associations that are available association from among the collection of associations that are
between a pair of nodes, for application to mobile IP protocol available between a pair of nodes, for application to mobile IP
messages that the nodes exchange. protocol messages that the nodes exchange.
$ security perimeter $ security perimeter
(I) A physical or logical boundary that is defined for a domain or (I) A physical or logical boundary that is defined for a domain or
enclave and within which a particular security policy or security enclave and within which a particular security policy or security
architecture applies. (See: insider, outsider.) architecture applies. (See: insider, outsider.)
$ security policy $ security policy
1. (I) A definite goal, course, or method of action to guide and 1. (I) A definite goal, course, or method of action to guide and
determine present and future decisions concerning security in a determine present and future decisions concerning security in a
system. [R3198] (Compare: certificate policy.) system. [R3198] (Compare: certificate policy.)
skipping to change at page 242, line 50 skipping to change at page 246, line 42
$ Security Protocol 3 (SP3) $ Security Protocol 3 (SP3)
(O) A protocol [SDNS3] developed by SDNS to provide connectionless (O) A protocol [SDNS3] developed by SDNS to provide connectionless
data security at the top of OSIRM Layer 3. (Compare: IPsec, NLSP.) data security at the top of OSIRM Layer 3. (Compare: IPsec, NLSP.)
$ Security Protocol 4 (SP4) $ Security Protocol 4 (SP4)
(O) A protocol [SDNS4] developed by SDNS to provide either (O) A protocol [SDNS4] developed by SDNS to provide either
connectionless or end-to-end connection-oriented data security at connectionless or end-to-end connection-oriented data security at
the bottom of OSIRM Layer 4. (See: TLSP.) the bottom of OSIRM Layer 4. (See: TLSP.)
$ security-relevant event $ security-relevant event
(D) See: security event. (D) Synonym for "security event".
Deprecated Term: ISDs SHOULD NOT use this term; it is wordy.
$ security-sensitive function
(D) Synonym for "security function".
Deprecated Term: ISDs SHOULD NOT use this term; it is wordy.
$ security service $ security service
1. (I) A processing or communication service that is provided by a 1. (I) A processing or communication service that is provided by a
system to give a specific kind of protection to system resources. system to give a specific kind of protection to system resources.
(See: access control service, audit service, availability service, (See: access control service, audit service, availability service,
data confidentiality service, data integrity service, data origin data confidentiality service, data integrity service, data origin
authentication service, non-repudiation service, peer entity authentication service, non-repudiation service, peer entity
authentication service, system integrity service.) authentication service, system integrity service.)
Tutorial: Security services implement security policies, and are Tutorial: Security services implement security policies, and are
implemented by security mechanisms. implemented by security mechanisms.
2. (O) "A service, provided by a layer of communicating open 2. (O) "A service, provided by a layer of communicating open
systems, which ensures adequate security of the systems or the systems, which ensures adequate security of the systems or the
data transfers." [I7498-2] data transfers." [I7498-2]
$ security situation $ security situation
(I) /ISAKMP/ The set of all security-relevant information -- e.g., (I) /ISAKMP/ The set of all security-relevant information (e.g.,
network addresses, security classifications, manner of operation network addresses, security classifications, manner of operation
(normal or emergency) -- that is needed to decide the security such as normal or emergency) that is needed to decide the security
services that are required to protect the association that is services that are required to protect the association that is
being negotiated. being negotiated.
$ security target $ security target
(N) /Common Criteria/ A set of security requirements and (N) /Common Criteria/ A set of security requirements and
specifications to be used as the basis for evaluation of an specifications to be used as the basis for evaluation of an
identified TOE. identified TOE.
Tutorial: An security target (ST) is a statement of security Tutorial: An security target (ST) is a statement of security
claims for a particular information technology security product or claims for a particular information technology security product or
skipping to change at page 245, line 29 skipping to change at page 249, line 29
established by the Director of Central Intelligence. [DC6/9] (See: established by the Director of Central Intelligence. [DC6/9] (See:
compartment, SCIF) compartment, SCIF)
$ sensitive compartmented information facility (SCIF) $ sensitive compartmented information facility (SCIF)
(O) /U.S. Government/ An accredited area, room, group of rooms, (O) /U.S. Government/ An accredited area, room, group of rooms,
building, or installation where SCI may be stored, used, building, or installation where SCI may be stored, used,
discussed, or electronically processed. [DC6/9] (See: SCI. discussed, or electronically processed. [DC6/9] (See: SCI.
Compare: shielded enclosure.) Compare: shielded enclosure.)
$ sensitive information $ sensitive information
(I) Information for which (a) disclosure, (b) alteration, or (c) 1. (I) Information for which (a) disclosure, (b) alteration, or
destruction or loss could adversely affect the interests or (c) destruction or loss could adversely affect the interests or
business of its owner or user. (See: data confidentiality, data business of its owner or user. (See: data confidentiality, data
integrity, sensitive. Compare: classified, critical.) integrity, sensitive. Compare: classified, critical.)
(O) /U.S. Government/ Information for which (a) loss, (b) misuse, 2. (O) /U.S. Government/ Information for which (a) loss, (b)
(c) unauthorized access, or (d) unauthorized modification could misuse, (c) unauthorized access, or (d) unauthorized modification
adversely affect the national interest or the conduct of federal could adversely affect the national interest or the conduct of
programs, or the privacy to which individuals are entitled under federal programs, or the privacy to which individuals are entitled
the Privacy Act of 1974, but that has not been specifically under the Privacy Act of 1974, but that has not been specifically
authorized under criteria established by an Executive Order or an authorized under criteria established by an Executive Order or an
Act of Congress to be kept classified in the interest of national Act of Congress to be kept classified in the interest of national
defense or foreign policy. defense or foreign policy.
Tutorial: Systems that are not U.S. national security systems, but Tutorial: Systems that are not U.S. national security systems, but
contain sensitive U.S. Federal Government information, must be contain sensitive U.S. Federal Government information, must be
protected according to the Computer Security Act of 1987 (Public protected according to the Computer Security Act of 1987 (Public
Law 100-235). Law 100-235). (See: national security.)
$ sensitivity label $ sensitivity label
(D) Synonym for "classification label". (D) Synonym for "classification label".
Deprecated term: ISDs SHOULD NOT use this term because the Deprecated term: ISDs SHOULD NOT use this term because the
definition of "sensitive" involves not only data confidentiality, definition of "sensitive" involves not only data confidentiality,
but also data integrity. but also data integrity.
$ sensitivity level $ sensitivity level
(D) Synonym for "classification level". (D) Synonym for "classification level".
skipping to change at page 248, line 19 skipping to change at page 252, line 16
standard. A later memorandum of understanding added American standard. A later memorandum of understanding added American
Express and JCB Credit Card Company as co-owners of SETCo. Express and JCB Credit Card Company as co-owners of SETCo.
$ SHA, SHA-1, SHA-2 $ SHA, SHA-1, SHA-2
(N) See: Secure Hash Algorithm. (N) See: Secure Hash Algorithm.
$ shared identity $ shared identity
(I) See: secondary definition under "identity". (I) See: secondary definition under "identity".
$ shared secret $ shared secret
(D) A synonym for "cryptographic key" or "password". (D) Synonym for "cryptographic key" or "password".
Deprecated Usage: ISDs that use this term SHOULD state a Deprecated Usage: ISDs that use this term SHOULD state a
definition for it because the term is used in many ways and could definition for it because the term is used in many ways and could
easily be misunderstood. easily be misunderstood.
$ shielded enclosure $ shielded enclosure
(O) "Room or container designed to attenuate electromagnetic (O) "Room or container designed to attenuate electromagnetic
radiation." [C4009] (See: emanation. Compare: SCIF.) radiation." [C4009] (See: emanation. Compare: SCIF.)
$ short title $ short title
skipping to change at page 251, line 16 skipping to change at page 255, line 16
(I) A set of experimental concepts (RFCs 2692, 2693) that were (I) A set of experimental concepts (RFCs 2692, 2693) that were
proposed as alternatives to the concepts standardized in PKIX. proposed as alternatives to the concepts standardized in PKIX.
$ simple security property $ simple security property
(N) /formal model/ Property of a system whereby a subject has (N) /formal model/ Property of a system whereby a subject has
read access to an object only if the clearance of the subject read access to an object only if the clearance of the subject
dominates the classification of the object. See: Bell-LaPadula dominates the classification of the object. See: Bell-LaPadula
model. model.
$ single sign-on $ single sign-on
(I) A system that enables a user to access multiple computer 1. (I) An authentication subsystem that enables a user to access
platforms (usually a set of hosts on the same network) or multiple multiple, connected system components (such as separate hosts on a
application systems after being authenticated just one time. (See: network) after a single login at only one of the components. (See:
Kerberos.) Kerberos.)
Tutorial: In a single sign-on system, a user typically logs in 2. (O) /Liberty Alliance/ A security subsystem that enables a user
just once, and then is transparently granted access to a set of identity to be authenticated at an identity provider -- i.e., at a
system resources with no further login being required (unless, of service that authenticates and asserts the user's identity -- and
course, the user logs out). Such a system has the advantages of then have that authentication be honored by other service
providers.
Tutorial: A single sign-on subsytem typically requires a user to
to log in once at the beginning of a session, and then during the
session transparently grants access by the user to multiple,
separately protected hosts, applications, or other system
resources, without further login action by the user (unless, of
course, the user logs out). Such a subsystem has the advantages of
being user friendly and enabling authentication to be managed being user friendly and enabling authentication to be managed
consistently across an entire enterprise. Such a system also has consistently across an entire enterprise. Such a subsystem also
the disadvantage of requiring all hosts and applications to trust has the disadvantage of requiring all the accessed components to
the same authentication information. depend on the security of the same authentication information.
$ singular identity $ singular identity
(I) See: secondary definition under "identity". (I) See: secondary definition under "identity".
$ site $ site
(I) A facility -- i.e., a physical space, room, or building (I) A facility -- i.e., a physical space, room, or building
together with its physical, personnel, administrative, and other together with its physical, personnel, administrative, and other
safeguards -- in which system functions are performed. (See: safeguards -- in which system functions are performed. (See:
node.) node.)
skipping to change at page 252, line 39 skipping to change at page 256, line 47
$ SMI $ SMI
(I) See: security management infrastructure. (I) See: security management infrastructure.
$ SMTP $ SMTP
(I) See: Simple Mail Transfer Protocol. (I) See: Simple Mail Transfer Protocol.
$ smurf attack $ smurf attack
(D) /slang/ A denial-of-service attack that uses IP broadcast (D) /slang/ A denial-of-service attack that uses IP broadcast
addressing to send ICMP ping packets with the intent of flooding a addressing to send ICMP ping packets with the intent of flooding a
system. (See: ICMP flood.) system. (See: fraggle attack, ICMP flood.)
Deprecated Term: ISDs SHOULD NOT use this term. It is not listed Deprecated Term: ISDs SHOULD NOT use this term. It is not listed
in most English dictionaries, and other cultures are likely to use in most English dictionaries, and other cultures are likely to use
different metaphors for this concept. different metaphors for this concept.
Derivation: The Smurfs are a fictional race of many small, blue Derivation: The Smurfs are a fictional race of small, blue
creatures that were created by a cartoonist. Perhaps the inventor creatures that were created by a cartoonist. Perhaps the inventor
of this attack thought that a swarm of ping packets resembled a of this attack thought that a swarm of ping packets resembled a
gang of smurfs. (See: Deprecated Usage under "Green Book".) gang of smurfs. (See: Deprecated Usage under "Green Book".)
Tutorial: The attacker sends ICMP echo request ("ping") packets Tutorial: The attacker sends ICMP echo request ("ping") packets
that appear to originate not from the attacker's own IP address, that appear to originate not from the attacker's own IP address,
but from the address of the host or router that is the target of but from the address of the host or router that is the target of
the attack. Each packet is addressed to an IP broadcast address, the attack. Each packet is addressed to an IP broadcast address,
e.g., to all IP addresses in a given network. Thus, each echo e.g., to all IP addresses in a given network. Thus, each echo
request that is sent by the attacker results in many echo request that is sent by the attacker results in many echo
responses being sent to the target address. This attack can responses being sent to the target address. This attack can
disrupt service at a particular host, at the hosts that depend on disrupt service at a particular host, at the hosts that depend on
a particular router, or in an entire network. a particular router, or in an entire network.
skipping to change at page 253, line 36 skipping to change at page 257, line 42
(See: password sniffing.) (See: password sniffing.)
Deprecated Term: ISDs SHOULD NOT use this term; it unnecessarily Deprecated Term: ISDs SHOULD NOT use this term; it unnecessarily
duplicates the meaning of a term that is better established. (See: duplicates the meaning of a term that is better established. (See:
Deprecated Usage under "Green Book". Deprecated Usage under "Green Book".
$ SNMP $ SNMP
(I) See: Simple Network Management Protocol. (I) See: Simple Network Management Protocol.
$ social engineering $ social engineering
(D) A euphemism for non-technical or low-technology methods, often (D) Euphemism for non-technical or low-technology methods, often
involving trickery or fraud, that are used to attack information involving trickery or fraud, that are used to attack information
systems. Example: phishing. systems. Example: phishing.
Deprecated Term: ISDs SHOULD NOT use this term; it is too vague. Deprecated Term: ISDs SHOULD NOT use this term; it is too vague.
Instead, use a term that is specific with regard to the means of Instead, use a term that is specific with regard to the means of
attack, e.g., blackmail, bribery, coercion, impersonation, attack, e.g., blackmail, bribery, coercion, impersonation,
intimidation, lying, or theft. intimidation, lying, or theft.
$ SOCKS $ SOCKS
(I) An Internet protocol [R1928] that provides a generalized proxy (I) An Internet protocol [R1928] that provides a generalized proxy
skipping to change at page 255, line 41 skipping to change at page 259, line 48
result of a Monty Python skit in which a group of Vikings sang a result of a Monty Python skit in which a group of Vikings sang a
chorus of 'SPAM, SPAM, SPAM ...' in an increasing crescendo, chorus of 'SPAM, SPAM, SPAM ...' in an increasing crescendo,
drowning out other conversation. This lyric became a metaphor for drowning out other conversation. This lyric became a metaphor for
the unsolicited advertising messages that threaten to overwhelm the unsolicited advertising messages that threaten to overwhelm
other discourse on the Internet. other discourse on the Internet.
$ SPD $ SPD
(I) See: Security Policy Database. (I) See: Security Policy Database.
$ special access program (SAP) $ special access program (SAP)
(O) /U.S. Government/ "[A kind of p]rogram [that is] established (O) /U.S. Government/ "[A kind of program that is] established for
for a specific class of classified information [and] that imposes a specific class of classified information [and] that imposes
safeguarding and access requirements that exceed those normally safeguarding and access requirements that exceed those normally
required for information at the same classified level." [C4009] required for information at the same classified level." [C4009]
(See: formal access approval, SCI.) (See: formal access approval, SCI.)
Turtorial. /U.S. DoD/ "Any DoD program or activity (as authorized
in [Executive Order] 12958) employing enhanced security measures
(e.g., safeguarding, access requirements, etc.) exceeding those
normally required for collateral information at the same level of
classification shall be established, approved, and managed as a
DoD SAP."
$ SPI $ SPI
(I) See: Security Parameters Index. (I) See: Security Parameters Index.
$ SPKI $ SPKI
(I) See: Simple Public Key Infrastructure. (I) See: Simple Public Key Infrastructure.
$ split key $ split key
(I) A cryptographic key that is generated and distributed as two (I) A cryptographic key that is generated and distributed as two
or more separate data items that individually convey no knowledge or more separate data items that individually convey no knowledge
of the whole key that results from combining the items. (See: dual of the whole key that results from combining the items. (See: dual
skipping to change at page 257, line 38 skipping to change at page 261, line 52
Labels, and (h) SDE PICS Conformance. Parts b, e, f, g, and h are Labels, and (h) SDE PICS Conformance. Parts b, e, f, g, and h are
incorporated in IEEE Standard 802.10-1998. incorporated in IEEE Standard 802.10-1998.
$ star property $ star property
(N) See: *-property. (N) See: *-property.
$ Star Trek attack $ Star Trek attack
(D) /slang/ An attack that penetrates your system where no attack (D) /slang/ An attack that penetrates your system where no attack
has ever gone before. has ever gone before.
Deprecated Usage: This is a joke for Trekkies. (See: Deprecated Deprecated Usage: ISDs SHOULD NOT use this term; it is a joke for
Usage under "Green Book".) Trekkies. (See: Deprecated Usage under "Green Book".)
$ static $ static
(I) /adjective/ Refers to a cryptographic key or other parameter (I) /adjective/ Refers to a cryptographic key or other parameter
that is relatively long-lived. (Compare: ephemeral.) that is relatively long-lived. (Compare: ephemeral.)
$ steganography $ steganography
(I) Methods of hiding the existence of a message or other data. (I) Methods of hiding the existence of a message or other data.
This is different than cryptography, which hides the meaning of a This is different than cryptography, which hides the meaning of a
message but does not hide the message itself. Examples: For message but does not hide the message itself. Examples: For
classic, physical methods, see [Kahn]; for modern, digital classic, physical methods, see [Kahn]; for modern, digital
methods, see [John]. (See: cryptology. Compare: digital methods, see [John]. (See: cryptology. Compare: concealment
watermarking.) system, digital watermarking.)
$ storage channel $ storage channel
(I) See: covert storage channel. (I) See: covert storage channel.
$ storage key $ storage key
(I) A cryptographic key used by a device for protecting (I) A cryptographic key used by a device for protecting
information that is being maintained in the device, as opposed to information that is being maintained in the device, as opposed to
protecting information that is being transmitted between devices. protecting information that is being transmitted between devices.
(See: cryptographic token, token copy. Compare: traffic key.) (See: cryptographic token, token copy. Compare: traffic key.)
skipping to change at page 258, line 41 skipping to change at page 263, line 4
order than that in which they were sent by the source. order than that in which they were sent by the source.
- "Deletion": A packet sent by the source is not ever delivered - "Deletion": A packet sent by the source is not ever delivered
to the intended destination. to the intended destination.
- "Delay": A packet is detained for some period of time at a - "Delay": A packet is detained for some period of time at a
relay, thus hampering and postponing the packet's normal timely relay, thus hampering and postponing the packet's normal timely
delivery from source to destination. delivery from source to destination.
$ strength $ strength
1. (I) /cryptography/ A cryptographic mechanism's level of 1. (I) /cryptography/ A cryptographic mechanism's level of
resistance to attacks [R3776]. (See: strong.) resistance to attacks [R3776]. (See: strong.)
2. (N) /Common Criteria/ "Strength of function" is a 2. (N) /Common Criteria/ "Strength of function" is a
"qualification of a TOE security function expressing the minimum "qualification of a TOE security function expressing the minimum
efforts assumed necessary to defeat its expected security behavior efforts assumed necessary to defeat its expected security behavior
by directly attacking its underlying security mechanisms": (See: by directly attacking its underlying security mechanisms": (See:
strong.) strong.)
- Basic: "A level of the TOE strength of function where analysis - Basic: "A level of the TOE strength of function where analysis
shows that the function provides adequate protection against shows that the function provides adequate protection against
casual breach of TOE security by attackers possessing a low casual breach of TOE security by attackers possessing a low
attack potential." attack potential."
- Medium: "... against straightforward or intentional breach ... - Medium: "... against straightforward or intentional breach ...
by attackers possessing a moderate attack potential. by attackers possessing a moderate attack potential.
- High: "... against deliberately planned or organized breach ... - High: "... against deliberately planned or organized breach ...
by attackers possessing a high attack potential." by attackers possessing a high attack potential."
$ strong $ strong
1. (I) /cryptography/ Used to describe a cryptographic algorithm 1. (I) /cryptography/ Used to describe a cryptographic algorithm
that would require a large amount of computational power to defeat that would require a large amount of computational power to defeat
it. (See: strength, work factor.) it. (See: strength, work factor, weak key.)
2. (I) /COMPUSEC/ Used to describe a security mechanism that would 2. (I) /COMPUSEC/ Used to describe a security mechanism that would
be difficult to defeat. (See: strength, work factor.) be difficult to defeat. (See: strength, work factor.)
$ strong authentication $ strong authentication
1. (I) An authentication process that uses a cryptographic 1. (I) An authentication process that uses a cryptographic
security mechanism -- particularly public-key certificates -- to security mechanism -- particularly public-key certificates -- to
verify the identity claimed for an entity. (Compare: simple verify the identity claimed for an entity. (Compare: simple
authentication.) authentication.)
skipping to change at page 259, line 33 skipping to change at page 263, line 46
1a. (I) A process in a computer system that represents a principal 1a. (I) A process in a computer system that represents a principal
and that executes with the privileges that have been granted to and that executes with the privileges that have been granted to
that principal. (Compare: principal, user.) that principal. (Compare: principal, user.)
1b. (I) /formal model/ A system entity that causes information to 1b. (I) /formal model/ A system entity that causes information to
flow among objects or changes the system state; technically, a flow among objects or changes the system state; technically, a
process-domain pair. A subject may itself be an object relative to process-domain pair. A subject may itself be an object relative to
some other subject; thus, the set of subjects in a system is a some other subject; thus, the set of subjects in a system is a
subset of the set of objects. (See: Bell-LaPadula model, object.) subset of the set of objects. (See: Bell-LaPadula model, object.)
2. (I) /digital certificate/ The entity name that is bound to the 2. (I) /digital certificate/ The name (of a system entity) that is
data items in a digital certificate, and particularly a name that bound to the data items in a digital certificate; e.g., a DN that
is bound to a key in a public-key certificate. (See: X.509.) is bound to a key in a public-key certificate. (See: X.509.)
$ subject CA $ subject CA
(D) The CA that is the subject of a cross-certificate issued by (D) The CA that is the subject of a cross-certificate issued by
another CA. [X509] (See: cross-certification.) another CA. [X509] (See: cross-certification.)
Deprecated Term: ISDs SHOULD NOT use this term because it is not Deprecated Term: ISDs SHOULD NOT use this term because it is not
widely known and could be misunderstood. Instead, say "the CA that widely known and could be misunderstood. Instead, say "the CA that
is the subject of the cross-certificate". is the subject of the cross-certificate".
$ subnetwork $ subnetwork
(N) An OSI term for a system of packet relays and connecting links (N) An OSI term for a system of packet relays and connecting links
that implement OSIRM layers 2 or 3 to provide a communication that implement OSIRM layer 2 or 3 to provide a communication
service that interconnects attached end systems. Usually, the service that interconnects attached end systems. Usually, the
relays are all of the same type (e.g., X.25 packet switches, or relays are all of the same type (e.g., X.25 packet switches, or
interface units in an IEEE 802.3 LAN). (See: gateway, internet, interface units in an IEEE 802.3 LAN). (See: gateway, internet,
router.) router.)
$ subordinate CA (SCA) $ subordinate CA (SCA)
1. (I) A CA whose public-key certificate is issued by another 1. (I) A CA whose public-key certificate is issued by another
(superior) CA. (See: certification hierarchy. Compare: cross- (superior) CA. (See: certification hierarchy. Compare: cross-
certification.) certification.)
2. (O) /MISSI/ The fourth-highest (i.e., bottom) level of a MISSI 2. (O) /MISSI/ The fourth-highest (i.e., bottom) level of a MISSI
certification hierarchy; a MISSI CA whose public-key certificate certification hierarchy; a MISSI CA whose public-key certificate
is signed by a MISSI CA rather than by a MISSI PCA. A MISSI SCA is is signed by a MISSI CA rather than by a MISSI PCA. A MISSI SCA is
the administrative authority for a subunit of an organization, the administrative authority for a subunit of an organization,
established when it is desirable to organizationally distribute or established when it is desirable to organizationally distribute or
decentralize the CA service. The term refers both to that decentralize the CA service. The term refers both to that
authoritative office or role, and to the person who fills that authoritative office or role, and to the person who fills that
office. A MISSI SCA registers end users and issues their office. A MISSI SCA registers end users and issues their
certificates and may also register ORAs, but may not register certificates and may also register ORAs, but may not register
other CAs. An SCA periodically issues a CRL. other CAs. An SCA periodically issues a CRL.
skipping to change at page 262, line 39 skipping to change at page 266, line 53
$ synchronization $ synchronization
(I) Any technique by which a receiving (decrypting) cryptographic (I) Any technique by which a receiving (decrypting) cryptographic
process attains an internal state that matches the transmitting process attains an internal state that matches the transmitting
(encrypting) process, i.e., has the appropriate keying material to (encrypting) process, i.e., has the appropriate keying material to
process the cipher text and is correctly initialized to do so. process the cipher text and is correctly initialized to do so.
$ system $ system
(I) Synonym for "information system". (I) Synonym for "information system".
Usage: This is a generic definition, and is the one with which the Usage: This is a generic definition, and is the one with which the
term is used in this Glossary. However, ISDs that use the term in term is used in this Glossary. However, ISDs that use the term,
protocol specifications SHOULD provide a much more specific especially ISDs that are protocol specifications, SHOULD state a
definition for it. Also, ISDs that specify security features, more specific definition. Also, ISDs that specify security
services, and assurances need to define which system components features, services, and assurances need to define which system
and system resources are inside the applicable security perimeter components and system resources are inside the applicable security
and which are outside. (See: security architecture.) perimeter and which are outside. (See: security architecture.)
$ system architecture $ system architecture
(N) The structure of system components, their relationships, and (N) The structure of system components, their relationships, and
the principles and guidelines governing their design and evolution the principles and guidelines governing their design and evolution
over time. [DoDAF1] (Compare: security architecture.) over time. [DoDAF1] (Compare: security architecture.)
$ system component $ system component
1. (I) A collection of system resources that (a) forms a physical 1. (I) A collection of system resources that (a) forms a physical
or logical part of the system, (b) has specified functions and or logical part of the system, (b) has specified functions and
interfaces, and (c) is treated (e.g., by policies or interfaces, and (c) is treated (e.g., by policies or
skipping to change at page 263, line 19 skipping to change at page 267, line 33
nested; i.e., one component of system may be a part of another nested; i.e., one component of system may be a part of another
component of that system. component of that system.
Tutorial: Components can be characterized as follows: Tutorial: Components can be characterized as follows:
- A "physical component" has mass and takes up space. - A "physical component" has mass and takes up space.
- A "logical component" is an abstraction used to manage and - A "logical component" is an abstraction used to manage and
coordinate aspects of the physical environment, and typically coordinate aspects of the physical environment, and typically
represents a set of states or capabilities of the system. represents a set of states or capabilities of the system.
$ system entity $ system entity
(I) An active component of a system -- e.g., an automated process (I) An active part of a system -- a person, a set of persons
or set of processes (see: subsystem), or a person or set of (e.g., some kind of organization), an automated process, or a set
persons (e.g., an organization) -- that incorporates a specific of processes (see: subsystem) -- that has a specific set of
set of capabilities. (Compare: subject, user.) capabilities. (Compare: subject, user.)
$ system high $ system high
(I) The highest security level at which a system operates, or is (I) The highest security level at which a system operates, or is
capable of operating, at a particular time or in a particular capable of operating, at a particular time or in a particular
environment. (See: system-high security mode.) environment. (See: system-high security mode.)
$ system-high security mode $ system-high security mode
(I) A mode of system operation wherein all users having access to (I) A mode of system operation wherein all users having access to
the system possess all necessary authorizations (both security the system possess all necessary authorizations (both security
clearance and formal access approval) for all data handled by the clearance and formal access approval) for all data handled by the
system, but some users might not have need-to-know for all the system, but some users might not have need-to-know for all the
data. (See: /system operation/ under "mode", formal access data. (See: /system operation/ under "mode", formal access
approval, protection level, security clearance.) approval, protection level, security clearance.)
Usage: Usually abbreviated as "system-high mode". This mode was Usage: Usually abbreviated as "system-high mode". This mode was
defined in U.S. DoD policy that applied to system accreditation, defined in U.S. DoD policy that applied to system accreditation,
but the term is widely used outside the Government. but the term is widely used outside the Government.
$ system integrity $ system integrity
(I) "The quality that a system has when it can perform its 1. (I) "The quality that a system has when it can perform its
intended function in a unimpaired manner, free from deliberate or intended function in a unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation." [NCS04] (See: recovery, inadvertent unauthorized manipulation." [NCS04] (See: recovery,
system integrity service.) system integrity service.)
2. (D) "Quality of an [information system] reflecting the logical
correctness and reliability of the operating system; the logical
completeness of the hardware and software implementing the
protection mechanisms; and the consistency of the data structures
and occurrence of the stored data." [C4009]
Deprecated Definition: ISDs SHOULD NOT use definition 2 because it
mixes several concepts in a potentially misleading way. Instead,
ISDs should use the term with the narrower, recommended definition
and, depending on what is meant, couple the term with additional,
more specifically descriptive and informative terms, such as
"correctness", "reliability", and "data integrity".
$ system integrity service $ system integrity service
(I) A security service that protects system resources in a (I) A security service that protects system resources in a
verifiable manner against unauthorized or accidental change, loss, verifiable manner against unauthorized or accidental change, loss,
or destruction. (See: system integrity.) or destruction. (See: system integrity.)
$ system low $ system low
(I) The lowest security level supported by a system at a (I) The lowest security level supported by a system at a
particular time or in a particular environment. (Compare: system particular time or in a particular environment. (Compare: system
high.) high.)
skipping to change at page 264, line 17 skipping to change at page 268, line 46
by a system; or a system capacity, such as processing power or by a system; or a system capacity, such as processing power or
communication bandwidth; or an item of system equipment (i.e., communication bandwidth; or an item of system equipment (i.e.,
hardware, firmware, software, or documentation); or a facility hardware, firmware, software, or documentation); or a facility
that houses system operations and equipment. (See: system that houses system operations and equipment. (See: system
component.) component.)
$ system security officer (SSO) $ system security officer (SSO)
(I) A person responsible for enforcement or administration of the (I) A person responsible for enforcement or administration of the
security policy that applies to a system. security policy that applies to a system.
$ system user
(I) A system entity that consumes a product or service provided by
the system, or that accesses and employs system resources to
produce a product or service of the system. (See: access, [R2504].
Compare: authorized user, manager, operator, principal, privileged
user, subject, subscriber, system entity, unauthorized user.)
Usage: ISDs that use this term SHOULD state a definition for it
because the term is used in many ways and could easily be
misunderstood:
- This term usually refers to an entity that has been authorized
to access the system, but the term sometimes is used without
regard for whether access is authorized.
- This term usually refers to a living human being acting either
personally or in an organizational role, but the term also may
refer to an automated process in the form of hardware,
software, or firmware; to a set of persons; or to a set of
processes.
- ISDs SHOULD exclude the case of a mixed set containing both
persons and processes. The exclusion is intended to prevent
situations that might require a security policy to be
interpreted in two different and conflicting ways.
A user can be characterized as direct or indirect:
- "Passive user": A system entity that is (a) outside the
system's security perimeter *and* (b) can receive output from
the system but cannot provide input or otherwise interact with
the system.
- "Active user": A system entity that is (a) inside the system's
security perimeter *or* (b) can provide input or otherwise
interact with the system.
$ TACACS $ TACACS
(I) See: Terminal Access Controller (TAC) Access Control System. (I) See: Terminal Access Controller (TAC) Access Control System.
$ TACACS+ $ TACACS+
(I) A TCP-based protocol that improves on TACACS and XTACACS by (I) A TCP-based protocol that improves on TACACS and XTACACS by
separating the functions of authentication, authorization, and separating the functions of authentication, authorization, and
accounting and by encrypting all traffic between the network accounting and by encrypting all traffic between the network
access server and authentication server. TACACS+ is extensible to access server and authentication server. TACACS+ is extensible to
allow any authentication mechanism to be used with TACACS+ allow any authentication mechanism to be used with TACACS+
clients. (See: TACACS, XTACACS.) clients. (See: TACACS, XTACACS.)
skipping to change at page 266, line 33 skipping to change at page 271, line 40
within each letter combination (e.g., KG-34, KG-84). within each letter combination (e.g., KG-34, KG-84).
- Optional suffix letter, used to designate a version. First - Optional suffix letter, used to designate a version. First
version has no letter, next version has "A" (e.g., KG-84, KG- version has no letter, next version has "A" (e.g., KG-84, KG-
84A), etc. 84A), etc.
$ TELNET $ TELNET
(I) A TCP-based, Application-Layer, Internet Standard protocol (I) A TCP-based, Application-Layer, Internet Standard protocol
(RFC 854) for remote login from one host to another. (RFC 854) for remote login from one host to another.
$ TEMPEST $ TEMPEST
(N) Short name for technology and methods for protecting against 1. (N) Short name for technology and methods for protecting
data compromise due to electromagnetic emanations from electrical against data compromise due to electromagnetic emanations from
and electronic equipment. [Russ] (See: inspectable space, soft electrical and electronic equipment. [Russ] (See: inspectable
TEMPEST, TEMPEST zone. Compare: QUADRANT) space, soft TEMPEST, TEMPEST zone. Compare: QUADRANT)
(O) /U.S. Government/ "Short name referring to investigation, 2. (O) /U.S. Government/ "Short name referring to investigation,
study, and control of compromising emanations from IS equipment." study, and control of compromising emanations from IS equipment."
[C4009] [C4009]
Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for
"electromagnetic emanations security"; instead, use EMSEC. Also, "electromagnetic emanations security"; instead, use EMSEC. Also,
the term is NOT an acronym for Transient Electromagnetic Pulse the term is NOT an acronym for Transient Electromagnetic Pulse
Surveillance Technology. Surveillance Technology.
Tutorial: The U.S. Federal Government issues security policies Tutorial: The U.S. Federal Government issues security policies
that (a) state specifications and standards for techniques to that (a) state specifications and standards for techniques to
skipping to change at page 267, line 4 skipping to change at page 272, line 12
Tutorial: The U.S. Federal Government issues security policies Tutorial: The U.S. Federal Government issues security policies
that (a) state specifications and standards for techniques to that (a) state specifications and standards for techniques to
reduce the strength of emanations from systems and reduce the reduce the strength of emanations from systems and reduce the
ability of unauthorized parties to receive and make use of ability of unauthorized parties to receive and make use of
emanations and (b) state rules for applying those techniques. emanations and (b) state rules for applying those techniques.
Other nations presumably do the same. Other nations presumably do the same.
$ TEMPEST zone $ TEMPEST zone
(O) "Designated area [i.e., a physical volume] within a facility (O) "Designated area [i.e., a physical volume] within a facility
where equipment that has appropriate TEMPEST characteristics ... where equipment that has appropriate TEMPEST characteristics ...
may be operated." [C4009] (See: emanation security, TEMPEST. may be operated." [C4009] (See: emanation security, TEMPEST.
Compare: inspectable space.) Compare: control zone, inspectable space.)
Tutorial: The strength of an electromagnetic signal decreases in Tutorial: The strength of an electromagnetic signal decreases in
proportion to the square of the distance between the source and proportion to the square of the distance between the source and
the receiver. Therefore, EMSEC for electromagnetic signals can be the receiver. Therefore, EMSEC for electromagnetic signals can be
achieved by a combination of (a) reducing the strength of achieved by a combination of (a) reducing the strength of
emanations to a defined level and (b) establishing around that emanations to a defined level and (b) establishing around that
equipment an appropriately sized physical buffer zone from which equipment an appropriately sized physical buffer zone from which
unauthorized entities are excluded. By making the zone large unauthorized entities are excluded. By making the zone large
enough, it is possible to limit the signal strength available to enough, it is possible to limit the signal strength available to
entities outside the zone to a level lower than can be received entities outside the zone to a level lower than can be received
skipping to change at page 268, line 40 skipping to change at page 273, line 49
demonstrated, presumed, or inferred intent of that entity to demonstrated, presumed, or inferred intent of that entity to
conduct such activity. conduct such activity.
Tutorial: To be likely to launch an attack, an adversary must have Tutorial: To be likely to launch an attack, an adversary must have
(a) a motive to attack, (b) a method or technical ability to make (a) a motive to attack, (b) a method or technical ability to make
the attack, and (c) an opportunity to appropriately access the the attack, and (c) an opportunity to appropriately access the
targeted system. targeted system.
3. (D) "An indication of an impending undesirable event." [Park] 3. (D) "An indication of an impending undesirable event." [Park]
Deprecated Definition: ISDs SHOULD NOT use the term with Deprecated Definition: ISDs SHOULD NOT use this term with
definition 3 because the definition is ambiguous. This definition definition 3 because the definition is ambiguous; the definition
was intended to include the following three meanings: was intended to include the following three meanings:
- "Potential threat": A possible security violation; i.e., the - "Potential threat": A possible security violation; i.e., the
same as definition 1. same as definition 1.
- "Active threat": An expression of intent to violate security. - "Active threat": An expression of intent to violate security.
(Context usually distinguishes this meaning from the previous (Context usually distinguishes this meaning from the previous
one.) one.)
- "Accomplished threat" or "actualized threat": That is, a threat - "Accomplished threat" or "actualized threat": That is, a threat
action. Deprecated Usage: ISDs SHOULD NOT use the term "threat" action. Deprecated Usage: ISDs SHOULD NOT use the term "threat"
with this meaning; instead, use "threat action". with this meaning; instead, use "threat action".
skipping to change at page 269, line 37 skipping to change at page 274, line 45
terms for lists of the types of threat actions that can result in terms for lists of the types of threat actions that can result in
these consequences.) these consequences.)
$ thumbprint $ thumbprint
1. (I) A pattern of curves formed by the ridges on the tip of a 1. (I) A pattern of curves formed by the ridges on the tip of a
thumb. (See: biometric authentication, fingerprint.) thumb. (See: biometric authentication, fingerprint.)
2. (D) Synonym for some type of "hash result". (See: biometric 2. (D) Synonym for some type of "hash result". (See: biometric
authentication. Compare: fingerprint.) authentication. Compare: fingerprint.)
Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for Deprecated Usage: ISDs SHOULD NOT use this term with definition 3
"hash result" because that meaning mixes concepts in a potentially because that meaning mixes concepts in a potentially misleading
misleading way. way.
$ ticket $ ticket
(I) Synonym for "capability token". (I) Synonym for "capability token".
Tutorial: A ticket is usually granted by a centralized access Tutorial: A ticket is usually granted by a centralized access
control server (ticket-granting agent) to authorize access to a control server (ticket-granting agent) to authorize access to a
system resource for a limited time. Tickets can be implemented system resource for a limited time. Tickets can be implemented
with either symmetric cryptography (see: Kerberos) or asymmetric with either symmetric cryptography (see: Kerberos) or asymmetric
cryptography (see: attribute certificate). cryptography (see: attribute certificate).
$ tiger team $ tiger team
(I) A group of evaluators employed by a system's managers to (O) A group of evaluators employed by a system's managers to
perform penetration tests on the system. perform penetration tests on the system.
Deprecated Term: It is likely that other cultures use different Deprecated Usage: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book".) Usage under "Green Book".)
$ time stamp $ time stamp
(I) /noun/ With respect to a data object, a label or marking in 1. (I) /noun/ With respect to a data object, a label or marking in
which is recorded the time (time of day or other instant of which is recorded the time (time of day or other instant of
elapsed time) at which the label or marking was affixed to the elapsed time) at which the label or marking was affixed to the
data object. (See: Time-Stamp Protocol.) data object. (See: Time-Stamp Protocol.)
(O) /noun/ "With respect to a recorded network event, a data field 2. (O) /noun/ "With respect to a recorded network event, a data
in which is recorded the time (time of day or other instant of field in which is recorded the time (time of day or other instant
elapsed time) at which the event took place." [A1523] of elapsed time) at which the event took place." [A1523]
Tutorial: A time stamp can be used as evidence to prove that a Tutorial: A time stamp can be used as evidence to prove that a
data object existed (or that an event occurred) at or before a data object existed (or that an event occurred) at or before a
particular time. For example, a time stamp might be used to prove particular time. For example, a time stamp might be used to prove
that a digital signature based on a private key was created while that a digital signature based on a private key was created while
the corresponding public-key certificate was valid, i.e., before the corresponding public-key certificate was valid, i.e., before
the certificate either expired or was revoked. Establishing this the certificate either expired or was revoked. Establishing this
proof would enable the certificate to be used after its expiration proof would enable the certificate to be used after its expiration
or revocation, to verify a signature that was created earlier. or revocation, to verify a signature that was created earlier.
This kind of proof is required as part of implementing PKI This kind of proof is required as part of implementing PKI
skipping to change at page 271, line 32 skipping to change at page 276, line 40
definition other than 1 or 2. definition other than 1 or 2.
3a. (D) /authentication/ A data object or a physical device used 3a. (D) /authentication/ A data object or a physical device used
to verify an identity in an authentication process. to verify an identity in an authentication process.
3b. (D) /U.S. Government/ Something that the claimant in an 3b. (D) /U.S. Government/ Something that the claimant in an
authentication process (i.e., the entity that claims an identity) authentication process (i.e., the entity that claims an identity)
possesses and controls, and uses to prove the claim during the possesses and controls, and uses to prove the claim during the
verification step of the process. [SP63] verification step of the process. [SP63]
Usage: Deprecated usage: ISDs SHOULD NOT use this term with Deprecated usage: ISDs SHOULD NOT use this term with definitions
definitions 3a and 3b; instead, use more specifically descriptive 3a and 3b; instead, use more specifically descriptive and
and informative terms such as "authentication information" or informative terms such as "authentication information" or
"cryptographic token", depending on what is meant. "cryptographic token", depending on what is meant.
NIST defines four types of claimant tokens for electronic NIST defines four types of claimant tokens for electronic
authentication in an information system [SP63]. ISDs SHOULD NOT authentication in an information system [SP63]. ISDs SHOULD NOT
use these four NIST terms; they mix concepts in potentially use these four NIST terms; they mix concepts in potentially
confusing ways and duplicate the meaning of better-established confusing ways and duplicate the meaning of better-established
terms. These four terms can be avoided by using more specifically terms. These four terms can be avoided by using more specifically
descriptive terms as follows: descriptive terms as follows:
- NIST "hard token": A hardware device that contains a protected - NIST "hard token": A hardware device that contains a protected
cryptographic key. (This is a type of "cryptographic token", cryptographic key. (This is a type of "cryptographic token",
skipping to change at page 272, line 20 skipping to change at page 277, line 28
$ token copy $ token copy
(I) A token management operation that copies all the personality (I) A token management operation that copies all the personality
information from one security token to another. However, unlike in information from one security token to another. However, unlike in
a token restore operation, the second token is initialized with a token restore operation, the second token is initialized with
its own, different local security values such as PINs and storage its own, different local security values such as PINs and storage
keys. keys.
$ token management $ token management
(I) The process that includes initializing security tokens (e.g., (I) The process that includes initializing security tokens (e.g.,
see: smart card), loading data into the tokens, and controlling "smart card"), loading data into the tokens, and controlling the
the tokens during their life cycle. May include performing key tokens during their life cycle. May include performing key
management and certificate management functions; generating and management and certificate management functions; generating and
installing PINs; loading user personality data; performing card installing PINs; loading user personality data; performing card
backup, card copy, and card restore operations; and updating backup, card copy, and card restore operations; and updating
firmware. firmware.
$ token restore $ token restore
(I) A token management operation that loads a security token with (I) A token management operation that loads a security token with
data for the purpose of recreating (duplicating) the contents data for the purpose of recreating (duplicating) the contents
previously held by that or another token. (See: recovery.) previously held by that or another token. (See: recovery.)
$ token storage key $ token storage key
(I) A cryptographic key used to protect data that is stored on a (I) A cryptographic key used to protect data that is stored on a
security token. security token.
$ top CA $ top CA
(I) A synonym for "root" in a certification hierarchy. (See: apex (I) Synonym for "root" in a certification hierarchy. (See: apex
trust anchor.) trust anchor.)
$ top-level specification $ top-level specification
(I) "A non-procedural description of system behavior at the most (I) "A non-procedural description of system behavior at the most
abstract level; typically a functional specification that omits abstract level; typically a functional specification that omits
all implementation details." [NCS04] (See: Tutorial under all implementation details." [NCS04] (See: Tutorial under
"security policy".) "security policy".)
Tutorial: A top-level specification is at a level of abstraction Tutorial: A top-level specification is at a level of abstraction
below "security model" and above "security architecture" (see: below "security model" and above "security architecture" (see:
skipping to change at page 277, line 46 skipping to change at page 282, line 55
apply only for some specific function. The key role of trust in apply only for some specific function. The key role of trust in
[X.509] is to describe the relationship between an entity [i.e., a [X.509] is to describe the relationship between an entity [i.e., a
certificate user] and a [CA]; an entity shall be certain that it certificate user] and a [CA]; an entity shall be certain that it
can trust the CA to create only valid and reliable certificates." can trust the CA to create only valid and reliable certificates."
[X509] [X509]
$ trust anchor $ trust anchor
(I) /PKI/ An established point of trust (usually based on the (I) /PKI/ An established point of trust (usually based on the
authority of some person, office, or organization) from which a authority of some person, office, or organization) from which a
certificate user begins the validation of a certification path. certificate user begins the validation of a certification path.
(See: path validation, trust anchor CA, trust anchor certificate, (See: apex trust anchor, path validation, trust anchor CA, trust
trust anchor key.) anchor certificate, trust anchor key.)
Usage: ISDs that use this term SHOULD state a definition for it Usage: ISDs that use this term SHOULD state a definition for it
because it is used in various ways in existing ISDs and other PKI because it is used in various ways in existing ISDs and other PKI
literature. The literature almost always uses this term in a sense literature. The literature almost always uses this term in a sense
that is equivalent to this definition, but usage often differs that is equivalent to this definition, but usage often differs
with regard to what constitutes the point of trust. with regard to what constitutes the point of trust.
Tutorial: A trust anchor may be defined as being based on a public Tutorial: A trust anchor may be defined as being based on a public
key, a CA, a public-key certificate, or some combination or key, a CA, a public-key certificate, or some combination or
variation of those: variation of those:
skipping to change at page 280, line 44 skipping to change at page 285, line 53
certificates; especially a CA that is used as a trust anchor CA. certificates; especially a CA that is used as a trust anchor CA.
(See: certification path, root, trust anchor CA, validation.) (See: certification path, root, trust anchor CA, validation.)
Tutorial. This trust is transitive to the extent that the X.509 Tutorial. This trust is transitive to the extent that the X.509
certificate extensions permit; that is, if a trusted CA issues a certificate extensions permit; that is, if a trusted CA issues a
certificate to another CA, a user that trusts the first CA also certificate to another CA, a user that trusts the first CA also
trusts the second CA if the user succeeds in validating the trusts the second CA if the user succeeds in validating the
certificate path (see: path validation). certificate path (see: path validation).
$ trusted certificate $ trusted certificate
1. (I) A digital certificate that a certificate user accepts as (I) A digital certificate that a certificate user accepts as being
being valid "a priori", i.e., without testing the certificate to valid "a priori", i.e., without testing the certificate to
validate it as the final certificate on a certification path; validate it as the final certificate on a certification path;
especially a certificate that is used as a trust anchor especially a certificate that is used as a trust anchor
certificate. (See: certification path, root certificate, trust certificate. (See: certification path, root certificate, trust
anchor certificate, trust-file PKI, validation.) anchor certificate, trust-file PKI, validation.)
Tutorial: The acceptance of a certificate as trusted is a matter Tutorial: The acceptance of a certificate as trusted is a matter
of policy and choice. Usually, a certificate is accepted as of policy and choice. Usually, a certificate is accepted as
trusted because the user obtained it by reliable, out-of-band trusted because the user obtained it by reliable, out-of-band
means that cause the user to believe the certificate accurately means that cause the user to believe the certificate accurately
binds its subject's name to the subject's public key or other binds its subject's name to the subject's public key or other
skipping to change at page 282, line 17 skipping to change at page 287, line 27
communicate directly and reliably with the TCB and that can only communicate directly and reliably with the TCB and that can only
be activated by the user or the TCB and cannot be imitated by be activated by the user or the TCB and cannot be imitated by
untrusted software within the computer. [NCS04] untrusted software within the computer. [NCS04]
1b. (I) /COMSEC/ A mechanism by which a person or process can 1b. (I) /COMSEC/ A mechanism by which a person or process can
communicate directly with a cryptographic module and that can only communicate directly with a cryptographic module and that can only
be activated by the person, process, or module, and cannot be be activated by the person, process, or module, and cannot be
imitated by untrusted software within the module. [FP140] imitated by untrusted software within the module. [FP140]
$ trusted process $ trusted process
1. (I) A system component that has privileges that enable it to (I) A system component that has privileges that enable it to
affect the state of system security and that can, therefore, affect the state of system security and that can, therefore,
through incorrect or malicious execution, violate the system's through incorrect or malicious execution, violate the system's
security policy. (See: privileged process, trusted system.) security policy. (See: privileged process, trusted system.)
$ trusted public key $ trusted public key
(I) A public key upon which a user relies; especially a public key (I) A public key upon which a user relies; especially a public key
that is used as a trust anchor key. (See: certification path, root that is used as a trust anchor key. (See: certification path, root
key, trust anchor key, validation.) key, trust anchor key, validation.)
Tutorial: A trusted public key could be (a) the root key in a Tutorial: A trusted public key could be (a) the root key in a
skipping to change at page 282, line 40 skipping to change at page 287, line 50
a trust-file PKI. a trust-file PKI.
$ trusted recovery $ trusted recovery
(I) A process that, after a system has experienced a failure or an (I) A process that, after a system has experienced a failure or an
attack, restores the system to normal operation (or to a secure attack, restores the system to normal operation (or to a secure
state) without causing a security compromise. (See: recovery.) state) without causing a security compromise. (See: recovery.)
$ trusted subnetwork $ trusted subnetwork
(I) A subnetwork containing hosts and routers that trust each (I) A subnetwork containing hosts and routers that trust each
other not to engage in active or passive attacks. (There also is other not to engage in active or passive attacks. (There also is
an assumption that the underlying communication channels -- e.g., an assumption that the underlying communication channels, such as
telephone lines, or a LAN -- are protected from attack.) telephone lines or a LAN, are protected from attack.)
$ trusted system $ trusted system
1. (I) /information system/ A system that operates as expected, 1. (I) /information system/ A system that operates as expected,
according to design and policy, doing what is required -- despite according to design and policy, doing what is required -- despite
environmental disruption, human user and operator errors, and environmental disruption, human user and operator errors, and
attacks by hostile parties -- and not doing other things [NRC98]. attacks by hostile parties -- and not doing other things [NRC98].
(See: trust level, trusted process. Compare: trustworthy.) (See: trust level, trusted process. Compare: trustworthy.)
2. (N) /multilevel secure/ "A [trusted computer system is a] 2. (N) /multilevel secure/ "A [trusted computer system is a]
system that employs sufficient hardware and software assurance system that employs sufficient hardware and software assurance
measures to allow its use for simultaneous processing of a range measures to allow its use for simultaneous processing of a range
of sensitive or classified information." [NCS04] (See: multilevel of sensitive or classified information." [NCS04] (See: multilevel
security mode.) security mode.)
$ Trusted Systems Interoperability Group (TSIG) $ Trusted Systems Interoperability Group (TSIG)
(N) A forum of computer vendors, system integrators, and users (N) A forum of computer vendors, system integrators, and users
devoted to promoting interoperability of trusted computer systems. devoted to promoting interoperability of trusted computer systems.
$ trustworthy system $ trustworthy system
1. (I) A system that not only is trusted, but also for which the 1. (I) A system that not only is trusted, but also warrants that
trust can be guaranteed in some convincing way, such as through trust because the system's behavior can be validated in some
formal analysis or code review. (See: trust. Compare: trusted.) convincing way, such as through formal analysis or code review.
(See: trust. Compare: trusted.)
2. (O) /Digital Signature Guidelines/ "Computer hardware, 2. (O) /Digital Signature Guidelines/ "Computer hardware,
software, and procedures that: (a) are reasonably secure from software, and procedures that: (a) are reasonably secure from
intrusion and misuse; (b) provide a reasonably reliable level of intrusion and misuse; (b) provide a reasonably reliable level of
availability, reliability, and correct operation; (c) are availability, reliability, and correct operation; (c) are
reasonably suited to performing their intended functions; and (d) reasonably suited to performing their intended functions; and (d)
adhere to generally accepted security principles." [DSG] adhere to generally accepted security principles." [DSG]
$ TSEC $ TSEC
(O) See: Telecommunications Security Nomenclature System. (O) See: Telecommunications Security Nomenclature System.
skipping to change at page 284, line 43 skipping to change at page 289, line 53
the tasks to be performed and each familiar with established the tasks to be performed and each familiar with established
security requirements. (See: dual control, no-lone zone.) security requirements. (See: dual control, no-lone zone.)
$ Twofish $ Twofish
(O) A symmetric, 128-bit block cipher with variable key length (O) A symmetric, 128-bit block cipher with variable key length
(128, 192, or 256 bits), developed by Counterpane Labs as a (128, 192, or 256 bits), developed by Counterpane Labs as a
candidate for the AES. (See: Blowfish.) candidate for the AES. (See: Blowfish.)
$ type 0 product $ type 0 product
(O) /cryptography, U.S. Government/ Classified cryptographic (O) /cryptography, U.S. Government/ Classified cryptographic
equipment endorsed by NSA specifically for use (when appropriately equipment endorsed by NSA for use (when appropriately keyed) in
keyed) in electronically distributing bulk keying material. electronically distributing bulk keying material.
$ type 1 product $ type 1 product
(O) /cryptography, U.S. Government/ "Classified or controlled (O) /cryptography, U.S. Government/ "Classified or controlled
cryptographic item endorsed by the NSA for securing classified and cryptographic item endorsed by the NSA for securing classified and
sensitive U.S. Government information, when appropriately keyed. sensitive U.S. Government information, when appropriately keyed.
The term refers only to products, and not to information, key, The term refers only to products, and not to information, key,
services, or controls. Type 1 products contain classified NSA services, or controls. Type 1 products contain classified NSA
algorithms. They are available to U.S. Government users, their algorithms. They are available to U.S. Government users, their
contractors, and federally sponsored non-U.S. Government contractors, and federally sponsored non-U.S. Government
activities subject to export restrictions in accordance with activities subject to export restrictions in accordance with
skipping to change at page 286, line 15 skipping to change at page 291, line 26
$ unclassified $ unclassified
(I) Not classified. (I) Not classified.
$ unencrypted $ unencrypted
(I) Not encrypted. (I) Not encrypted.
$ unforgeable $ unforgeable
(I) /cryptography/ The property of a cryptographic data structure (I) /cryptography/ The property of a cryptographic data structure
(i.e., a data structure that is defined using one or more (i.e., a data structure that is defined using one or more
cryptographic functions, e.g., see digital certificate) that makes cryptographic functions, e.g., "digital certificate") that makes
it computationally infeasible to construct (i.e., compute) an it computationally infeasible to construct (i.e., compute) an
unauthorized but correct value of the structure without having unauthorized but correct value of the structure without having
knowledge of one of more keys. knowledge of one of more keys.
Tutorial: This definition is narrower than general English usage, Tutorial: This definition is narrower than general English usage,
where "unforgeable" means unable to be fraudulently created or where "unforgeable" means unable to be fraudulently created or
duplicated. In that broader sense, anyone can forge a digital duplicated. In that broader sense, anyone can forge a digital
certificate containing any set of data items whatsoever by certificate containing any set of data items whatsoever by
generating the to-be-signed certificate and signing it with any generating the to-be-signed certificate and signing it with any
private key whatsoever. But for PKI purposes, the forged data private key whatsoever. But for PKI purposes, the forged data
skipping to change at page 287, line 46 skipping to change at page 293, line 6
$ URI $ URI
(I) See: uniform resource identifier. (I) See: uniform resource identifier.
$ URL $ URL
(I) See: uniform resource locator. (I) See: uniform resource locator.
$ URN $ URN
(I) See: uniform resource name. (I) See: uniform resource name.
$ user $ user
(I) An active system entity that uses a product or service See: system user.
provided by the system, or that accesses system resources to
produce a product or service of the system. (See: access, [R2504].
Compare: authorized user, manager, operator, principal, privileged
user, subject, subscriber, unauthorized user.)
Usage: ISDs that use this term SHOULD state a definition for it Usage: ISDs that use this term SHOULD state a definition for it
because the term is used in many ways and could easily be because the term is used in many ways and could easily be
misunderstood: misunderstood.
- This term usually refers to an entity that has been authorized
to access the system, but the term sometimes is used without
regard for whether access is authorized.
- This term usually refers to a living human being acting either
personally or in an organizational role, but the term also may
refer to an automated process in the form of hardware,
softwarr, or firmware; to a set of persons; or to a set of
processes.
- ISDs SHOULD exclude the case of a mixed set containing both
persons and processes. The exclusion is intended to prevent
situations that might require a security policy to be
interpreted in two different and conflicting ways.
A user can be characterized as direct or indirect:
- "Passive user": A system entity that is (a) outside the
system's security perimeter *and* (b) can receive output from
the system but cannot provide input or otherwise interact with
the system.
- "Active user": A system entity that is (a) inside the system's
security perimeter *or* (b) can provide input or otherwise
interact with the system.
$ user authentication service $ user authentication service
(I) A security service that verifies the identity claimed by an (I) A security service that verifies the identity claimed by an
entity that attempts to access the system. (See: authentication, entity that attempts to access the system. (See: authentication,
user.) user.)
$ User Datagram Protocol (UDP) $ User Datagram Protocol (UDP)
(I) An Internet Standard, Transport-Layer protocol (RFC 768) that (I) An Internet Standard, Transport-Layer protocol (RFC 768) that
delivers a sequence of datagrams from one computer to another in a delivers a sequence of datagrams from one computer to another in a
computer network. (See: UPD flood.) computer network. (See: UPD flood.)
skipping to change at page 290, line 16 skipping to change at page 294, line 54
term at its first occurrence and define the abbreviation there. term at its first occurrence and define the abbreviation there.
$ valid certificate $ valid certificate
1. (I) A digital certificate that can be validated successfully. 1. (I) A digital certificate that can be validated successfully.
(See: validate, verify.) (See: validate, verify.)
2. (I) A digital certificate for which the binding of the data 2. (I) A digital certificate for which the binding of the data
items can be trusted. items can be trusted.
$ valid signature $ valid signature
(D) Synonym for "authentic signature". (D) Synonym for "verified signature".
Deprecated Term: ISDs SHOULD NOT use this term; instead, say Deprecated Term: ISDs SHOULD NOT use this synonym. This Glossary
"authentic signature". This Glossary recommends saying "validate recommends saying "validate the certificate" and "verify the
the certificate" and "verify the signature"; therefore, it would signature"; therefore, it would be inconsistent to say that a
be inconsistent to say that a signature is "valid". (See: signature is "valid". (See: validate, verify.)
validate, verify.)
$ validate $ validate
1. (I) Establish the soundness or correctness of a construct. 1. (I) Establish the soundness or correctness of a construct.
Example: certificate validation. (See: validate vs. verify.) Example: certificate validation. (See: validate vs. verify.)
2. (I) To officially approve something, sometimes in relation to a 2. (I) To officially approve something, sometimes in relation to a
standard. Example: NIST validates cryptographic modules for standard. Example: NIST validates cryptographic modules for
conformance with FIPS PUB 140 [FP140]. conformance with FIPS PUB 140 [FP140].
$ validate vs. verify $ validate vs. verify
Usage: To ensure consistency and align with ordinary English Usage: To ensure consistency and align with ordinary English
usage, ISDs SHOULD comply with the following two rules: usage, ISDs SHOULD comply with the following two rules:
- Rule 1: Use "validate" when referring to a process intended to - Rule 1: Use "validate" when referring to a process intended to
establish the soundness or correctness of a construct (e.g., establish the soundness or correctness of a construct (e.g.,
see: certificate validation). (See: validate.) "certificate validation"). (See: validate.)
- Rule 2: Use "verify" when referring to a process intended to - Rule 2: Use "verify" when referring to a process intended to
test or prove the truth or accuracy of a fact or value (e.g., test or prove the truth or accuracy of a fact or value (e.g.,
see: authenticate). (See: verify.) "authenticate). (See: verify.)
Tutorial: The Internet security community sometimes uses these two Tutorial: The Internet security community sometimes uses these two
terms inconsistently, especially in a PKI context. Most often, terms inconsistently, especially in a PKI context. Most often,
however, we say "verify the signature" but say "validate the however, we say "verify the signature" but say "validate the
certificate". That is, we "verify" atomic truths but "validate" certificate". That is, we "verify" atomic truths but "validate"
data structures, relationships, and systems that are composed of data structures, relationships, and systems that are composed of
or depend on verified items. This usage has a basis in Latin: or depend on verified items. This usage has a basis in Latin:
The word "valid" derives from a Latin word that means "strong". The word "valid" derives from a Latin word that means "strong".
Thus, to validate means to check that a construct is sound. For Thus, to validate means to check that a construct is sound. For
skipping to change at page 291, line 42 skipping to change at page 296, line 28
on behalf of its users. on behalf of its users.
Tutorial: A VAN may also provide additional services, ranging from Tutorial: A VAN may also provide additional services, ranging from
EDI format translation, to EDI-to-FAX conversion, to integrated EDI format translation, to EDI-to-FAX conversion, to integrated
business systems. business systems.
$ VAN $ VAN
(I) See: value-added network. (I) See: value-added network.
$ verification $ verification
1. (I) /authentication/ Presenting information to establish the 1. (I) /authentication/ The process of examining information to
truth of a claimed identity. (See: validate vs. verify.) establish the truth of a claimed fact or value. (See: validate vs.
verify, verify. Compare: authentication.)
2. (N) /COMPUSEC/ The process of comparing two levels of system 2. (N) /COMPUSEC/ The process of comparing two levels of system
specification for proper correspondence, such as comparing a specification for proper correspondence, such as comparing a
security model with a top-level specification, a top-level security model with a top-level specification, a top-level
specification with source code, or source code with object code. specification with source code, or source code with object code.
[NCS04] [NCS04]
$ verified design $ verified design
(O) See: TCSEC Class A1. (O) See: TCSEC Class A1.
$ verify $ verify
(I) To test or prove the truth or accuracy of a fact or value. For (I) To test or prove the truth or accuracy of a fact or value.
example, see "authenticate". (See: validate vs. verify.) (See: validate vs. verify, verification. Compare: authenticate.)
$ vet $ vet
(I) /verb/ To examine or evaluate thoroughly. (Compare: (I) /verb/ To examine or evaluate thoroughly. (Compare:
authenticate, identity proofing, validate, verify.) authenticate, identity proofing, validate, verify.)
$ violation $ violation
See: security violation. See: security violation.
$ virtual private network (VPN) $ virtual private network (VPN)
(I) A restricted-use, logical (i.e., artificial or simulated) (I) A restricted-use, logical (i.e., artificial or simulated)
skipping to change at page 294, line 31 skipping to change at page 299, line 17
the sole responsibility of each participating country. All the sole responsibility of each participating country. All
measures undertaken with respect to the arrangement are in measures undertaken with respect to the arrangement are in
accordance with national legislation and policies and are accordance with national legislation and policies and are
implemented on the basis of national discretion. implemented on the basis of national discretion.
$ watermarking $ watermarking
See: digital watermarking. See: digital watermarking.
$ weak key $ weak key
(I) In the context of a particular cryptographic algorithm, a key (I) In the context of a particular cryptographic algorithm, a key
value that provides poor security. value that provides poor security. (See: strong.)
Example: The DEA has four "weak keys" [Schn] for which encryption Example: The DEA has four "weak keys" [Schn] for which encryption
produces the same result as decryption. It also has ten pairs of produces the same result as decryption. It also has ten pairs of
"semi-weak keys" [Schn] (a.k.a. "dual keys" [FP074]) for which "semi-weak keys" [Schn] (a.k.a. "dual keys" [FP074]) for which
encryption with one key in the pair produces the same result as encryption with one key in the pair produces the same result as
decryption with the other key. decryption with the other key.
$ web, Web $ web, Web
1. (I) /not capitalized/ ISDs SHOULD NOT capitalize "web" when 1. (I) /not capitalized/ ISDs SHOULD NOT capitalize "web" when
using the term (usually as an adjective) to refer generically to using the term (usually as an adjective) to refer generically to
skipping to change at page 296, line 37 skipping to change at page 301, line 24
(I) A computer program that can run independently, can propagate a (I) A computer program that can run independently, can propagate a
complete working version of itself onto other hosts on a network, complete working version of itself onto other hosts on a network,
and may consume system resources destructively. (See: mobile code, and may consume system resources destructively. (See: mobile code,
Morris Worm, virus.) Morris Worm, virus.)
$ wrap $ wrap
(D) /verb/ To use cryptography to provide data confidentiality (D) /verb/ To use cryptography to provide data confidentiality
service for keying material. (See: encrypt. Compare: seal, service for keying material. (See: encrypt. Compare: seal,
shroud.) shroud.)
Deprecated Term: ISDs SHOULD NOT use this term as defined here; Deprecated Definition: ISDs SHOULD NOT use this term as defined
the definition duplicates the meaning of other, standard terms. here; the definition duplicates the meaning of other, standard
Instead, use "encrypt" or another term that is specific with terms. Instead, use "encrypt" or another term that is specific
regard to the mechanism being used. with regard to the mechanism being used.
$ write $ write
(I) /COMPUSEC/ A fundamental operation in an information system (I) /COMPUSEC/ A fundamental operation in an information system
that results in a flow of information only from a subject to an that results in a flow of information only from a subject to an
object. (See: access mode.) object. (See: access mode.)
$ WWW $ WWW
(I) See: World Wide Web. (I) See: World Wide Web.
$ X.400 $ X.400
skipping to change at page 300, line 39 skipping to change at page 305, line 26
of the data storage so as to prevent the recovery of the data. of the data storage so as to prevent the recovery of the data.
[FP140] [FP140]
$ zombie $ zombie
(I) /slang/ An Internet host computer that has been (I) /slang/ An Internet host computer that has been
surreptitiously penetrated by an intruder that installed malicious surreptitiously penetrated by an intruder that installed malicious
daemon software to cause the host to operate as an accomplice in daemon software to cause the host to operate as an accomplice in
attacking other hosts, particularly in distributed attacks that attacking other hosts, particularly in distributed attacks that
attempt denial of service through flooding. attempt denial of service through flooding.
Deprecated Term: It is likely that other cultures use different Deprecated Usage: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book".) Usage under "Green Book".)
$ zone of control $ zone of control
(O) /EMSEC/ Synonym for "inspectable space". [C4009] (See: (O) /EMSEC/ Synonym for "inspectable space". [C4009] (See:
TEMPEST.) TEMPEST.)
5. Informative References 5. Informative References
This Glossary focuses on the Internet Standards Process. Therefore, This Glossary focuses on the Internet Standards Process. Therefore,
this set of informative references emphasizes international, this set of informative references emphasizes international,
governmental, and industry standards documents. Some RFCs that are governmental, and industry standards documents. Some RFCs that are
especially relevant to Internet security are mentioned in Glossary especially relevant to Internet security are mentioned in Glossary
entries in square brackets (e.g., see "[R1457]" in the entry for entries in square brackets (e.g., "[R1457]" in the entry for
"security label") and are listed here; some other RFCs are mentioned "security label") and are listed here; some other RFCs are mentioned
in parentheses (e.g., see "(RFC 959)" in the entry for "File in parentheses (e.g., "(RFC 959)" in the entry for "File Transport
Transport Protocol") but are not listed here. Protocol") but are not listed here.
This Glossary does not require any normative references. This Glossary does not require any normative references.
[A1523] American National Standards Institute, "American National [A1523] American National Standards Institute, "American National
Standard Telecomm Glossary", ANSI T1.523-2001. Standard Telecomm Glossary", ANSI T1.523-2001.
[A3092] ---, "American National Standard Data Encryption Algorithm", [A3092] ---, "American National Standard Data Encryption Algorithm",
ANSI X3.92-1981, 30 December 1980. ANSI X3.92-1981, 30 December 1980.
[A9009] ---, "Financial Institution Message Authentication [A9009] ---, "Financial Institution Message Authentication
skipping to change at page 301, line 55 skipping to change at page 306, line 55
Curve Cryptography", X9.63-2001. Curve Cryptography", X9.63-2001.
[ACM] Association for Computing Machinery, "Communications of the [ACM] Association for Computing Machinery, "Communications of the
ACM", July 1998 issue with: M. Yeung, "Digital ACM", July 1998 issue with: M. Yeung, "Digital
Watermarking"; N. Memom and P. Wong, "Protecting Digital Watermarking"; N. Memom and P. Wong, "Protecting Digital
Media Content"; and S. Craver, B.-L. Yeo, and M. Yeung, Media Content"; and S. Craver, B.-L. Yeo, and M. Yeung,
"Technical Trials and Legal Tribulations". "Technical Trials and Legal Tribulations".
[Ande] Anderson, J., "Computer Security Technology Planning Study", [Ande] Anderson, J., "Computer Security Technology Planning Study",
ESD-TR-73-51, Vols. I and II, USAF Electronics Systems Div., ESD-TR-73-51, Vols. I and II, USAF Electronics Systems Div.,
Bedford, MA, October 1972. (Available as AD-758206 and - Bedford, MA, October 1972. (Available as AD-758206/772806,
772806, National Technical Information Service, Springfield, National Technical Information Service, Springfield, VA.)
VA.)
[ANSI] American National Standards Institute, "Role Based Access [ANSI] American National Standards Institute, "Role Based Access
Control", Secretariat, Information Technology Industry Control", Secretariat, Information Technology Industry
Council, BSR INCITS 359, DRAFT, 10 November 2003. Council, BSR INCITS 359, DRAFT, 10 November 2003.
[Army] U.S. Army Corps of Engineers, "Electromagnetic Pulse (EMP) [Army] U.S. Army Corps of Engineers, "Electromagnetic Pulse (EMP)
and Tempest Protection for Facilities", EP 1110-3-2, 31 and Tempest Protection for Facilities", EP 1110-3-2, 31
December 1990. December 1990.
[B1822] Bolt Baranek and Newman Inc., "Appendix H: Interfacing a [B1822] Bolt Baranek and Newman Inc., "Appendix H: Interfacing a
skipping to change at page 308, line 54 skipping to change at page 313, line 53
[N4001] National Security Telecommunications and Information System [N4001] National Security Telecommunications and Information System
Security Committee, "Controlled Cryptographic Items", Security Committee, "Controlled Cryptographic Items",
NSTISSI No. 4001, 25 March 1985. NSTISSI No. 4001, 25 March 1985.
[N4006] ---, "Controlled Cryptographic Items", NSTISSI No. 4006, 2 [N4006] ---, "Controlled Cryptographic Items", NSTISSI No. 4006, 2
December 1991. December 1991.
[N7003] ---, "Protective Distribution Systems", NSTISSI No. 7003, 13 [N7003] ---, "Protective Distribution Systems", NSTISSI No. 7003, 13
December 1996. December 1996.
[NCS01] National Computer Security Center, "A Guide to Understanding ti 3
[NCS01] National Computer Security Center, "A Guide to Understanding
Audit in Trusted Systems", NCSC-TG-001, 1 June 1988. (See: Audit in Trusted Systems", NCSC-TG-001, 1 June 1988. (See:
Rainbow Series.) Rainbow Series.)
[NCS03] ---, "Information System Security Policy Guideline", I942- [NCS03] ---, "Information System Security Policy Guideline", I942-
TR-003, version 1, July 1994. (See: Rainbow Series.) TR-003, version 1, July 1994. (See: Rainbow Series.)
[NCS04] ---, "Glossary of Computer Security Terms", NCSC-TG-004, [NCS04] ---, "Glossary of Computer Security Terms", NCSC-TG-004,
version 1, 21 October 1988. (See: Rainbow Series.) version 1, 21 October 1988. (See: Rainbow Series.)
[NCS05] ---, "Trusted Network Interpretation of the Trusted Computer [NCS05] ---, "Trusted Network Interpretation of the Trusted Computer
System Evaluation Criteria", NCSC-TG-005, version 1, 31 July System Evaluation Criteria", NCSC-TG-005, version 1, 31 July
1987. (See: Rainbow Series.) 1987. (See: Rainbow Series.)
[NCS25] ---, "A Guide to Understanding Data Remanence in Automated [NCS25] ---, "A Guide to Understanding Data Remanence in Automated
Information Systems", NCSC-TG-025, version 2, September Information Systems", NCSC-TG-025, version 2, September
1991. (See: Rainbow Series.) 1991. (See: Rainbow Series.)
[NCS25] ---, "A Guide to Understanding Data Remanence in Automated [NCSSG] National Computer Security Center, "COMPUSECese: Computer
Information Systems", NCSC-TG-025, version 2, September Security Glossary", NCSC-WA-001-85, Edition 1, 1 October
1991. (See: Rainbow Series.) 1985. (See: Rainbow Series.)
[NRC91] National Research Council, "Computers At Risk: Safe [NRC91] National Research Council, "Computers At Risk: Safe
Computing in the Information Age", National Academy Press, Computing in the Information Age", National Academy Press,
1991. 1991.
[NRC98] Schneider, F., ed., "Trust in Cyberspace", National Research [NRC98] Schneider, F., ed., "Trust in Cyberspace", National Research
Council, National Academy of Sciences, 1998. Council, National Academy of Sciences, 1998.
[Padl] Padlipsky, M., "The Elements of Networking Style", 1985, [Padl] Padlipsky, M., "The Elements of Networking Style", 1985,
ISBN 0-13-268111-0. ISBN 0-13-268111-0.
skipping to change at page 315, line 54 skipping to change at page 320, line 54
[R4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. [R4035] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Protocol Modifications for the DNS Security Rose, "Protocol Modifications for the DNS Security
Extensions", RFC 4035, March 2005. Extensions", RFC 4035, March 2005.
[R4158] Cooper, M., Dzambasow, Y., Hesse, P., Joseph, S., and R. [R4158] Cooper, M., Dzambasow, Y., Hesse, P., Joseph, S., and R.
Nicholas, "Internet X.509 Public Key Infrastructure: Nicholas, "Internet X.509 Public Key Infrastructure:
Certification Path Building", RFC 4158, September 2005. Certification Path Building", RFC 4158, September 2005.
[Raym] Raymond, E., ed., "The On-Line Hacker Jargon File", version [Raym] Raymond, E., ed., "The On-Line Hacker Jargon File", version
4.0.0, 24 July 1996. (See: http://www.tuxedo.org/jargon/ for 4.0.0, 24 July 1996. (See: http://www.catb.org/~esr/jargon
the latest version. Also, "The New Hacker's Dictionary", 2nd for the latest version. Also, "The New Hacker's Dictionary",
edition, MIT Press, September 1993, ISBN 0-262-18154-1.) 3rd edition, MIT Press, September 1996, ISBN 0-262-68092-0.)
[Roge] Rogers, H., "An Overview of the Caneware Program", in [Roge] Rogers, H., "An Overview of the Caneware Program", in
"Proceedings of the 10th National Computer Security "Proceedings of the 10th National Computer Security
Conference", NIST and NCSC, September 1987. Conference", NIST and NCSC, September 1987.
[RSCG] NSA, "Router Security Configuration Guide: Principles and [RSCG] NSA, "Router Security Configuration Guide: Principles and
Guidance for Secure Configuration of IP Routers, with Guidance for Secure Configuration of IP Routers, with
Detailed Instructions for Cisco Systems Routers", version Detailed Instructions for Cisco Systems Routers", version
1.0g, C4-054R-00, 20 April 2001, available at 1.0g, C4-054R-00, 20 April 2001, available at
http://www.nsa.gov. http://www.nsa.gov.
skipping to change at page 320, line 26 skipping to change at page 325, line 26
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
George Huff had a good idea! [Huff] George Huff had a good idea! [Huff]
8. Author's Address 8. Author's Address
Please address all comments to: Please address all comments to:
Robert W. Shirey BBN Technologies Robert W. Shirey BBN Technologies Corp.
Email addresses: Suite 400, Mail Stop 30/6C1 Email addresses: Suite 400, Mail Stop 30/6C1
Current - rshirey@bbn.com 1300 Seventeenth Street North Current - rshirey@bbn.com 1300 Seventeenth Street North
Long-term - rwshirey@uwalumni.com Arlington, VA 22209-3801 USA Long-term - rwshirey@uwalumni.com Arlington, VA 22209-3801 USA
9. Full Copyright Statement 9. Full Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights. except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE IS SPONSORED "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE IS SPONSORED
BY, THE INTERNET SOCIETY, AND THE INTERNET ENGINEERING TASK FORCE BY, THE INTERNET SOCIETY, AND THE INTERNET ENGINEERING TASK FORCE
DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL
NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY
OR FITNESS FOR A PARTICULAR PURPOSE. OR FITNESS FOR A PARTICULAR PURPOSE.
Expiration Date: 10 May 2006. Expiration Date: 14 August 2006.
 End of changes. 237 change blocks. 
470 lines changed or deleted 730 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/