| < draft-shirey-secgloss-v2-07.txt | draft-shirey-secgloss-v2-08.txt > | |||
|---|---|---|---|---|
| INTERNET-DRAFT R. W. Shirey | INTERNET-DRAFT R. W. Shirey | |||
| Obsoletes: RFC 2828, FYI 36 BBN Technologies Corp. | Obsoletes: RFC 2828, FYI 36 BBN Technologies Corp. | |||
| Expiration Date: 8 March 2007 8 September 2006 | Expiration Date: 1 May 2007 1 November 2006 | |||
| Internet Security Glossary, Version 2 | Internet Security Glossary, Version 2 | |||
| <draft-shirey-secgloss-v2-07.txt> | <draft-shirey-secgloss-v2-08.txt> | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| This document may not be modified, and derivative works of it may | This document may not be modified, and derivative works of it may | |||
| not be created, except to publish it as an RFC and to translate it | not be created, except to publish it as an RFC and to translate it | |||
| skipping to change at page 1, line 44 ¶ | skipping to change at page 1, line 44 ¶ | |||
| http://www.ietf.org/shadow.html | http://www.ietf.org/shadow.html | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The Internet Society (2006). All Rights Reserved. | Copyright (C) The Internet Society (2006). All Rights Reserved. | |||
| Abstract | Abstract | |||
| This Glossary provides definitions, abbreviations, and explanations | This Glossary provides definitions, abbreviations, and explanations | |||
| of terminology for information system security. The 305 pages of | of terminology for information system security. The 305 pages of | |||
| entries offer recommendations to improve the clarity of Internet | entries offer recommendations to improve the comprehensibility of | |||
| Standards documents (ISDs) and to make them more easily understood by | written material that is generated in the Internet Standards Process | |||
| international readers. The recommendations follow the principles that | (RFC 2026). The recommendations follow the principles that such | |||
| ISDs should (a) use the same term or definition whenever the same | writing should (a) use the same term or definition whenever the same | |||
| concept is mentioned; (b) use terms in their plainest, dictionary | concept is mentioned; (b) use terms in their plainest, dictionary | |||
| sense; (c) use terms that are already well-established in open | sense; (c) use terms that are already well-established in open | |||
| publications; and (d) avoid terms that either favor a particular | publications; and (d) avoid terms that either favor a particular | |||
| vendor or favor a particular technology or mechanism over other, | vendor or favor a particular technology or mechanism over other, | |||
| competing techniques that already exist or could be developed. | competing techniques that already exist or could be developed. | |||
| Table of Contents | Table of Contents | |||
| Section Page | Section Page | |||
| ------- ---- | ------- ---- | |||
| skipping to change at page 3, line 16 ¶ | skipping to change at page 3, line 16 ¶ | |||
| This Glossary is *not* an Internet Standard, and its recommendations | This Glossary is *not* an Internet Standard, and its recommendations | |||
| represent only the opinions of its author. However, this Glossary | represent only the opinions of its author. However, this Glossary | |||
| gives reasons for its recommendations -- especially for the SHOULD | gives reasons for its recommendations -- especially for the SHOULD | |||
| NOTs -- so that readers can judge for themselves what to do. | NOTs -- so that readers can judge for themselves what to do. | |||
| This Glossary provides an internally consistent and self-contained | This Glossary provides an internally consistent and self-contained | |||
| set of terms, abbreviations, and definitions -- supported by | set of terms, abbreviations, and definitions -- supported by | |||
| explanations, recommendations, and references -- for terminology that | explanations, recommendations, and references -- for terminology that | |||
| concerns information system security. The intent of this Glossary is | concerns information system security. The intent of this Glossary is | |||
| to improve the comprehensibility of Internet Standards documents | to improve the comprehensibility of written materials that are | |||
| (ISDs) -- i.e., RFCs, Internet-Drafts, and other material produced as | generated in the Internet Standards Process (RFC 2026) -- i.e., RFCs, | |||
| part of the Internet Standards Process (RFC 2026) -- and other | Internet-Drafts, and other items of discourse -- which are referred | |||
| Internet-related discourse. A few non-security, networking terms are | to here as IDOCs. A few non-security, networking terms are included | |||
| included to make the Glossary self-contained, but more complete | to make the Glossary self-contained, but more complete glossaries of | |||
| glossaries of such terms are available elsewhere [A1523, F1037, | such terms are available elsewhere [A1523, F1037, R1208, R1983]. | |||
| R1208, R1983]. | ||||
| This Glossary supports the goals of the Internet Standards Process: | This Glossary supports the goals of the Internet Standards Process: | |||
| o Clear, Concise, Easily Understood Documentation | o Clear, Concise, Easily Understood Documentation | |||
| This Glossary seeks to improve comprehensibility of security- | This Glossary seeks to improve comprehensibility of security- | |||
| related content of ISDs. That requires wording to be clear and | related content of IDOCs. That requires wording to be clear and | |||
| understandable, and requires the set of security-related terms and | understandable, and requires the set of security-related terms and | |||
| definitions to be consistent and self-supporting. Also, | definitions to be consistent and self-supporting. Also, | |||
| terminology needs to be uniform across all ISDs; i.e., the same | terminology needs to be uniform across all IDOCs; i.e., the same | |||
| term or definition needs to be used whenever and wherever the same | term or definition needs to be used whenever and wherever the same | |||
| concept is mentioned. Harmonization of existing ISDs need not be | concept is mentioned. Harmonization of existing IDOCs need not be | |||
| done immediately, but it is desirable to correct and standardize | done immediately, but it is desirable to correct and standardize | |||
| terminology when new versions are issued in the normal course of | terminology when new versions are issued in the normal course of | |||
| standards development and evolution. | standards development and evolution. | |||
| o Technical Excellence | o Technical Excellence | |||
| Just as Internet Standard (STD) protocols should operate | Just as Internet Standard (STD) protocols should operate | |||
| effectively, ISDs should use terminology accurately, precisely, | effectively, IDOCs should use terminology accurately, precisely, | |||
| and unambiguously to enable standards to be implemented correctly. | and unambiguously to enable standards to be implemented correctly. | |||
| o Prior Implementation and Testing | o Prior Implementation and Testing | |||
| Just as STD protocols require demonstrated experience and | Just as STD protocols require demonstrated experience and | |||
| stability before adoption, ISDs need to use well-established | stability before adoption, IDOCs need to use well-established | |||
| language; and the robustness principle for protocols -- "be | language; and the robustness principle for protocols -- "be | |||
| liberal in what you accept, and conservative in what you send" -- | liberal in what you accept, and conservative in what you send" -- | |||
| is also applicable to the language used in ISDs that describe | is also applicable to the language used in IDOCs that describe | |||
| protocols. Using terms in their plainest, dictionary sense (when | protocols. Using terms in their plainest, dictionary sense (when | |||
| appropriate) helps to ensure international understanding. ISDs | appropriate) helps to make them more easily understood by | |||
| need to avoid using private, newly invented terms in place of | international readers. IDOCs need to avoid using private, newly | |||
| generally accepted terms from open publications. ISDs need to | invented terms in place of generally accepted terms from open | |||
| avoid substituting new definitions that conflict with established | publications. IDOCs need to avoid substituting new definitions | |||
| ones. ISDs need to avoid using "cute" synonyms (e.g., "Green | that conflict with established ones. IDOCs need to avoid using | |||
| Book"), because no matter how popular a nickname may be in one | "cute" synonyms (e.g., "Green Book"), because no matter how | |||
| community, it is likely to cause confusion in another. | popular a nickname may be in one community, it is likely to cause | |||
| confusion in another. | ||||
| o Openness, Fairness, and Timeliness | o Openness, Fairness, and Timeliness | |||
| ISDs need to avoid using proprietary and trademarked terms for | IDOCs need to avoid using proprietary and trademarked terms for | |||
| purposes other than referring to those particular systems. ISDs | purposes other than referring to those particular systems. IDOCs | |||
| also need to avoid terms that either favor a particular vendor or | also need to avoid terms that either favor a particular vendor or | |||
| favor a particular security technology or mechanism over other, | favor a particular security technology or mechanism over other, | |||
| competing techniques that already exist or might be developed in | competing techniques that already exist or might be developed in | |||
| the future. The set of terminology used across the set of ISDs | the future. The set of terminology used across the set of IDOCs | |||
| needs to be flexible and adaptable as the state of Internet | needs to be flexible and adaptable as the state of Internet | |||
| security art evolves. | security art evolves. | |||
| In support of those goals, this Glossary offers guidance by marking | In support of those goals, this Glossary offers guidance by marking | |||
| terms and definitions as being either endorsed or deprecated for use | terms and definitions as being either endorsed or deprecated for use | |||
| in ISDs. The key words "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", | in IDOCs. The key words "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", | |||
| and "OPTIONAL" are intended to be interpreted the same way as in an | and "OPTIONAL" are intended to be interpreted the same way as in an | |||
| Internet Standard (i.e., as specified in RFC 2119). Other glossaries | Internet Standard (i.e., as specified in RFC 2119). Other glossaries | |||
| (e.g., [Raym]) list additional terms that deal with Internet security | (e.g., [Raym]) list additional terms that deal with Internet security | |||
| but have not been included in this Glossary because they are not | but have not been included in this Glossary because they are not | |||
| appropriate for ISDs. | appropriate for IDOCs. | |||
| 2. Format of Entries | 2. Format of Entries | |||
| Section 4 presents Glossary entries in the following manner: | Section 4 presents Glossary entries in the following manner: | |||
| 2.1 Order of Entries | 2.1 Order of Entries | |||
| Entries are sorted in lexicographic order, without regard to | Entries are sorted in lexicographic order, without regard to | |||
| capitalization. Numeric digits are treated as preceding alphabetic | capitalization. Numeric digits are treated as preceding alphabetic | |||
| characters, and special characters are treated as preceding | characters, and special characters are treated as preceding | |||
| digits. Blanks are treated as preceding non-blank characters, | digits. Blanks are treated as preceding non-blank characters, | |||
| except that a hyphen or slash between the parts of a multiword | except that a hyphen or slash between the parts of a multiword | |||
| entry (e.g., "RED/BLACK separation") is treated like a blank. | entry (e.g., "RED/BLACK separation") is treated like a blank. | |||
| If an entry has multiple definitions (e.g., "domain"), they are | If an entry has multiple definitions (e.g., "domain"), they are | |||
| numbered beginning with "1", and any of those multiple definitions | numbered beginning with "1", and any of those multiple definitions | |||
| that are RECOMMENDED for use in ISDs are presented before other | that are RECOMMENDED for use in IDOCs are presented before other | |||
| definitions for that entry. If definitions are closely related | definitions for that entry. If definitions are closely related | |||
| (e.g., "threat"), they are denoted by adding letters to a number, | (e.g., "threat"), they are denoted by adding letters to a number, | |||
| such as "1a" and "1b". | such as "1a" and "1b". | |||
| 2.2 Capitalization and Abbreviations | 2.2 Capitalization and Abbreviations | |||
| Entries that are proper nouns are capitalized (e.g., "Data | Entries that are proper nouns are capitalized (e.g., "Data | |||
| Encryption Algorithm"), as are other words derived from proper | Encryption Algorithm"), as are other words derived from proper | |||
| nouns (e.g., "Caesar cipher"). All other entries are not | nouns (e.g., "Caesar cipher"). All other entries are not | |||
| capitalized (e.g., "certification authority"). Each acronym or | capitalized (e.g., "certification authority"). Each acronym or | |||
| skipping to change at page 5, line 22 ¶ | skipping to change at page 5, line 22 ¶ | |||
| other entries in which "X" is used in explanations. | other entries in which "X" is used in explanations. | |||
| 2.4 Definition Type and Context | 2.4 Definition Type and Context | |||
| Each entry is preceded by a character -- I, N, O, or D -- enclosed | Each entry is preceded by a character -- I, N, O, or D -- enclosed | |||
| in parentheses, to indicate the type of definition (as is | in parentheses, to indicate the type of definition (as is | |||
| explained further in Section 3): | explained further in Section 3): | |||
| - "I" for a RECOMMENDED term or definition of Internet origin. | - "I" for a RECOMMENDED term or definition of Internet origin. | |||
| - "N" if RECOMMENDED but not of Internet origin. | - "N" if RECOMMENDED but not of Internet origin. | |||
| - "O" for a term or definition that is NOT recommended for use in | - "O" for a term or definition that is NOT recommended for use in | |||
| ISDs but is something that authors of Internet documents should | IDOCs but is something that authors of Internet documents | |||
| know about. | should know about. | |||
| - "D" for a term or definition that is deprecated and SHOULD NOT | - "D" for a term or definition that is deprecated and SHOULD NOT | |||
| be used in Internet documents. | be used in Internet documents. | |||
| If a definition is valid only in a specific context (e.g., | If a definition is valid only in a specific context (e.g., | |||
| "baggage"), that context is shown immediately following the | "baggage"), that context is shown immediately following the | |||
| definition type and is enclosed by a pair of slash symbols (/). If | definition type and is enclosed by a pair of slash symbols (/). If | |||
| the definition is valid only for specific parts of speech, that is | the definition is valid only for specific parts of speech, that is | |||
| shown in the same way (e.g., "archive"). | shown in the same way (e.g., "archive"). | |||
| 2.5 Explanatory Notes | 2.5 Explanatory Notes | |||
| skipping to change at page 5, line 47 ¶ | skipping to change at page 5, line 47 ¶ | |||
| - Deprecated Abbreviation (e.g., "AA") | - Deprecated Abbreviation (e.g., "AA") | |||
| - Deprecated Definition (e.g., "digital certification") | - Deprecated Definition (e.g., "digital certification") | |||
| - Deprecated Usage (e.g., "authenticate") | - Deprecated Usage (e.g., "authenticate") | |||
| - Deprecated Term (e.g., "certificate authority") | - Deprecated Term (e.g., "certificate authority") | |||
| - Pronunciation (e.g., "*-property") | - Pronunciation (e.g., "*-property") | |||
| - Derivation (e.g., "discretionary access control") | - Derivation (e.g., "discretionary access control") | |||
| - Tutorial (e.g., "accreditation") | - Tutorial (e.g., "accreditation") | |||
| - Example (e.g., "back door") | - Example (e.g., "back door") | |||
| - Usage (e.g., "access") | - Usage (e.g., "access") | |||
| Explanatory text in this Glossary MAY be reused in other ISDs. | Explanatory text in this Glossary MAY be reused in IDOCs. However, | |||
| However, such text is not intended to authoritatively supersede | this text is not intended to authoritatively supersede text of an | |||
| text of an ISD in which the Glossary entry is already used. | IDOC in which the Glossary entry is already used. | |||
| 2.6 Cross-References | 2.6 Cross-References | |||
| Some entries contain a parenthetical remark of the form "(See: | Some entries contain a parenthetical remark of the form "(See: | |||
| X.)", where X is a list of other, related terms. Some entries | X.)", where X is a list of other, related terms. Some entries | |||
| contain a remark of the form "(Compare: X)", where X is a list of | contain a remark of the form "(Compare: X)", where X is a list of | |||
| terms that either are antonyms of the entry or differ in some | terms that either are antonyms of the entry or differ in some | |||
| other manner worth noting. | other manner worth noting. | |||
| 2.7 Trademarks | 2.7 Trademarks | |||
| skipping to change at page 6, line 48 ¶ | skipping to change at page 6, line 48 ¶ | |||
| to look like this: | to look like this: | |||
| Then delete one line from the file by typing "dd." | Then delete one line from the file by typing "dd." | |||
| However, in the vi language, the dot character repeats the last | However, in the vi language, the dot character repeats the last | |||
| command accepted. So, if a reader entered "dd.", two lines would | command accepted. So, if a reader entered "dd.", two lines would | |||
| be deleted instead of one. | be deleted instead of one. | |||
| Similarly, use of standard American punctuation might cause | Similarly, use of standard American punctuation might cause | |||
| misunderstanding in entries in this Glossary. Thus, the new | misunderstanding in entries in this Glossary. Thus, the new | |||
| punctuation is used here, and we recommend it for ISDs. | punctuation is used here, and we recommend it for IDOCs. | |||
| 3. Types of Entries | 3. Types of Entries | |||
| Each entry in this Glossary is marked as type I, N, O, or D: | Each entry in this Glossary is marked as type I, N, O, or D: | |||
| 3.1 Type "I": Recommended Definitions of Internet Origin | 3.1 Type "I": Recommended Definitions of Internet Origin | |||
| The marking "I" indicates two things: | The marking "I" indicates two things: | |||
| - Origin: "I" (as opposed to "N") means either that the Internet | - Origin: "I" (as opposed to "N") means either that the Internet | |||
| Standards Process or Internet community is authoritative for | Standards Process or Internet community is authoritative for | |||
| the definition *or* that the term is sufficiently generic that | the definition *or* that the term is sufficiently generic that | |||
| this Glossary can freely state a definition without | this Glossary can freely state a definition without | |||
| contradicting a non-Internet authority (e.g., "attack"). | contradicting a non-Internet authority (e.g., "attack"). | |||
| - Recommendation: "I" (as opposed to "O") means that the term and | - Recommendation: "I" (as opposed to "O") means that the term and | |||
| definition are RECOMMENDED for use in ISDs. However, some "I" | definition are RECOMMENDED for use in IDOCs. However, some "I" | |||
| entries may be accompanied by a "Usage" note that states a | entries may be accompanied by a "Usage" note that states a | |||
| limitation (e.g., "certification"), and ISDs SHOULD NOT use the | limitation (e.g., "certification"), and IDOCs SHOULD NOT use | |||
| defined term outside that limited context. | the defined term outside that limited context. | |||
| Many "I" entries are proper nouns (e.g., "Internet Protocol") for | Many "I" entries are proper nouns (e.g., "Internet Protocol") for | |||
| which the definition is intended only to provide basic | which the definition is intended only to provide basic | |||
| information; i.e., the authoritative definition of such terms is | information; i.e., the authoritative definition of such terms is | |||
| found elsewhere. For a proper noun described as an "Internet | found elsewhere. For a proper noun described as an "Internet | |||
| protocol", please refer to the current edition of "Internet | protocol", please refer to the current edition of "Internet | |||
| Official Protocol Standards" (Standard 1) for the standardization | Official Protocol Standards" (Standard 1) for the standardization | |||
| status of the protocol. | status of the protocol. | |||
| 3.2 Type "N": Recommended Definitions of Non-Internet Origin | 3.2 Type "N": Recommended Definitions of Non-Internet Origin | |||
| The marking "N" indicates two things: | The marking "N" indicates two things: | |||
| - Origin: "N" (as opposed to "I") means that the entry has a non- | - Origin: "N" (as opposed to "I") means that the entry has a non- | |||
| Internet basis or origin. | Internet basis or origin. | |||
| - Recommendation: "N" (as opposed to "O") means that the term and | - Recommendation: "N" (as opposed to "O") means that the term and | |||
| definition are RECOMMENDED for use in ISDs, if they are needed | definition are RECOMMENDED for use in IDOCs, if they are needed | |||
| at all in ISDs. Many of these entries are accompanied by a | at all in IDOCs. Many of these entries are accompanied by a | |||
| label that states a context (e.g., "package") or a note that | label that states a context (e.g., "package") or a note that | |||
| states a limitation (e.g., "data integrity"), and ISDs SHOULD | states a limitation (e.g., "data integrity"), and IDOCs SHOULD | |||
| NOT use the defined term outside that context or limit. Some of | NOT use the defined term outside that context or limit. Some of | |||
| the contexts are rarely if ever expected to occur in an ISD | the contexts are rarely if ever expected to occur in an IDOC | |||
| (e.g., "baggage"). In those cases, the listing exists to make | (e.g., "baggage"). In those cases, the listing exists to make | |||
| Internet authors aware of the non-Internet usage so that they | Internet authors aware of the non-Internet usage so that they | |||
| can avoid conflicts with non-Internet documents. | can avoid conflicts with non-Internet documents. | |||
| 3.3 Type "O": Other Terms and Definitions To Be Noted | 3.3 Type "O": Other Terms and Definitions To Be Noted | |||
| The marking "O" means that the definition is of non-Internet | The marking "O" means that the definition is of non-Internet | |||
| origin and SHOULD NOT be used in ISDs *except* in cases where the | origin and SHOULD NOT be used in IDOCs *except* in cases where the | |||
| term is specifically identified as non-Internet. | term is specifically identified as non-Internet. | |||
| For example, an ISD might mention "BCA" (see: brand certification | For example, an IDOC might mention "BCA" (see: brand certification | |||
| authority) or "baggage" as an example of some concept; in that | authority) or "baggage" as an example of some concept; in that | |||
| case, the document should specifically say "SET(trademark) BCA" or | case, the document should specifically say "SET(trademark) BCA" or | |||
| "SET(trademark) baggage" and include the definition of the term. | "SET(trademark) baggage" and include the definition of the term. | |||
| 3.4 Type "D": Deprecated Terms and Definitions | 3.4 Type "D": Deprecated Terms and Definitions | |||
| If this Glossary recommends that a term or definition SHOULD NOT | If this Glossary recommends that a term or definition SHOULD NOT | |||
| be used in ISDs, then the entry is marked as type "D", and an | be used in IDOCs, then the entry is marked as type "D", and an | |||
| explanatory note -- "Deprecated Term", "Deprecated Abbreviation", | explanatory note -- "Deprecated Term", "Deprecated Abbreviation", | |||
| "Deprecated Definition", or "Deprecated Usage" -- is provided. | "Deprecated Definition", or "Deprecated Usage" -- is provided. | |||
| 3.5 Definition Substitutions | 3.5 Definition Substitutions | |||
| Some terms have a definition published by a non-Internet authority | Some terms have a definition published by a non-Internet authority | |||
| -- a government (e.g., "object reuse"), an industry (e.g., "Secure | -- a government (e.g., "object reuse"), an industry (e.g., "Secure | |||
| Data Exchange"), a national authority (e.g., "Data Encryption | Data Exchange"), a national authority (e.g., "Data Encryption | |||
| Standard"), or an international body (e.g., "data | Standard"), or an international body (e.g., "data | |||
| confidentiality") -- that is suitable for use in ISDs. In those | confidentiality") -- that is suitable for use in IDOCs. In those | |||
| cases, this Glossary marks the definition "N", recommending its | cases, this Glossary marks the definition "N", recommending its | |||
| use in Internet documents. | use in Internet documents. | |||
| Other such terms have definitions that are inadequate or | Other such terms have definitions that are inadequate or | |||
| inappropriate for ISDs. For example, a definition might be | inappropriate for IDOCs. For example, a definition might be | |||
| outdated or too narrow, or it might need clarification by | outdated or too narrow, or it might need clarification by | |||
| substituting more careful wording (e.g., "authentication | substituting more careful wording (e.g., "authentication | |||
| exchange") or explanations, using other terms that are defined in | exchange") or explanations, using other terms that are defined in | |||
| this Glossary. In those cases, this Glossary marks the entry "O", | this Glossary. In those cases, this Glossary marks the entry "O", | |||
| and provides an "I" or "N" entry that precedes, and is intended to | and provides an "I" or "N" entry that precedes, and is intended to | |||
| supersede, the "O" entry. | supersede, the "O" entry. | |||
| In some cases where this Glossary provides a definition to | In some cases where this Glossary provides a definition to | |||
| supersede an "O" definition, the substitute is intended to subsume | supersede an "O" definition, the substitute is intended to subsume | |||
| the meaning of the "O" entry and not conflict with it. For the | the meaning of the "O" entry and not conflict with it. For the | |||
| term "security service", for example, the "O" definition deals | term "security service", for example, the "O" definition deals | |||
| narrowly with only communication services provided by layers in | narrowly with only communication services provided by layers in | |||
| the OSIRM and is inadequate for the full range of ISD usage, while | the OSIRM and is inadequate for the full range of IDOC usage, | |||
| the new "I" definition provided by this Glossary can be used in | while the new "I" definition provided by this Glossary can be used | |||
| more situations and for more kinds of service. However, the "O" | in more situations and for more kinds of service. However, the "O" | |||
| definition is also listed so that ISD authors will be aware of the | definition is also listed so that IDOC authors will be aware of | |||
| context in which the term is used more narrowly. | the context in which the term is used more narrowly. | |||
| When making substitutions, this Glossary attempts to avoid | When making substitutions, this Glossary attempts to avoid | |||
| contradicting any non-Internet authority. Still, terminology | contradicting any non-Internet authority. Still, terminology | |||
| differs between authorities such as the American Bar Association, | differs between authorities such as the American Bar Association, | |||
| OSI, SET, the U.S. DoD, and other authorities; and this Glossary | OSI, SET, the U.S. DoD, and other authorities; and this Glossary | |||
| probably is not exactly aligned with any of them. | probably is not exactly aligned with any of them. | |||
| 4. Definitions | 4. Definitions | |||
| $ *-property | $ *-property | |||
| skipping to change at page 9, line 19 ¶ | skipping to change at page 9, line 19 ¶ | |||
| LaPadula model. Pronunciation: star property. | LaPadula model. Pronunciation: star property. | |||
| $ 3DES | $ 3DES | |||
| (N) See: Triple Data Encryption Algorithm. | (N) See: Triple Data Encryption Algorithm. | |||
| $ A1 computer system | $ A1 computer system | |||
| (O) /TCSEC/ See: Tutorial under "Trusted Computer System | (O) /TCSEC/ See: Tutorial under "Trusted Computer System | |||
| Evaluation Criteria". (Compare: beyond A1.) | Evaluation Criteria". (Compare: beyond A1.) | |||
| $ AA | $ AA | |||
| (D) See: "Deprecated Abbreviation" under "attribute authority". | (D) See: "Deprecated Usage" under "attribute authority". | |||
| $ ABA Guidelines | $ ABA Guidelines | |||
| (N) "American Bar Association (ABA) Digital Signature Guidelines" | (N) "American Bar Association (ABA) Digital Signature Guidelines" | |||
| [DSG], a framework of legal principles for using digital | [DSG], a framework of legal principles for using digital | |||
| signatures and digital certificates in electronic commerce. | signatures and digital certificates in electronic commerce. | |||
| $ Abstract Syntax Notation One (ASN.1) | $ Abstract Syntax Notation One (ASN.1) | |||
| (N) A standard for describing data objects. [Larm, X680] (See: | (N) A standard for describing data objects. [Larm, X680] (See: | |||
| CMS.) | CMS.) | |||
| Usage: ISDs SHOULD use the term "ASN.1" narrowly to | Usage: IDOCs SHOULD use the term "ASN.1" narrowly to | |||
| describe the notation or language called "Abstract | describe the notation or language called "Abstract | |||
| Syntax Notation One". ISDs MAY use the term more broadly | Syntax Notation One". IDOCs MAY use the term more | |||
| to encompass the notation, its associated encoding rules | broadly to encompass the notation, its associated | |||
| (see: BER), and software tools that assist in its use, | encoding rules (see: BER), and software tools that | |||
| when the context makes this meaning clear. | assist in its use, when the context makes this meaning | |||
| clear. | ||||
| Tutorial: OSIRM defines computer network functionality in layers. | Tutorial: OSIRM defines computer network functionality in layers. | |||
| Protocols and data objects at higher layers are abstractly defined | Protocols and data objects at higher layers are abstractly defined | |||
| to be implemented using protocols and data objects from lower | to be implemented using protocols and data objects from lower | |||
| layers. A higher layer may define transfers of abstract objects | layers. A higher layer may define transfers of abstract objects | |||
| between computers, and a lower layer may define those transfers | between computers, and a lower layer may define those transfers | |||
| concretely as strings of bits. Syntax is needed to specify data | concretely as strings of bits. Syntax is needed to specify data | |||
| formats of abstract objects, and encoding rules are needed to | formats of abstract objects, and encoding rules are needed to | |||
| transform abstract objects into bit strings at lower layers. OSI | transform abstract objects into bit strings at lower layers. OSI | |||
| standards use ASN.1 for those specifications and use various | standards use ASN.1 for those specifications and use various | |||
| skipping to change at page 11, line 50 ¶ | skipping to change at page 11, line 50 ¶ | |||
| principal) that is authorized to use the resource in some other | principal) that is authorized to use the resource in some other | |||
| manner. (See: insider.) The two basic mechanisms for implementing | manner. (See: insider.) The two basic mechanisms for implementing | |||
| this service are ACLs and tickets. | this service are ACLs and tickets. | |||
| $ access level | $ access level | |||
| 1. (D) Synonym for the hierarchical "classification level" in a | 1. (D) Synonym for the hierarchical "classification level" in a | |||
| security level. [C4009] (See: security level.) | security level. [C4009] (See: security level.) | |||
| 2. (D) Synonym for "clearance level". | 2. (D) Synonym for "clearance level". | |||
| Deprecated Definitions: ISDs SHOULD NOT use this term with these | Deprecated Definitions: IDOCs SHOULD NOT use this term with these | |||
| definitions because they duplicate the meaning of more specific | definitions because they duplicate the meaning of more specific | |||
| terms. Any ISD that uses this term SHOULD provide a specific | terms. Any IDOC that uses this term SHOULD provide a specific | |||
| definition for it because access control may be based on many | definition for it because access control may be based on many | |||
| attributes other than classification level and clearance level. | attributes other than classification level and clearance level. | |||
| $ access list | $ access list | |||
| (I) /physical security/ Roster of persons who are authorized to | (I) /physical security/ Roster of persons who are authorized to | |||
| enter a controlled area. (Compare: access control list.) | enter a controlled area. (Compare: access control list.) | |||
| $ access mode | $ access mode | |||
| (I) A distinct type of data processing operation (e.g., read, | (I) A distinct type of data processing operation (e.g., read, | |||
| write, append, or execute, or a combination of operations) that a | write, append, or execute, or a combination of operations) that a | |||
| subject can potentially perform on an object in an information | subject can potentially perform on an object in an information | |||
| system. [Huff] (See: read, write.) | system. [Huff] (See: read, write.) | |||
| $ access policy | $ access policy | |||
| (I) A kind of "security policy". (See: access, access control.) | (I) A kind of "security policy". (See: access, access control.) | |||
| $ access profile | $ access profile | |||
| (O) Synonym for "capability list". | (O) Synonym for "capability list". | |||
| Usage: ISDs that use this term SHOULD state a definition for it | Usage: IDOCs that use this term SHOULD state a definition for it | |||
| because the definition is not widely known. | because the definition is not widely known. | |||
| $ access right | $ access right | |||
| (I) Synonym for "authorization"; emphasizes the possession of the | (I) Synonym for "authorization"; emphasizes the possession of the | |||
| authorization by a system entity. | authorization by a system entity. | |||
| $ accountability | $ accountability | |||
| (I) The property of a system or system resource that ensures that | (I) The property of a system or system resource that ensures that | |||
| the actions of a system entity may be traced uniquely to that | the actions of a system entity may be traced uniquely to that | |||
| entity, which can then be held responsible for its actions. [Huff] | entity, which can then be held responsible for its actions. [Huff] | |||
| skipping to change at page 14, line 10 ¶ | skipping to change at page 14, line 10 ¶ | |||
| Tutorial: Active content can be mobile code when its associated | Tutorial: Active content can be mobile code when its associated | |||
| file is transferred across a network. | file is transferred across a network. | |||
| 1b. (O) "Electronic documents that can carry out or trigger | 1b. (O) "Electronic documents that can carry out or trigger | |||
| actions automatically on a computer platform without the | actions automatically on a computer platform without the | |||
| intervention of a user. [This technology enables] mobile code | intervention of a user. [This technology enables] mobile code | |||
| associated with a document to execute as the document is | associated with a document to execute as the document is | |||
| rendered." [SP28] | rendered." [SP28] | |||
| $ active user | $ active user | |||
| (I) See: secondary definition under "attack". | (I) See: secondary definition under "system user". | |||
| $ active wiretapping | $ active wiretapping | |||
| (I) A wiretapping attack that attempts to alter data being | (I) A wiretapping attack that attempts to alter data being | |||
| communicated or otherwise affect data flow. (See: wiretapping. | communicated or otherwise affect data flow. (See: wiretapping. | |||
| Compare: active attack, passive wiretapping.) | Compare: active attack, passive wiretapping.) | |||
| $ add-on security | $ add-on security | |||
| (N) The retrofitting of protection mechanisms, implemented by | (N) The retrofitting of protection mechanisms, implemented by | |||
| hardware or software, in an information system after the system | hardware or software, in an information system after the system | |||
| has become operational. [FP039] (Compare: baked-in security.) | has become operational. [FP039] (Compare: baked-in security.) | |||
| skipping to change at page 16, line 21 ¶ | skipping to change at page 16, line 21 ¶ | |||
| (I) A name that an entity uses in place of its real name, usually | (I) A name that an entity uses in place of its real name, usually | |||
| for the purpose of either anonymity or masquerade. | for the purpose of either anonymity or masquerade. | |||
| $ Alice and Bob | $ Alice and Bob | |||
| (I) The parties that are most often called upon to illustrate the | (I) The parties that are most often called upon to illustrate the | |||
| operation of bipartite security protocols. These and other | operation of bipartite security protocols. These and other | |||
| dramatis personae are listed by Schneier [Schn]. | dramatis personae are listed by Schneier [Schn]. | |||
| $ American National Standards Institute (ANSI) | $ American National Standards Institute (ANSI) | |||
| (N) A private, not-for-profit association that administers U.S. | (N) A private, not-for-profit association that administers U.S. | |||
| private sector voluntary standards. | private-sector voluntary standards. | |||
| Tutorial: ANSI has approximately 1,000 member organizations, | Tutorial: ANSI has approximately 1,000 member organizations, | |||
| including equipment users, manufacturers, and others. These | including equipment users, manufacturers, and others. These | |||
| include commercial firms, government agencies, and other | include commercial firms, government agencies, and other | |||
| institutions and international entities. | institutions and international entities. | |||
| ANSI is the sole U.S. representative to (a) ISO and (b) (via the | ANSI is the sole U.S. representative to (a) ISO and (b) (via the | |||
| U.S. National Committee) the International Electrotechnical | U.S. National Committee) the International Electrotechnical | |||
| Commission (IEC), which are the two major, non-treaty, | Commission (IEC), which are the two major, non-treaty, | |||
| international standards organizations. | international standards organizations. | |||
| skipping to change at page 18, line 4 ¶ | skipping to change at page 18, line 4 ¶ | |||
| anyone to gather information about which servers the client | anyone to gather information about which servers the client | |||
| accesses and (b) without allowing the accessed servers to gather | accesses and (b) without allowing the accessed servers to gather | |||
| information about the client, such as its IP address. | information about the client, such as its IP address. | |||
| $ anonymous credential | $ anonymous credential | |||
| (D) /U.S. Government/ A credential that (a) can be used to | (D) /U.S. Government/ A credential that (a) can be used to | |||
| authenticate a person as having a specific attribute or being a | authenticate a person as having a specific attribute or being a | |||
| member of a specific group (e.g., military veterans or U.S. | member of a specific group (e.g., military veterans or U.S. | |||
| citizens) but (b) does not reveal the individual identity of the | citizens) but (b) does not reveal the individual identity of the | |||
| person that presents the credential. [M0404] (See: anonymity.) | person that presents the credential. [M0404] (See: anonymity.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts | Deprecated Term: IDOCs SHOULD NOT use this term; it mixes concepts | |||
| in a potentially misleading way. For example, when the credential | in a potentially misleading way. For example, when the credential | |||
| is an X.509 certificate, the term could be misunderstood to mean | is an X.509 certificate, the term could be misunderstood to mean | |||
| that the certificate was signed by a CA that has a persona | that the certificate was signed by a CA that has a persona | |||
| certificate. Instead, use "attribute certificate", "organizational | certificate. Instead, use "attribute certificate", "organizational | |||
| certificate", or "persona certificate" depending on what is meant, | certificate", or "persona certificate" depending on what is meant, | |||
| and provide additional explanations as needed. | and provide additional explanations as needed. | |||
| $ anonymous login | $ anonymous login | |||
| (I) An access control feature (actually, an access control | (I) An access control feature (actually, an access control | |||
| vulnerability) in many Internet hosts that enables users to gain | vulnerability) in many Internet hosts that enables users to gain | |||
| skipping to change at page 23, line 23 ¶ | skipping to change at page 23, line 23 ¶ | |||
| the class of information indicated by an attribute type. (See: | the class of information indicated by an attribute type. (See: | |||
| attribute certificate.) | attribute certificate.) | |||
| $ attribute authority (AA) | $ attribute authority (AA) | |||
| 1. (N) A CA that issues attribute certificates. | 1. (N) A CA that issues attribute certificates. | |||
| 2. (O) "An authority [that] assigns privileges by issuing | 2. (O) "An authority [that] assigns privileges by issuing | |||
| attribute certificates." [X509] | attribute certificates." [X509] | |||
| Deprecated Usage: The abbreviation "AA" SHOULD NOT be used in an | Deprecated Usage: The abbreviation "AA" SHOULD NOT be used in an | |||
| ISD unless it is first defined in the ISD. | IDOC unless it is first defined in the IDOC. | |||
| $ attribute certificate | $ attribute certificate | |||
| 1. (I) A digital certificate that binds a set of descriptive data | 1. (I) A digital certificate that binds a set of descriptive data | |||
| items, other than a public key, either directly to a subject name | items, other than a public key, either directly to a subject name | |||
| or to the identifier of another certificate that is a public-key | or to the identifier of another certificate that is a public-key | |||
| certificate. (See: capability token.) | certificate. (See: capability token.) | |||
| 2. (O) "A data structure, digitally signed by an [a]ttribute | 2. (O) "A data structure, digitally signed by an [a]ttribute | |||
| [a]uthority, that binds some attribute values with identification | [a]uthority, that binds some attribute values with identification | |||
| information about its holder." [X509] | information about its holder." [X509] | |||
| skipping to change at page 24, line 9 ¶ | skipping to change at page 24, line 9 ¶ | |||
| - Different authorities: When the authority responsible for the | - Different authorities: When the authority responsible for the | |||
| attributes is different than the one that issues the public-key | attributes is different than the one that issues the public-key | |||
| certificate for the subject. (There is no requirement that an | certificate for the subject. (There is no requirement that an | |||
| attribute certificate be issued by the same CA that issued the | attribute certificate be issued by the same CA that issued the | |||
| associated public-key certificate.) | associated public-key certificate.) | |||
| $ audit | $ audit | |||
| See: security audit. | See: security audit. | |||
| $ audit log | $ audit log | |||
| (I) Synonym for "security audit trail". | (I) Synonym for "security audit trail". | |||
| $ audit service | $ audit service | |||
| (I) A security service that records information needed to | (I) A security service that records information needed to | |||
| establish accountability for system events and for the actions of | establish accountability for system events and for the actions of | |||
| system entities that cause them. (See: security audit.) | system entities that cause them. (See: security audit.) | |||
| $ audit trail | $ audit trail | |||
| (I) See: security audit trail. | (I) See: security audit trail. | |||
| $ AUTH | $ AUTH | |||
| skipping to change at page 24, line 31 ¶ | skipping to change at page 24, line 31 ¶ | |||
| $ authenticate | $ authenticate | |||
| (I) Verify (i.e., establish the truth of) an attribute value | (I) Verify (i.e., establish the truth of) an attribute value | |||
| claimed by or for a system entity or system resource. (See: | claimed by or for a system entity or system resource. (See: | |||
| authentication, validate vs. verify, "relationship between data | authentication, validate vs. verify, "relationship between data | |||
| integrity service and authentication services" under "data | integrity service and authentication services" under "data | |||
| integrity service".) | integrity service".) | |||
| Deprecated Usage: In general English usage, this term is used with | Deprecated Usage: In general English usage, this term is used with | |||
| the meaning "to prove genuine" (e.g., an art expert authenticates | the meaning "to prove genuine" (e.g., an art expert authenticates | |||
| a Michelangelo painting); but ISDs should restrict usage as | a Michelangelo painting); but IDOCs should restrict usage as | |||
| follows: | follows: | |||
| - ISDs SHOULD NOT use this term to refer to proving or checking | - IDOCs SHOULD NOT use this term to refer to proving or checking | |||
| that data has not been changed, destroyed or lost in an | that data has not been changed, destroyed, or lost in an | |||
| unauthorized or accidental manner. Instead use "verify". | unauthorized or accidental manner. Instead use "verify". | |||
| - ISDs SHOULD NOT use this term to refer to proving the truth or | - IDOCs SHOULD NOT use this term to refer to proving the truth or | |||
| accuracy of a fact or value such as a digital signature. | accuracy of a fact or value such as a digital signature. | |||
| Instead, use "verify". | Instead, use "verify". | |||
| - ISDs SHOULD NOT use this term to refer to establishing the | - IDOCs SHOULD NOT use this term to refer to establishing the | |||
| soundness or correctness of a construct, such as a digital | soundness or correctness of a construct, such as a digital | |||
| certificate. Instead, use "validate". | certificate. Instead, use "validate". | |||
| $ authentication | $ authentication | |||
| (I) The process of verifying a claim that a system entity or | (I) The process of verifying a claim that a system entity or | |||
| system resource has a certain attribute value. (See: attribute, | system resource has a certain attribute value. (See: attribute, | |||
| authenticate, authentication exchange, authentication information, | authenticate, authentication exchange, authentication information, | |||
| credential, data origin authentication, peer entity | credential, data origin authentication, peer entity | |||
| authentication, "relationship between data integrity service and | authentication, "relationship between data integrity service and | |||
| authentication services" under "data integrity service", simple | authentication services" under "data integrity service", simple | |||
| skipping to change at page 25, line 20 ¶ | skipping to change at page 25, line 20 ¶ | |||
| (e.g., a user identifier) to the authentication subsystem. | (e.g., a user identifier) to the authentication subsystem. | |||
| - Verification step: Presenting or generating authentication | - Verification step: Presenting or generating authentication | |||
| information (e.g., a value signed with a private key) that acts | information (e.g., a value signed with a private key) that acts | |||
| as evidence to prove the binding between the attribute and that | as evidence to prove the binding between the attribute and that | |||
| for which it is claimed. (See: verification.) | for which it is claimed. (See: verification.) | |||
| $ authentication code | $ authentication code | |||
| (D) Synonym for a checksum based on cryptography. (Compare: Data | (D) Synonym for a checksum based on cryptography. (Compare: Data | |||
| Authentication Code, Message Authentication Code.) | Authentication Code, Message Authentication Code.) | |||
| Deprecated Term: ISDs SHOULD NOT use this uncapitalized term as a | Deprecated Term: IDOCs SHOULD NOT use this uncapitalized term as a | |||
| synonym for any kind of checksum, regardless of whether or not the | synonym for any kind of checksum, regardless of whether or not the | |||
| checksum is cryptographic. Instead, use "checksum", "Data | checksum is cryptographic. Instead, use "checksum", "Data | |||
| Authentication Code", "error detection code", "hash", "keyed | Authentication Code", "error detection code", "hash", "keyed | |||
| hash", "Message Authentication Code", "protected checksum", or | hash", "Message Authentication Code", "protected checksum", or | |||
| some other recommended term, depending on what is meant. | some other recommended term, depending on what is meant. | |||
| The term mixes concepts in a potentially misleading way. The word | The term mixes concepts in a potentially misleading way. The word | |||
| "authentication" is misleading because the checksum may be used to | "authentication" is misleading because the checksum may be used to | |||
| perform a data integrity function rather than a data origin | perform a data integrity function rather than a data origin | |||
| authentication function. | authentication function. | |||
| skipping to change at page 26, line 41 ¶ | skipping to change at page 26, line 41 ¶ | |||
| peer entity authentication service. | peer entity authentication service. | |||
| $ authenticity | $ authenticity | |||
| (I) The property of being genuine and able to be verified and be | (I) The property of being genuine and able to be verified and be | |||
| trusted. (See: authenticate, authentication, validate vs. verify.) | trusted. (See: authenticate, authentication, validate vs. verify.) | |||
| $ authority | $ authority | |||
| (D) /PKI/ "An entity [that is] responsible for the issuance of | (D) /PKI/ "An entity [that is] responsible for the issuance of | |||
| certificates." [X509] | certificates." [X509] | |||
| Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for | Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for | |||
| attribute authority, certification authority, registration | attribute authority, certification authority, registration | |||
| authority, or similar terms; the shortened form may cause | authority, or similar terms; the shortened form may cause | |||
| confusion. Instead, use the full term at the first instance of | confusion. Instead, use the full term at the first instance of | |||
| usage and then, if it is necessary to shorten text, use AA, CA, | usage and then, if it is necessary to shorten text, use AA, CA, | |||
| RA, and other abbreviations defined in this Glossary. | RA, and other abbreviations defined in this Glossary. | |||
| $ authority certificate | $ authority certificate | |||
| (D) "A certificate issued to an authority (e.g. either to a | (D) "A certificate issued to an authority (e.g. either to a | |||
| certification authority or to an attribute authority)." [X509] | certification authority or to an attribute authority)." [X509] | |||
| (See: authority.) | (See: authority.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term because it is | Deprecated Term: IDOCs SHOULD NOT use this term because it is | |||
| ambiguous. Instead, use the full term "certification authority | ambiguous. Instead, use the full term "certification authority | |||
| certificate", "attribute authority certificate", "registration | certificate", "attribute authority certificate", "registration | |||
| authority certificate", etc. at the first instance of usage and | authority certificate", etc. at the first instance of usage and | |||
| then, if it is necessary to shorten text, use AA, CA, RA, and | then, if it is necessary to shorten text, use AA, CA, RA, and | |||
| other abbreviations defined in this Glossary. | other abbreviations defined in this Glossary. | |||
| $ Authority Information Access extension | $ Authority Information Access extension | |||
| (I) The private extension defined by PKIX for X.509 certificates | (I) The private extension defined by PKIX for X.509 certificates | |||
| to indicate "how to access CA information and services for the | to indicate "how to access CA information and services for the | |||
| issuer of the certificate in which the extension appears. | issuer of the certificate in which the extension appears. | |||
| skipping to change at page 28, line 7 ¶ | skipping to change at page 28, line 7 ¶ | |||
| $ authorize | $ authorize | |||
| (I) Grant an authorization to a system entity. | (I) Grant an authorization to a system entity. | |||
| $ authorized user | $ authorized user | |||
| (I) /access control/ A system entity that accesses a system | (I) /access control/ A system entity that accesses a system | |||
| resource for which the entity has received an authorization. | resource for which the entity has received an authorization. | |||
| (Compare: insider, outsider, unauthorized user.) | (Compare: insider, outsider, unauthorized user.) | |||
| Deprecated Usage: ISDs that use this term SHOULD state a | Deprecated Usage: IDOCs that use this term SHOULD state a | |||
| definition for it because the term is used in many ways and could | definition for it because the term is used in many ways and could | |||
| easily be misunderstood. | easily be misunderstood. | |||
| $ automated information system | $ automated information system | |||
| See: information system. | See: information system. | |||
| $ availability | $ availability | |||
| 1. (I) The property of a system or a system resource being | 1. (I) The property of a system or a system resource being | |||
| accessible, or usable or operational upon demand, by an authorized | accessible, or usable or operational upon demand, by an authorized | |||
| system entity, according to performance specifications for the | system entity, according to performance specifications for the | |||
| skipping to change at page 28, line 29 ¶ | skipping to change at page 28, line 29 ¶ | |||
| according to the system design whenever users request them. (See: | according to the system design whenever users request them. (See: | |||
| critical, denial of service. Compare: precedence, reliability, | critical, denial of service. Compare: precedence, reliability, | |||
| survivability.) | survivability.) | |||
| 2. (O) "The property of being accessible and usable upon demand by | 2. (O) "The property of being accessible and usable upon demand by | |||
| an authorized entity." [I7498-2] | an authorized entity." [I7498-2] | |||
| 3. (D) "Timely, reliable access to data and information services | 3. (D) "Timely, reliable access to data and information services | |||
| for authorized users." [C4009] | for authorized users." [C4009] | |||
| Deprecated Definition: ISDs SHOULD NOT use the term with | Deprecated Definition: IDOCs SHOULD NOT use the term with | |||
| definition 3; the definition mixes "availability" with | definition 3; the definition mixes "availability" with | |||
| "reliability", which is a different property. (See: reliability.) | "reliability", which is a different property. (See: reliability.) | |||
| Tutorial: Availability requirements can be specified by | Tutorial: Availability requirements can be specified by | |||
| quantitative metrics, but sometimes are stated qualitatively, such | quantitative metrics, but sometimes are stated qualitatively, such | |||
| as in the following: | as in the following: | |||
| - "Flexible tolerance for delay" may mean that brief system | - "Flexible tolerance for delay" may mean that brief system | |||
| outages do not endanger mission accomplishment, but extended | outages do not endanger mission accomplishment, but extended | |||
| outages may endanger the mission. | outages may endanger the mission. | |||
| - "Minimum tolerance for delay" may mean that mission | - "Minimum tolerance for delay" may mean that mission | |||
| skipping to change at page 29, line 51 ¶ | skipping to change at page 29, line 51 ¶ | |||
| $ bagbiter | $ bagbiter | |||
| (D) /slang/ "An entity, such as a program or a computer, that | (D) /slang/ "An entity, such as a program or a computer, that | |||
| fails to work or that works in a remarkably clumsy manner. A | fails to work or that works in a remarkably clumsy manner. A | |||
| person who has caused some trouble, inadvertently or otherwise, | person who has caused some trouble, inadvertently or otherwise, | |||
| typically by failing to program the computer properly." [NCSSG] | typically by failing to program the computer properly." [NCSSG] | |||
| (See: flaw.) | (See: flaw.) | |||
| Deprecated Term: It is likely that other cultures use different | Deprecated Term: It is likely that other cultures use different | |||
| metaphors for these concepts. Therefore, to avoid international | metaphors for these concepts. Therefore, to avoid international | |||
| misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated | misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated | |||
| Usage under "Green Book.") | Usage under "Green Book.") | |||
| $ baggage | $ baggage | |||
| (O) /SET/ An "opaque encrypted tuple, which is included in a SET | (O) /SET/ An "opaque encrypted tuple, which is included in a SET | |||
| message but appended as external data to the PKCS encapsulated | message but appended as external data to the PKCS encapsulated | |||
| data. This avoids superencryption of the previously encrypted | data. This avoids superencryption of the previously encrypted | |||
| tuple, but guarantees linkage with the PKCS portion of the | tuple, but guarantees linkage with the PKCS portion of the | |||
| message." [SET2] | message." [SET2] | |||
| Deprecated Usage: ISDs SHOULD NOT use this term to describe a data | Deprecated Usage: IDOCs SHOULD NOT use this term to describe a | |||
| element, except in the form "SET(trademark) baggage" with the | data element, except in the form "SET(trademark) baggage" with the | |||
| meaning given above. | meaning given above. | |||
| $ baked-in security | $ baked-in security | |||
| (D) The inclusion of security mechanisms in an information system | (D) The inclusion of security mechanisms in an information system | |||
| beginning at an early point in the system's life cycle, i.e., | beginning at an early point in the system's life cycle, i.e., | |||
| during the design phase, or at least early in the implementation | during the design phase, or at least early in the implementation | |||
| phase. (Compare: add-on security.) | phase. (Compare: add-on security.) | |||
| Deprecated Term: It is likely that other cultures use different | Deprecated Term: It is likely that other cultures use different | |||
| metaphors for this concept. Therefore, to avoid international | metaphors for this concept. Therefore, to avoid international | |||
| misunderstanding, ISDs SHOULD NOT use this term (unless they also | misunderstanding, IDOCs SHOULD NOT use this term (unless they also | |||
| provide a definition like this one). (See: Deprecated Usage under | provide a definition like this one). (See: Deprecated Usage under | |||
| "Green Book".) | "Green Book".) | |||
| $ bandwidth | $ bandwidth | |||
| (I) The total width of the frequency band that is available to or | (I) The total width of the frequency band that is available to or | |||
| used by a communication channel; usually expressed in Hertz (Hz). | used by a communication channel; usually expressed in Hertz (Hz). | |||
| (RFC 3753) (Compare: channel capacity.) | (RFC 3753) (Compare: channel capacity.) | |||
| $ bank identification number (BIN) | $ bank identification number (BIN) | |||
| 1. (O) The digits of a credit card number that identify the | 1. (O) The digits of a credit card number that identify the | |||
| skipping to change at page 31, line 13 ¶ | skipping to change at page 31, line 13 ¶ | |||
| bastion host, which usually is part of the firewall. Since only | bastion host, which usually is part of the firewall. Since only | |||
| this one host can be directly attacked, only this one host needs | this one host can be directly attacked, only this one host needs | |||
| to be very strongly protected, so security can be maintained more | to be very strongly protected, so security can be maintained more | |||
| easily and less expensively. However, to allow legitimate internal | easily and less expensively. However, to allow legitimate internal | |||
| and external users to access application resources through the | and external users to access application resources through the | |||
| firewall, higher layer protocols and services need to be relayed | firewall, higher layer protocols and services need to be relayed | |||
| and forwarded by the bastion host. Some services (e.g., DNS and | and forwarded by the bastion host. Some services (e.g., DNS and | |||
| SMTP) have forwarding built in; other services (e.g., TELNET and | SMTP) have forwarding built in; other services (e.g., TELNET and | |||
| FTP) require a proxy server on the bastion host. | FTP) require a proxy server on the bastion host. | |||
| $ BBN Technologies | $ BBN Technologies Corp. (BBN) | |||
| (O) The research-and-development company (originally called Bolt | (O) The research-and-development company (originally called Bolt | |||
| Baranek and Newman, Inc.) that built the ARPANET. | Baranek and Newman, Inc.) that built the ARPANET. | |||
| $ BCA | $ BCA | |||
| (O) See: brand certification authority. | (O) See: brand certification authority. | |||
| $ BCR | $ BCR | |||
| (O) See: BLACK/Crypto/RED. | (O) See: BLACK/Crypto/RED. | |||
| $ BCI | $ BCI | |||
| skipping to change at page 34, line 5 ¶ | skipping to change at page 34, line 5 ¶ | |||
| only cipher text. Example: "BLACK key".(See: BCR, color change, | only cipher text. Example: "BLACK key".(See: BCR, color change, | |||
| RED/BLACK separation. Compare: RED.) | RED/BLACK separation. Compare: RED.) | |||
| 2. (O) /U.S. Government/ "Designation applied to information | 2. (O) /U.S. Government/ "Designation applied to information | |||
| systems, and to associated areas, circuits, components, and | systems, and to associated areas, circuits, components, and | |||
| equipment, in which national security information is encrypted or | equipment, in which national security information is encrypted or | |||
| is not processed." [C4009] | is not processed." [C4009] | |||
| 3. (D) Any data that can be disclosed without harm. | 3. (D) Any data that can be disclosed without harm. | |||
| Deprecated Definition: ISDs SHOULD NOT use the term with | Deprecated Definition: IDOCs SHOULD NOT use the term with | |||
| definition 3 because the definition is ambiguous with regard to | definition 3 because the definition is ambiguous with regard to | |||
| whether the data is protected or not. | whether the data is protected or not. | |||
| $ BLACK/Crypto/RED (BCR) | $ BLACK/Crypto/RED (BCR) | |||
| (N) An experimental, end-to-end, network packet encryption system | (N) An experimental, end-to-end, network packet encryption system | |||
| developed in a working prototype form by BBN and the Collins Radio | developed in a working prototype form by BBN and the Collins Radio | |||
| division of Rockwell Corporation in the 1975-1980 time frame for | division of Rockwell Corporation in the 1975-1980 time frame for | |||
| the U.S. DoD. BCR was the first network security system to support | the U.S. DoD. BCR was the first network security system to support | |||
| TCP/IP traffic, and it incorporated the first DES chips that were | TCP/IP traffic, and it incorporated the first DES chips that were | |||
| validated by the U.S. National Bureau of Standards (now called | validated by the U.S. National Bureau of Standards (now called | |||
| skipping to change at page 35, line 56 ¶ | skipping to change at page 35, line 56 ¶ | |||
| (See: Twofish.) | (See: Twofish.) | |||
| $ brain-damaged | $ brain-damaged | |||
| (D) /slang/ "Obviously wrong: extremely poorly designed. Calling | (D) /slang/ "Obviously wrong: extremely poorly designed. Calling | |||
| something brain-damaged is very extreme. The word implies that the | something brain-damaged is very extreme. The word implies that the | |||
| thing is completely unusable, and that its failure to work is due | thing is completely unusable, and that its failure to work is due | |||
| to poor design, not accident." [NCSSG] (See: flaw.) | to poor design, not accident." [NCSSG] (See: flaw.) | |||
| Deprecated Term: It is likely that other cultures use different | Deprecated Term: It is likely that other cultures use different | |||
| metaphors for this concept. Therefore, to avoid international | metaphors for this concept. Therefore, to avoid international | |||
| misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated | misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated | |||
| Usage under "Green Book.") | Usage under "Green Book.") | |||
| $ brand | $ brand | |||
| 1. (I) A distinctive mark or name that identifies a product or | 1. (I) A distinctive mark or name that identifies a product or | |||
| business entity. | business entity. | |||
| 2. (O) /SET/ The name of a payment card. (See: BCA.) | 2. (O) /SET/ The name of a payment card. (See: BCA.) | |||
| Tutorial: Financial institutions and other companies have founded | Tutorial: Financial institutions and other companies have founded | |||
| payment card brands, protect and advertise the brands, establish | payment card brands, protect and advertise the brands, establish | |||
| skipping to change at page 39, line 9 ¶ | skipping to change at page 39, line 9 ¶ | |||
| (D) In a few published descriptions of hybrid encryption for SSH, | (D) In a few published descriptions of hybrid encryption for SSH, | |||
| Windows 2000, and other applications, this term refers to a | Windows 2000, and other applications, this term refers to a | |||
| symmetric key that (a) is used to encrypt a relatively large | symmetric key that (a) is used to encrypt a relatively large | |||
| amount of data and (b) is itself encrypted with a public key. | amount of data and (b) is itself encrypted with a public key. | |||
| (Compare: bulk keying material, session key.) | (Compare: bulk keying material, session key.) | |||
| Example: To send a large file to Bob, Alice (a) generates a | Example: To send a large file to Bob, Alice (a) generates a | |||
| symmetric key and uses it to encrypt the file (i.e., encrypt the | symmetric key and uses it to encrypt the file (i.e., encrypt the | |||
| bulk of the information that is to be sent) and then (b) encrypts | bulk of the information that is to be sent) and then (b) encrypts | |||
| that symmetric key (the "bulk key") with Bob's public key. | that symmetric key (the "bulk key") with Bob's public key. | |||
| Deprecated Term: ISDs SHOULD NOT use this term or definition; they | Deprecated Term: IDOCs SHOULD NOT use this term or definition; the | |||
| are not well-established and could be confused with the | term is not well-established and could be confused with the | |||
| established term "bulk keying material". Instead, use "symmetric | established term "bulk keying material". Instead, use "symmetric | |||
| key" and carefully explain how the key is applied. | key" and carefully explain how the key is applied. | |||
| $ bulk keying material | $ bulk keying material | |||
| (N) Refers to handling keying material in large quantities, e.g., | (N) Refers to handling keying material in large quantities, e.g., | |||
| as a dataset that contains many items of keying material. (See: | as a dataset that contains many items of keying material. (See: | |||
| type 0. Compare: bulk key, bulk encryption.) | type 0. Compare: bulk key, bulk encryption.) | |||
| $ bump-in-the-stack | $ bump-in-the-stack | |||
| (I) An implementation approach that places a network security | (I) An implementation approach that places a network security | |||
| skipping to change at page 40, line 22 ¶ | skipping to change at page 40, line 22 ¶ | |||
| (O) /TCSEC/ See: Tutorial under "Trusted Computer System | (O) /TCSEC/ See: Tutorial under "Trusted Computer System | |||
| Evaluation Criteria". | Evaluation Criteria". | |||
| $ CA | $ CA | |||
| (I) See: certification authority. | (I) See: certification authority. | |||
| $ CA certificate | $ CA certificate | |||
| (D) "A [digital] certificate for one CA issued by another CA." | (D) "A [digital] certificate for one CA issued by another CA." | |||
| [X509] | [X509] | |||
| Deprecated Definition: ISDs SHOULD NOT use the term with this | Deprecated Definition: IDOCs SHOULD NOT use the term with this | |||
| definition; the definition is ambiguous with regard to how the | definition; the definition is ambiguous with regard to how the | |||
| certificate is constructed and how it is intended to be used. ISDs | certificate is constructed and how it is intended to be used. | |||
| that use this term SHOULD provide a technical definition for it. | IDOCs that use this term SHOULD provide a technical definition for | |||
| (See: certificate profile.) | it. (See: certificate profile.) | |||
| Tutorial: There is no single, obvious choice for a technical | Tutorial: There is no single, obvious choice for a technical | |||
| definition of this term. Different PKIs can use different | definition of this term. Different PKIs can use different | |||
| certificate profiles, and X.509 provides several choices of how to | certificate profiles, and X.509 provides several choices of how to | |||
| issue certificates to CAs. For example, one possible definition is | issue certificates to CAs. For example, one possible definition is | |||
| the following: A v3 X.509 public-key certificate that has a | the following: A v3 X.509 public-key certificate that has a | |||
| "basicConstraints" extension containing a "cA" value of "TRUE". | "basicConstraints" extension containing a "cA" value of "TRUE". | |||
| That would specifically indicate that "the certified public key | That would specifically indicate that "the certified public key | |||
| may be used to verify certificate signatures", i.e., that the | may be used to verify certificate signatures", i.e., that the | |||
| private key may be used by a CA. | private key may be used by a CA. | |||
| skipping to change at page 45, line 8 ¶ | skipping to change at page 45, line 8 ¶ | |||
| $ Certificate Arbitrator Module (CAM) | $ Certificate Arbitrator Module (CAM) | |||
| (O) An open-source software module that is designed to be | (O) An open-source software module that is designed to be | |||
| integrated with an application for routing, replying to, and | integrated with an application for routing, replying to, and | |||
| otherwise managing and meditating certificate validation requests | otherwise managing and meditating certificate validation requests | |||
| between that application and the CAs in the ACES PKI. | between that application and the CAs in the ACES PKI. | |||
| $ certificate authority | $ certificate authority | |||
| (D) Synonym for "certification authority". | (D) Synonym for "certification authority". | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it suggests | Deprecated Term: IDOCs SHOULD NOT use this term; it suggests | |||
| careless use of the term "certification authority", which is | careless use of the term "certification authority", which is | |||
| preferred in PKI standards (e.g., [X509, R3280]). | preferred in PKI standards (e.g., [X509, R3280]). | |||
| $ certificate chain | $ certificate chain | |||
| (D) Synonym for "certification path". (See: trust chain.) | (D) Synonym for "certification path". (See: trust chain.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it duplicates the | Deprecated Term: IDOCs SHOULD NOT use this term; it duplicates the | |||
| meaning of a standardized term. Instead, use "certification path". | meaning of a standardized term. Instead, use "certification path". | |||
| $ certificate chain validation | $ certificate chain validation | |||
| (D) Synonym for "certificate validation" or "path validation". | (D) Synonym for "certificate validation" or "path validation". | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it duplicates the | Deprecated Term: IDOCs SHOULD NOT use this term; it duplicates the | |||
| meaning of standardized terms and mixes concepts in a potentially | meaning of standardized terms and mixes concepts in a potentially | |||
| misleading way. Instead, use "certificate validation" or "path | misleading way. Instead, use "certificate validation" or "path | |||
| validation", depending on what is meant. (See: validate vs. | validation", depending on what is meant. (See: validate vs. | |||
| verify.) | verify.) | |||
| $ certificate creation | $ certificate creation | |||
| (I) The act or process by which a CA sets the values of a digital | (I) The act or process by which a CA sets the values of a digital | |||
| certificate's data fields and signs it. (See: issue.) | certificate's data fields and signs it. (See: issue.) | |||
| $ certificate expiration | $ certificate expiration | |||
| skipping to change at page 45, line 46 ¶ | skipping to change at page 45, line 46 ¶ | |||
| Tutorial: The assigned lifetime of an X.509 certificate is stated | Tutorial: The assigned lifetime of an X.509 certificate is stated | |||
| in the certificate itself. (See: validity period.) | in the certificate itself. (See: validity period.) | |||
| $ certificate extension | $ certificate extension | |||
| (I) See: extension. | (I) See: extension. | |||
| $ certificate holder | $ certificate holder | |||
| (D) Synonym for the "subject" of a digital certificate. (Compare: | (D) Synonym for the "subject" of a digital certificate. (Compare: | |||
| certificate owner, certificate user.) | certificate owner, certificate user.) | |||
| Deprecated Definition: ISDs SHOULD NOT use this term as a synonym | Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym | |||
| for the subject of a digital certificate; the term is potentially | for the subject of a digital certificate; the term is potentially | |||
| ambiguous. For example, the term could be misunderstood as | ambiguous. For example, the term could be misunderstood as | |||
| referring to a system entity or component, such as a repository, | referring to a system entity or component, such as a repository, | |||
| that simply has possession of a copy of the certificate. | that simply has possession of a copy of the certificate. | |||
| $ certificate management | $ certificate management | |||
| (I) The functions that a CA may perform during the life cycle of a | (I) The functions that a CA may perform during the life cycle of a | |||
| digital certificate, including the following: | digital certificate, including the following: | |||
| - Acquire and verify data items to bind into the certificate. | - Acquire and verify data items to bind into the certificate. | |||
| - Encode and sign the certificate. | - Encode and sign the certificate. | |||
| - Store the certificate in a directory or repository. | - Store the certificate in a directory or repository. | |||
| - Renew, rekey, and update the certificate. | - Renew, rekey, and update the certificate. | |||
| - Revoke the certificate and issue a CRL. | - Revoke the certificate and issue a CRL. | |||
| (See: archive management, certificate management, key management, | (See: archive management, certificate management, key management, | |||
| security architecture, token management.) | security architecture, token management.) | |||
| $ certificate management authority (CMA) | $ certificate management authority (CMA) | |||
| (D) /U.S. DoD/ Used to mean either a CA or an RA. [DoD7, SP32] | (D) /U.S. DoD/ Used to mean either a CA or an RA. [DoD7, SP32] | |||
| Deprecated Term: ISDs SHOULD NOT use this term because it is | Deprecated Term: IDOCs SHOULD NOT use this term because it is | |||
| potentially ambiguous, such as in a context involve ICRLs. | potentially ambiguous, such as in a context involve ICRLs. | |||
| Instead, use CA, RA, or both, depending on what is meant. | Instead, use CA, RA, or both, depending on what is meant. | |||
| $ certificate owner | $ certificate owner | |||
| (D) Synonym for the "subject" of a digital certificate. (Compare: | (D) Synonym for the "subject" of a digital certificate. (Compare: | |||
| certificate holder, certificate user.) | certificate holder, certificate user.) | |||
| Deprecated Definition: ISDs SHOULD NOT use this term as a synonym | Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym | |||
| for the subject of a digital certificate; the term is potentially | for the subject of a digital certificate; the term is potentially | |||
| ambiguous. For example, the term could refer to a system entity, | ambiguous. For example, the term could refer to a system entity, | |||
| such as a corporation, that has purchased a certificate to operate | such as a corporation, that has purchased a certificate to operate | |||
| equipment, such as a Web server. | equipment, such as a Web server. | |||
| $ certificate path | $ certificate path | |||
| (D) Synonym for "certification path". | (D) Synonym for "certification path". | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it suggests | Deprecated Term: IDOCs SHOULD NOT use this term; it suggests | |||
| careless use of "certification path", which is preferred in PKI | careless use of "certification path", which is preferred in PKI | |||
| standards (e.g., [X509, R3280]). | standards (e.g., [X509, R3280]). | |||
| $ certificate policy | $ certificate policy | |||
| (I) "A named set of rules that indicates the applicability of a | (I) "A named set of rules that indicates the applicability of a | |||
| certificate to a particular community and/or class of application | certificate to a particular community and/or class of application | |||
| with common security requirements." [X509] (Compare: CPS, security | with common security requirements." [X509] (Compare: CPS, security | |||
| policy.) | policy.) | |||
| Example: U.S. DoD's certificate policy [DoD7] defined four classes | Example: U.S. DoD's certificate policy [DoD7] defined four classes | |||
| skipping to change at page 48, line 16 ¶ | skipping to change at page 48, line 16 ¶ | |||
| number is assigned) but the binding of the public key to the | number is assigned) but the binding of the public key to the | |||
| subject and to other data items stays the same. The other data | subject and to other data items stays the same. The other data | |||
| items are changed, and the old certificate is revoked, only as | items are changed, and the old certificate is revoked, only as | |||
| required by the PKI and CPS to support the renewal. If changes go | required by the PKI and CPS to support the renewal. If changes go | |||
| beyond that, the process is a "certificate rekey" or "certificate | beyond that, the process is a "certificate rekey" or "certificate | |||
| update". | update". | |||
| $ certificate request | $ certificate request | |||
| (D) Synonym for "certification request". | (D) Synonym for "certification request". | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it suggests | Deprecated Term: IDOCs SHOULD NOT use this term; it suggests | |||
| careless use of the term "certification request", which is | careless use of the term "certification request", which is | |||
| preferred in PKI standards (e.g., see PKCS #10). | preferred in PKI standards (e.g., see PKCS #10). | |||
| $ certificate revocation | $ certificate revocation | |||
| (I) The event that occurs when a CA declares that a previously | (I) The event that occurs when a CA declares that a previously | |||
| valid digital certificate issued by that CA has become invalid; | valid digital certificate issued by that CA has become invalid; | |||
| usually stated with a effective date. | usually stated with a effective date. | |||
| Tutorial: In X.509, a revocation is announced to potential | Tutorial: In X.509, a revocation is announced to potential | |||
| certificate users by issuing a CRL that mentions the certificate. | certificate users by issuing a CRL that mentions the certificate. | |||
| skipping to change at page 49, line 14 ¶ | skipping to change at page 49, line 14 ¶ | |||
| [X509] | [X509] | |||
| $ certificate status authority | $ certificate status authority | |||
| (D) /U.S. DoD/ "A trusted entity that provides on-line | (D) /U.S. DoD/ "A trusted entity that provides on-line | |||
| verification to a Relying Party of a subject certificate's | verification to a Relying Party of a subject certificate's | |||
| trustworthiness [should instead say 'validity'], and may also | trustworthiness [should instead say 'validity'], and may also | |||
| provide additional attribute information for the subject | provide additional attribute information for the subject | |||
| certificate." [DoD7] | certificate." [DoD7] | |||
| Deprecated Term: ISDs SHOULD NOT use this term because it is not | Deprecated Term: IDOCs SHOULD NOT use this term because it is not | |||
| widely accepted; instead, use "certificate status responder" or | widely accepted; instead, use "certificate status responder" or | |||
| "OCSP server", or otherwise explain what is meant. | "OCSP server", or otherwise explain what is meant. | |||
| $ certificate status responder | $ certificate status responder | |||
| (N) /FPKI/ A trusted on-line server that acts for a CA to provide | (N) /FPKI/ A trusted on-line server that acts for a CA to provide | |||
| authenticated certificate status information to certificate users | authenticated certificate status information to certificate users | |||
| [FPKI]. Offers an alternative to issuing a CR. (See: certificate | [FPKI]. Offers an alternative to issuing a CR. (See: certificate | |||
| revocation tree, OCSP.) | revocation tree, OCSP.) | |||
| $ certificate update | $ certificate update | |||
| skipping to change at page 49, line 51 ¶ | skipping to change at page 49, line 51 ¶ | |||
| Usage: The depending entity may be a human being or an | Usage: The depending entity may be a human being or an | |||
| organization, or a device or process controlled by a human or | organization, or a device or process controlled by a human or | |||
| organization. (See: user.) | organization. (See: user.) | |||
| 2. (O) "An entity that needs to know, with certainty, the public | 2. (O) "An entity that needs to know, with certainty, the public | |||
| key of another entity." [X509] | key of another entity." [X509] | |||
| 3. (D) Synonym for "subject" of a digital certificate. | 3. (D) Synonym for "subject" of a digital certificate. | |||
| Deprecated Definition: ISDs SHOULD NOT use this term with | Deprecated Definition: IDOCs SHOULD NOT use this term with | |||
| definition 3; the term could be confused with one of the other two | definition 3; the term could be confused with one of the other two | |||
| definitions given above. | definitions given above. | |||
| $ certificate validation | $ certificate validation | |||
| 1. (I) An act or process by which a certificate user establishes | 1. (I) An act or process by which a certificate user establishes | |||
| that the assertions made by a digital certificate can be trusted. | that the assertions made by a digital certificate can be trusted. | |||
| (See: valid certificate, validate vs. verify.) | (See: valid certificate, validate vs. verify.) | |||
| 2. (O) "The process of ensuring that a certificate was valid at a | 2. (O) "The process of ensuring that a certificate was valid at a | |||
| given time, including possibly the construction and processing of | given time, including possibly the construction and processing of | |||
| skipping to change at page 53, line 11 ¶ | skipping to change at page 53, line 11 ¶ | |||
| either the first certificate needs to be a trusted certificate or | either the first certificate needs to be a trusted certificate or | |||
| the signature on the first certificate needs to be verifiable by a | the signature on the first certificate needs to be verifiable by a | |||
| trusted key (e.g., a root key), but such trust is established only | trusted key (e.g., a root key), but such trust is established only | |||
| relative to a "particular" (i.e., specific) user, not absolutely | relative to a "particular" (i.e., specific) user, not absolutely | |||
| for all users. | for all users. | |||
| $ certification policy | $ certification policy | |||
| (D) Synonym for either "certificate policy" or "certification | (D) Synonym for either "certificate policy" or "certification | |||
| practice statement". | practice statement". | |||
| Deprecated Term: ISDs SHOULD NOT use this term as a synonym for | Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for | |||
| either of those terms; that would be duplicative and would mix | either of those terms; that would be duplicative and would mix | |||
| concepts in a potentially misleading way. Instead, use either | concepts in a potentially misleading way. Instead, use either | |||
| "certificate policy" or "certification practice statement", | "certificate policy" or "certification practice statement", | |||
| depending on what is meant. | depending on what is meant. | |||
| $ certification practice statement (CPS) | $ certification practice statement (CPS) | |||
| (I) "A statement of the practices which a certification authority | (I) "A statement of the practices which a certification authority | |||
| employs in issuing certificates." [DSG, R3647] (See: certificate | employs in issuing certificates." [DSG, R3647] (See: certificate | |||
| policy.) | policy.) | |||
| skipping to change at page 57, line 9 ¶ | skipping to change at page 57, line 9 ¶ | |||
| $ ciphertext | $ ciphertext | |||
| 1. (O) /noun/ Synonym for "cipher text" [I7498-2]. | 1. (O) /noun/ Synonym for "cipher text" [I7498-2]. | |||
| 2. (I) /adjective/ Referring to cipher text. Usage: Commonly used | 2. (I) /adjective/ Referring to cipher text. Usage: Commonly used | |||
| instead of "cipher-text". (Compare: cleartext, plaintext.) | instead of "cipher-text". (Compare: cleartext, plaintext.) | |||
| $ ciphertext auto-key (CTAK) | $ ciphertext auto-key (CTAK) | |||
| (D) "Cryptographic logic that uses previous cipher text to | (D) "Cryptographic logic that uses previous cipher text to | |||
| generate a key stream." [C4009, A1523] (See: KAK.) | generate a key stream." [C4009, A1523] (See: KAK.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it is neither | Deprecated Term: IDOCs SHOULD NOT use this term; it is neither | |||
| well-known nor precisely defined. Instead, use terms associated | well-known nor precisely defined. Instead, use terms associated | |||
| with modes that are defined in standards, such as CBC, CFB, and | with modes that are defined in standards, such as CBC, CFB, and | |||
| OFB. | OFB. | |||
| $ ciphertext-only attack | $ ciphertext-only attack | |||
| (I) A cryptanalysis technique in which the analyst tries to | (I) A cryptanalysis technique in which the analyst tries to | |||
| determine the key solely from knowledge of intercepted cipher text | determine the key solely from knowledge of intercepted cipher text | |||
| (although the analyst may also know other clues, such as the | (although the analyst may also know other clues, such as the | |||
| cryptographic algorithm, the language in which the plain text was | cryptographic algorithm, the language in which the plain text was | |||
| written, the subject matter of the plain text, and some probable | written, the subject matter of the plain text, and some probable | |||
| skipping to change at page 58, line 33 ¶ | skipping to change at page 58, line 33 ¶ | |||
| hierarchical, restrictive security label is applied to increase | hierarchical, restrictive security label is applied to increase | |||
| protection of the data from unauthorized disclosure. (See: | protection of the data from unauthorized disclosure. (See: | |||
| aggregation, classified, data confidentiality service. Compare: | aggregation, classified, data confidentiality service. Compare: | |||
| category, compartment.) | category, compartment.) | |||
| 2. (I) An authorized process by which information is determined to | 2. (I) An authorized process by which information is determined to | |||
| be classified and assigned to a security level. (Compare: | be classified and assigned to a security level. (Compare: | |||
| declassification.) | declassification.) | |||
| Usage: Usually understood to involve data confidentiality, but | Usage: Usually understood to involve data confidentiality, but | |||
| ISDs SHOULD make this clear when data also is sensitive in other | IDOCs SHOULD make this clear when data also is sensitive in other | |||
| ways and SHOULD use other terms for those other sensitivity | ways and SHOULD use other terms for those other sensitivity | |||
| concepts. (See: sensitive information, data integrity.) | concepts. (See: sensitive information, data integrity.) | |||
| $ classification label | $ classification label | |||
| (I) A security label that tells the degree of harm that will | (I) A security label that tells the degree of harm that will | |||
| result from unauthorized disclosure of the labeled data, and may | result from unauthorized disclosure of the labeled data, and may | |||
| also tell what countermeasures are required to be applied to | also tell what countermeasures are required to be applied to | |||
| protect the data from unauthorized disclosure. Example: IPSO. | protect the data from unauthorized disclosure. Example: IPSO. | |||
| (See: classified, data confidentiality service. Compare: integrity | (See: classified, data confidentiality service. Compare: integrity | |||
| label.) | label.) | |||
| Usage: Usually understood to involve data confidentiality, but | Usage: Usually understood to involve data confidentiality, but | |||
| ISDs SHOULD make this clear when data also is sensitive in other | IDOCs SHOULD make this clear when data also is sensitive in other | |||
| ways and SHOULD use other terms for those other sensitivity | ways and SHOULD use other terms for those other sensitivity | |||
| concepts. (See: sensitive information, data integrity.) | concepts. (See: sensitive information, data integrity.) | |||
| $ classification level | $ classification level | |||
| (I) A hierarchical level of protection (against unauthorized | (I) A hierarchical level of protection (against unauthorized | |||
| disclosure) that is required to be applied to certain classified | disclosure) that is required to be applied to certain classified | |||
| data. (See: classified. Compare: security level.) | data. (See: classified. Compare: security level.) | |||
| Usage: Usually understood to involve data confidentiality, but | Usage: Usually understood to involve data confidentiality, but | |||
| ISDs SHOULD make this clear when data also is sensitive in other | IDOCs SHOULD make this clear when data also is sensitive in other | |||
| ways and SHOULD use other terms for those other sensitivity | ways and SHOULD use other terms for those other sensitivity | |||
| concepts. (See: sensitive information, data integrity.) | concepts. (See: sensitive information, data integrity.) | |||
| $ classified | $ classified | |||
| 1. (I) Refers to information (stored or conveyed, in any form) | 1. (I) Refers to information (stored or conveyed, in any form) | |||
| that is formally required by a security policy to receive data | that is formally required by a security policy to receive data | |||
| confidentiality service and to be marked with a security label | confidentiality service and to be marked with a security label | |||
| (which in some cases might be implicit) to indicate its protected | (which in some cases might be implicit) to indicate its protected | |||
| status. (See: classify, collateral information, SAP, security | status. (See: classify, collateral information, SAP, security | |||
| level. Compare: unclassified.) | level. Compare: unclassified.) | |||
| Usage: Usually understood to involve data confidentiality, but | Usage: Usually understood to involve data confidentiality, but | |||
| ISDs SHOULD make this clear when data also is sensitive in other | IDOCs SHOULD make this clear when data also is sensitive in other | |||
| ways and SHOULD use other terms for those other sensitivity | ways and SHOULD use other terms for those other sensitivity | |||
| concepts. (See: sensitive information, data integrity.) | concepts. (See: sensitive information, data integrity.) | |||
| Mainly used by federal governments, especially by the military, | Mainly used by federal governments, especially by the military, | |||
| but the underlying concept also applies outside government. | but the underlying concept also applies outside government. | |||
| 2. (O) /U.S. DoD/ Information that has been determined pursuant to | 2. (O) /U.S. DoD/ Information that has been determined pursuant to | |||
| Executive Order 12958 ("Classified National Security Information", | Executive Order 12958 ("Classified National Security Information", | |||
| 20 April 1995) or any predecessor order to require protection | 20 April 1995) or any predecessor order to require protection | |||
| against unauthorized disclosure and is marked to indicate its | against unauthorized disclosure and is marked to indicate its | |||
| skipping to change at page 59, line 43 ¶ | skipping to change at page 59, line 43 ¶ | |||
| security level. (See: classified, declassify, security level.) | security level. (See: classified, declassify, security level.) | |||
| $ clean system | $ clean system | |||
| (I) A computer system in which the operating system and | (I) A computer system in which the operating system and | |||
| application system software and files have been freshly installed | application system software and files have been freshly installed | |||
| from trusted software distribution media. (Compare: secure state.) | from trusted software distribution media. (Compare: secure state.) | |||
| $ clear | $ clear | |||
| (D) /verb/ Synonym for "erase". [C4009] | (D) /verb/ Synonym for "erase". [C4009] | |||
| Deprecated Definition: ISDs SHOULD NOT use the term with this | Deprecated Definition: IDOCs SHOULD NOT use the term with this | |||
| definition; that could be confused with "clear text" in which | definition; that could be confused with "clear text" in which | |||
| information is directly recoverable. | information is directly recoverable. | |||
| $ clear text | $ clear text | |||
| 1. (I) /noun/ Data in which the semantic information content | 1. (I) /noun/ Data in which the semantic information content | |||
| (i.e., the meaning) is intelligible or is directly available, | (i.e., the meaning) is intelligible or is directly available, | |||
| i.e., not encrypted. (See: cleartext, in the clear. Compare: | i.e., not encrypted. (See: cleartext, in the clear. Compare: | |||
| cipher text, plain text.) | cipher text, plain text.) | |||
| 2. (O) /noun/ "Intelligible data, the semantic content of which is | 2. (O) /noun/ "Intelligible data, the semantic content of which is | |||
| available." [I7498-2] | available." [I7498-2] | |||
| 3. (D) /noun/ Synonym for "plain text". | 3. (D) /noun/ Synonym for "plain text". | |||
| Deprecated Definition: ISDs SHOULD NOT use this term as a synonym | Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym | |||
| for "plain text", because the plain text that is input to an | for "plain text", because the plain text that is input to an | |||
| encryption operation may itself be cipher text that was output | encryption operation may itself be cipher text that was output | |||
| from a previous encryption operation. (See: superencryption.) | from a previous encryption operation. (See: superencryption.) | |||
| $ clearance | $ clearance | |||
| See: security clearance. | See: security clearance. | |||
| $ clearance level | $ clearance level | |||
| (I) The security level of information to which a security | (I) The security level of information to which a security | |||
| clearance authorizes a person to have access. | clearance authorizes a person to have access. | |||
| $ cleartext | $ cleartext | |||
| 1. (O) /noun/ Synonym for "clear text" [I7498-2]. | 1. (O) /noun/ Synonym for "clear text" [I7498-2]. | |||
| 2. (I) /adjective/ Referring to clear text. Usage: Commonly used | 2. (I) /adjective/ Referring to clear text. Usage: Commonly used | |||
| instead of "clear-text". (Compare: ciphertext, plaintext.) | instead of "clear-text". (Compare: ciphertext, plaintext.) | |||
| 3. (D) /adjective/ Synonym for "plaintext". | 3. (D) /adjective/ Synonym for "plaintext". | |||
| Deprecated Definition: ISDs SHOULD NOT use this term as a synonym | Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym | |||
| for "plaintext", because the plaintext data that is input to an | for "plaintext", because the plaintext data that is input to an | |||
| encryption operation may itself be ciphertext data that was output | encryption operation may itself be ciphertext data that was output | |||
| from a previous encryption operation. (See: superencryption.) | from a previous encryption operation. (See: superencryption.) | |||
| $ CLEF | $ CLEF | |||
| (N) See: commercially licensed evaluation facility. | (N) See: commercially licensed evaluation facility. | |||
| $ client | $ client | |||
| (I) A system entity that requests and uses a service provided by | (I) A system entity that requests and uses a service provided by | |||
| another system entity, called a "server". (See: server.) | another system entity, called a "server". (See: server.) | |||
| skipping to change at page 61, line 55 ¶ | skipping to change at page 61, line 55 ¶ | |||
| $ CMS | $ CMS | |||
| (I) See: Cryptographic Message Syntax. | (I) See: Cryptographic Message Syntax. | |||
| $ code | $ code | |||
| 1. (I) A system of symbols used to represent information, which | 1. (I) A system of symbols used to represent information, which | |||
| might originally have some other representation. Examples: ASCII, | might originally have some other representation. Examples: ASCII, | |||
| BER, country code, Morse code. (See: encode, object code, source | BER, country code, Morse code. (See: encode, object code, source | |||
| code.) | code.) | |||
| Deprecated Abbreviation: To avoid confusion with definition 1, | Deprecated Abbreviation: To avoid confusion with definition 1, | |||
| ISDs SHOULD NOT use "code" as an abbreviation of "country code", | IDOCs SHOULD NOT use "code" as an abbreviation of "country code", | |||
| "cyclic redundancy code", "Data Authentication Code", "error | "cyclic redundancy code", "Data Authentication Code", "error | |||
| detection code", or "Message Authentication Code". To avoid | detection code", or "Message Authentication Code". To avoid | |||
| misunderstanding, use the fully qualified term in these other | misunderstanding, use the fully qualified term in these other | |||
| cases, at least at the point of first usage. | cases, at least at the point of first usage. | |||
| 2. (I) /cryptography/ An encryption algorithm based on | 2. (I) /cryptography/ An encryption algorithm based on | |||
| substitution; i.e., a system for providing data confidentiality by | substitution; i.e., a system for providing data confidentiality by | |||
| using arbitrary groups (called "code groups") of letters, numbers, | using arbitrary groups (called "code groups") of letters, numbers, | |||
| or symbols to represent units of plain text of varying length. | or symbols to represent units of plain text of varying length. | |||
| (See: codebook, cryptography.) | (See: codebook, cryptography.) | |||
| Deprecated Usage: To avoid confusion with definition 1, ISDs | Deprecated Usage: To avoid confusion with definition 1, IDOCs | |||
| SHOULD NOT use "code" as synonym for any of the following terms: | SHOULD NOT use "code" as synonym for any of the following terms: | |||
| (a) "cipher", "hash", or other words that mean "a cryptographic | (a) "cipher", "hash", or other words that mean "a cryptographic | |||
| algorithm"; (b) "cipher text"; or (c) "encrypt", "hash", or other | algorithm"; (b) "cipher text"; or (c) "encrypt", "hash", or other | |||
| words that refer to applying a cryptographic algorithm. | words that refer to applying a cryptographic algorithm. | |||
| 3. (I) An algorithm based on substitution, but used to shorten | 3. (I) An algorithm based on substitution, but used to shorten | |||
| messages rather than to conceal their content. | messages rather than to conceal their content. | |||
| 4. (I) /computer programming/ To write computer software. (See: | 4. (I) /computer programming/ To write computer software. (See: | |||
| object code, source code.) | object code, source code.) | |||
| Deprecated Abbreviation: To avoid confusion with definition 1, | Deprecated Abbreviation: To avoid confusion with definition 1, | |||
| ISDs SHOULD NOT use "code" as an abbreviation of "object code" or | IDOCs SHOULD NOT use "code" as an abbreviation of "object code" or | |||
| "source code". To avoid misunderstanding, use the fully qualified | "source code". To avoid misunderstanding, use the fully qualified | |||
| term in these other cases, at least at the point of first usage. | term in these other cases, at least at the point of first usage. | |||
| $ code book | $ code book | |||
| 1. (I) Document containing a systematically arranged list of | 1. (I) Document containing a systematically arranged list of | |||
| plaintext units and their ciphertext equivalents. [C4009] | plaintext units and their ciphertext equivalents. [C4009] | |||
| 2. (I) An encryption algorithm that uses a word substitution | 2. (I) An encryption algorithm that uses a word substitution | |||
| technique. [C4009] (See: code, ECB.) | technique. [C4009] (See: code, ECB.) | |||
| skipping to change at page 66, line 36 ¶ | skipping to change at page 66, line 36 ¶ | |||
| mode a system may hand (a) a single hierarchical classification | mode a system may hand (a) a single hierarchical classification | |||
| level and (b) multiple non-hierarchical categories within that | level and (b) multiple non-hierarchical categories within that | |||
| level. | level. | |||
| $ Compartments field | $ Compartments field | |||
| (I) A 16-bit field (the "C field") that specifies compartment | (I) A 16-bit field (the "C field") that specifies compartment | |||
| values in the security option (option type 130) of version 4 IP's | values in the security option (option type 130) of version 4 IP's | |||
| datagram header format. The valid field values are assigned by the | datagram header format. The valid field values are assigned by the | |||
| U.S. Government, as specified in RFC 791. | U.S. Government, as specified in RFC 791. | |||
| Deprecated Abbreviation: ISDs SHOULD NOT use the abbreviation "C | Deprecated Abbreviation: IDOCs SHOULD NOT use the abbreviation "C | |||
| field"; the abbreviation is potentially ambiguous. Instead, use | field"; the abbreviation is potentially ambiguous. Instead, use | |||
| "Compartments field". | "Compartments field". | |||
| $ component | $ component | |||
| See: system component. | See: system component. | |||
| $ compression | $ compression | |||
| (I) A process that encodes information in a way that minimizes the | (I) A process that encodes information in a way that minimizes the | |||
| number of resulting code symbols and thus reduces storage space or | number of resulting code symbols and thus reduces storage space or | |||
| transmission time. | transmission time. | |||
| skipping to change at page 72, line 41 ¶ | skipping to change at page 72, line 41 ¶ | |||
| (D) /U.S. DoD/ A mode of system operation wherein (a) two or more | (D) /U.S. DoD/ A mode of system operation wherein (a) two or more | |||
| security levels of information are allowed to be handled | security levels of information are allowed to be handled | |||
| concurrently within the same system when some users having access | concurrently within the same system when some users having access | |||
| to the system have neither a security clearance nor need-to-know | to the system have neither a security clearance nor need-to-know | |||
| for some of the data handled by the system, but (b) separation of | for some of the data handled by the system, but (b) separation of | |||
| the users and the classified material on the basis, respectively, | the users and the classified material on the basis, respectively, | |||
| of clearance and classification level are not dependent only on | of clearance and classification level are not dependent only on | |||
| operating system control (like they are in multilevel security | operating system control (like they are in multilevel security | |||
| mode). (See: /system operation/ under "mode", protection level.) | mode). (See: /system operation/ under "mode", protection level.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term. It was defined in | Deprecated Term: IDOCs SHOULD NOT use this term. It was defined in | |||
| a Government policy regarding system accreditation and was | a Government policy regarding system accreditation and was | |||
| subsumed by "partitioned security mode" in a later policy. Both | subsumed by "partitioned security mode" in a later policy. Both | |||
| terms were dropped in still later policies. | terms were dropped in still later policies. | |||
| Tutorial: Controlled mode was intended to encourage ingenuity in | Tutorial: Controlled mode was intended to encourage ingenuity in | |||
| meeting data confidentiality requirements in ways less restrictive | meeting data confidentiality requirements in ways less restrictive | |||
| than "dedicated security mode" and "system-high security mode", | than "dedicated security mode" and "system-high security mode", | |||
| but at a level of risk lower than that generally associated with | but at a level of risk lower than that generally associated with | |||
| true "multilevel security mode". This was intended to be | true "multilevel security mode". This was intended to be | |||
| accomplished by implementation of explicit augmenting measures to | accomplished by implementation of explicit augmenting measures to | |||
| skipping to change at page 73, line 34 ¶ | skipping to change at page 73, line 34 ¶ | |||
| can be used to generate profiles of web usage habits, and thus may | can be used to generate profiles of web usage habits, and thus may | |||
| infringe on personal privacy. | infringe on personal privacy. | |||
| 2. (I) /IPsec/ Data objects exchanged by ISAKMP to prevent certain | 2. (I) /IPsec/ Data objects exchanged by ISAKMP to prevent certain | |||
| denial-of-service attacks during the establishment of a security | denial-of-service attacks during the establishment of a security | |||
| association. | association. | |||
| 3. (D) /access control/ Synonym for "capability token" or | 3. (D) /access control/ Synonym for "capability token" or | |||
| "ticket". | "ticket". | |||
| Deprecated Definition: ISDs SHOULD NOT use this term with | Deprecated Definition: IDOCs SHOULD NOT use this term with | |||
| definition 3; that would duplicate the meaning of better- | definition 3; that would duplicate the meaning of better- | |||
| established terms and mix concepts in a potentially misleading | established terms and mix concepts in a potentially misleading | |||
| way. | way. | |||
| $ Coordinated Universal Time (UTC) | $ Coordinated Universal Time (UTC) | |||
| (N) UTC is derived from International Atomic Time (TAI) by adding | (N) UTC is derived from International Atomic Time (TAI) by adding | |||
| a number of leap seconds. The International Bureau of Weights and | a number of leap seconds. The International Bureau of Weights and | |||
| Measures computes TAI once each month by averaging data from many | Measures computes TAI once each month by averaging data from many | |||
| laboratories. (See: GeneralizedTime, UTCTime.) | laboratories. (See: GeneralizedTime, UTCTime.) | |||
| skipping to change at page 74, line 7 ¶ | skipping to change at page 74, line 7 ¶ | |||
| $ correctness | $ correctness | |||
| (I) "The property of a system that is guaranteed as the result of | (I) "The property of a system that is guaranteed as the result of | |||
| formal verification activities." [Huff] (See: correctness proof, | formal verification activities." [Huff] (See: correctness proof, | |||
| verification.) | verification.) | |||
| $ correctness integrity | $ correctness integrity | |||
| (I) The property that the information represented by data is | (I) The property that the information represented by data is | |||
| accurate and consistent. (Compare: data integrity, source | accurate and consistent. (Compare: data integrity, source | |||
| integrity.) | integrity.) | |||
| Tutorial: ISDs SHOULD NOT use this term without providing a | Tutorial: IDOCs SHOULD NOT use this term without providing a | |||
| definition; the term is neither well-known nor precisely defined. | definition; the term is neither well-known nor precisely defined. | |||
| Data integrity refers to the constancy of data values, and source | Data integrity refers to the constancy of data values, and source | |||
| integrity refers to confidence in data values. However, | integrity refers to confidence in data values. However, | |||
| correctness integrity refers to confidence in the underlying | correctness integrity refers to confidence in the underlying | |||
| information that data values represent, and this property is | information that data values represent, and this property is | |||
| closely related to issues of accountability and error handling. | closely related to issues of accountability and error handling. | |||
| $ correctness proof | $ correctness proof | |||
| (I) A mathematical proof of consistency between a specification | (I) A mathematical proof of consistency between a specification | |||
| for system security and the implementation of that specification. | for system security and the implementation of that specification. | |||
| skipping to change at page 77, line 29 ¶ | skipping to change at page 77, line 29 ¶ | |||
| 2. (I) /access control/ "authorization credential": A data object | 2. (I) /access control/ "authorization credential": A data object | |||
| that is a portable representation of the association between an | that is a portable representation of the association between an | |||
| identifier and one or more access authorizations, and that can be | identifier and one or more access authorizations, and that can be | |||
| presented for use in verifying those authorizations for an entity | presented for use in verifying those authorizations for an entity | |||
| that attempts such access. Example: X.509 attribute certificate. | that attempts such access. Example: X.509 attribute certificate. | |||
| (See: capability token, ticket.) | (See: capability token, ticket.) | |||
| 3. (D) /OSIRM/ "Data that is transferred to establish the claimed | 3. (D) /OSIRM/ "Data that is transferred to establish the claimed | |||
| identity of an entity." [I7498-2] | identity of an entity." [I7498-2] | |||
| Deprecated Definition: ISDs SHOULD NOT use the term with | Deprecated Definition: IDOCs SHOULD NOT use the term with | |||
| definition 3. As explained in the tutorial below, an | definition 3. As explained in the tutorial below, an | |||
| authentication process can involve the transfer of multiple data | authentication process can involve the transfer of multiple data | |||
| objects, and not all of those are credentials. | objects, and not all of those are credentials. | |||
| 4. (D) /U.S. Government/ "An object that is verified when | 4. (D) /U.S. Government/ "An object that is verified when | |||
| presented to the verifier in an authentication transaction." | presented to the verifier in an authentication transaction." | |||
| [M0404] | [M0404] | |||
| Deprecated Definition: ISDs SHOULD NOT use the term with | Deprecated Definition: IDOCs SHOULD NOT use the term with | |||
| definition 4; it mixes concepts in a potentially misleading way. | definition 4; it mixes concepts in a potentially misleading way. | |||
| For example, in an authentication process, it is the identity that | For example, in an authentication process, it is the identity that | |||
| is "verified", not the credential; the credential is "validated". | is "verified", not the credential; the credential is "validated". | |||
| (See: validate vs. verify.) | (See: validate vs. verify.) | |||
| Tutorial: In general English, "credentials" are evidence or | Tutorial: In general English, "credentials" are evidence or | |||
| testimonials that (a) support a claim of identity or authorization | testimonials that (a) support a claim of identity or authorization | |||
| and (b) usually are intended to be used more than once (i.e., a | and (b) usually are intended to be used more than once (i.e., a | |||
| credential's life is long compared to the time needed for one | credential's life is long compared to the time needed for one | |||
| use). Some examples are a policeman's badge, an automobile | use). Some examples are a policeman's badge, an automobile | |||
| skipping to change at page 80, line 12 ¶ | skipping to change at page 80, line 12 ¶ | |||
| Second, X.509 says that two CAs in some complex, multi-CA PKI can | Second, X.509 says that two CAs in some complex, multi-CA PKI can | |||
| cross-certify one another to shorten the certification paths | cross-certify one another to shorten the certification paths | |||
| constructed by end entities. Whether or not a CA may perform this | constructed by end entities. Whether or not a CA may perform this | |||
| or any other form of cross-certification, and how such | or any other form of cross-certification, and how such | |||
| certificates may be used by end entities, should be addressed by | certificates may be used by end entities, should be addressed by | |||
| the local certificate policy and CPS. | the local certificate policy and CPS. | |||
| $ cross-domain solution | $ cross-domain solution | |||
| 1. (D) Synonym for "guard". | 1. (D) Synonym for "guard". | |||
| Deprecated Term: ISDs SHOULD NOT use this term as a synonym for | Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for | |||
| "guard"; this term unnecessarily (and verbosely) duplicates the | "guard"; this term unnecessarily (and verbosely) duplicates the | |||
| meaning of the long-established "guard". | meaning of the long-established "guard". | |||
| 2. (O) /U.S. Government/ A process or subsystem that provides a | 2. (O) /U.S. Government/ A process or subsystem that provides a | |||
| capability (which could be either manual or automated) to access | capability (which could be either manual or automated) to access | |||
| two or more differing security domains in a system, or to transfer | two or more differing security domains in a system, or to transfer | |||
| information between such domains. (See: domain, guard.) | information between such domains. (See: domain, guard.) | |||
| $ cryptanalysis | $ cryptanalysis | |||
| 1. (I) The mathematical science that deals with analysis of a | 1. (I) The mathematical science that deals with analysis of a | |||
| skipping to change at page 80, line 47 ¶ | skipping to change at page 80, line 47 ¶ | |||
| however, a cryptanalyst tries to uncover or reproduce someone | however, a cryptanalyst tries to uncover or reproduce someone | |||
| else's sensitive data, such as clear text, a key, or an algorithm. | else's sensitive data, such as clear text, a key, or an algorithm. | |||
| The basic cryptanalytic attacks on encryption systems are | The basic cryptanalytic attacks on encryption systems are | |||
| ciphertext-only, known-plaintext, chosen-plaintext, and chosen- | ciphertext-only, known-plaintext, chosen-plaintext, and chosen- | |||
| ciphertext; and these generalize to the other kinds of | ciphertext; and these generalize to the other kinds of | |||
| cryptography. | cryptography. | |||
| $ crypto, CRYPTO | $ crypto, CRYPTO | |||
| 1. (N) A prefix ("crypto-") that means "cryptographic". | 1. (N) A prefix ("crypto-") that means "cryptographic". | |||
| Usage: ISDs MAY use this prefix when it is part of a term listed | Usage: IDOCs MAY use this prefix when it is part of a term listed | |||
| in this Glossary. Otherwise, ISDs SHOULD NOT use this prefix; | in this Glossary. Otherwise, IDOCs SHOULD NOT use this prefix; | |||
| instead, use the unabbreviated adjective, "cryptographic". | instead, use the unabbreviated adjective, "cryptographic". | |||
| 2. (D) In lower case, "crypto" is an abbreviation for the | 2. (D) In lower case, "crypto" is an abbreviation for the | |||
| adjective "cryptographic", or for the nouns "cryptography" or | adjective "cryptographic", or for the nouns "cryptography" or | |||
| "cryptographic component". | "cryptographic component". | |||
| Deprecated Abbreviation: ISDs SHOULD NOT use this abbreviation | Deprecated Abbreviation: IDOCs SHOULD NOT use this abbreviation | |||
| because it could easily be misunderstood in some technical sense. | because it could easily be misunderstood in some technical sense. | |||
| 3. (O) /U.S. Government/ In upper case, "CRYPTO" is a marking or | 3. (O) /U.S. Government/ In upper case, "CRYPTO" is a marking or | |||
| designator that identifies "COMSEC keying material used to secure | designator that identifies "COMSEC keying material used to secure | |||
| or authenticate telecommunications carrying classified or | or authenticate telecommunications carrying classified or | |||
| sensitive U.S. Government or U.S. Government-derived information." | sensitive U.S. Government or U.S. Government-derived information." | |||
| [C4009] | [C4009] | |||
| $ cryptographic | $ cryptographic | |||
| (I) An adjective that refers to cryptography. | (I) An adjective that refers to cryptography. | |||
| skipping to change at page 82, line 34 ¶ | skipping to change at page 82, line 34 ¶ | |||
| including cryptographic algorithms, and is contained within the | including cryptographic algorithms, and is contained within the | |||
| module's "cryptographic boundary", which is an explicitly defined | module's "cryptographic boundary", which is an explicitly defined | |||
| contiguous perimeter that establishes the physical bounds of the | contiguous perimeter that establishes the physical bounds of the | |||
| module. [FP140] | module. [FP140] | |||
| $ cryptographic system | $ cryptographic system | |||
| 1. (I) A set of cryptographic algorithms together with the key | 1. (I) A set of cryptographic algorithms together with the key | |||
| management processes that support use of the algorithms in some | management processes that support use of the algorithms in some | |||
| application context. | application context. | |||
| Usage: ISDs SHOULD use definition 1 because it covers a wider | Usage: IDOCs SHOULD use definition 1 because it covers a wider | |||
| range of algorithms than definition 2. | range of algorithms than definition 2. | |||
| 2. (O) "A collection of transformations from plain text into | 2. (O) "A collection of transformations from plain text into | |||
| cipher text and vice versa [which would exclude digital signature, | cipher text and vice versa [which would exclude digital signature, | |||
| cryptographic hash, and key-agreement algorithms], the particular | cryptographic hash, and key-agreement algorithms], the particular | |||
| transformation(s) to be used being selected by keys. The | transformation(s) to be used being selected by keys. The | |||
| transformations are normally defined by a mathematical algorithm." | transformations are normally defined by a mathematical algorithm." | |||
| [X509] | [X509] | |||
| $ cryptographic token | $ cryptographic token | |||
| skipping to change at page 84, line 46 ¶ | skipping to change at page 84, line 46 ¶ | |||
| $ cyclic redundancy check (CRC) | $ cyclic redundancy check (CRC) | |||
| (I) A type of checksum algorithm that is not a cryptographic hash | (I) A type of checksum algorithm that is not a cryptographic hash | |||
| but is used to implement data integrity service where accidental | but is used to implement data integrity service where accidental | |||
| changes to data are expected. Sometimes called "cyclic redundancy | changes to data are expected. Sometimes called "cyclic redundancy | |||
| code". | code". | |||
| $ DAC | $ DAC | |||
| (N) See: Data Authentication Code, discretionary access control. | (N) See: Data Authentication Code, discretionary access control. | |||
| Deprecated Usage: ISDs that use this term SHOULD state a | Deprecated Usage: IDOCs that use this term SHOULD state a | |||
| definition for it because this abbreviation is ambiguous. | definition for it because this abbreviation is ambiguous. | |||
| $ daemon | $ daemon | |||
| (I) A computer program that is not invoked explicitly but waits | (I) A computer program that is not invoked explicitly but waits | |||
| until a specified condition occurs, and then runs with no | until a specified condition occurs, and then runs with no | |||
| associated user (principal), usually for an administrative | associated user (principal), usually for an administrative | |||
| purpose. (See: zombie.) | purpose. (See: zombie.) | |||
| $ dangling threat | $ dangling threat | |||
| (O) A threat to a system for which there is no corresponding | (O) A threat to a system for which there is no corresponding | |||
| skipping to change at page 85, line 31 ¶ | skipping to change at page 85, line 31 ¶ | |||
| processed, or produced by a computer or other type of machine, and | processed, or produced by a computer or other type of machine, and | |||
| (b) representations that can be handled by a human. | (b) representations that can be handled by a human. | |||
| $ Data Authentication Algorithm, data authentication algorithm | $ Data Authentication Algorithm, data authentication algorithm | |||
| 1. (N) /capitalized/ The ANSI standard for a keyed hash function | 1. (N) /capitalized/ The ANSI standard for a keyed hash function | |||
| that is equivalent to DES cipher block chaining with IV = 0. | that is equivalent to DES cipher block chaining with IV = 0. | |||
| [A9009] | [A9009] | |||
| 2. (D) /not capitalized/ Synonym for some kind of "checksum". | 2. (D) /not capitalized/ Synonym for some kind of "checksum". | |||
| Deprecated Term: ISDs SHOULD NOT use the uncapitalized form "data | Deprecated Term: IDOCs SHOULD NOT use the uncapitalized form "data | |||
| authentication algorithm" as a synonym for any kind of checksum, | authentication algorithm" as a synonym for any kind of checksum, | |||
| regardless of whether or not the checksum is based on a hash. | regardless of whether or not the checksum is based on a hash. | |||
| Instead, use "checksum", "Data Authentication Code", "error | Instead, use "checksum", "Data Authentication Code", "error | |||
| detection code", "hash", "keyed hash", "Message Authentication | detection code", "hash", "keyed hash", "Message Authentication | |||
| Code", "protected checksum", or some other specific term, | Code", "protected checksum", or some other specific term, | |||
| depending on what is meant. | depending on what is meant. | |||
| The uncapitalized term can be confused with the Data | The uncapitalized term can be confused with the Data | |||
| Authentication Code and also mixes concepts in a potentially | Authentication Code and also mixes concepts in a potentially | |||
| misleading way. The word "authentication" is misleading because | misleading way. The word "authentication" is misleading because | |||
| skipping to change at page 85, line 53 ¶ | skipping to change at page 85, line 53 ¶ | |||
| rather than a data origin authentication function. | rather than a data origin authentication function. | |||
| $ Data Authentication Code, data authentication code | $ Data Authentication Code, data authentication code | |||
| 1. (N) /capitalized/ A specific U.S. Government standard [FP113] | 1. (N) /capitalized/ A specific U.S. Government standard [FP113] | |||
| for a checksum that is computed by the Data Authentication | for a checksum that is computed by the Data Authentication | |||
| Algorithm. Usage: a.k.a. Message Authentication Code [A9009].) | Algorithm. Usage: a.k.a. Message Authentication Code [A9009].) | |||
| (See: DAC.) | (See: DAC.) | |||
| 2. (D) /not capitalized/ Synonym for some kind of "checksum". | 2. (D) /not capitalized/ Synonym for some kind of "checksum". | |||
| Deprecated Term: ISDs SHOULD NOT use the uncapitalized form "data | Deprecated Term: IDOCs SHOULD NOT use the uncapitalized form "data | |||
| authentication code" as a synonym for any kind of checksum, | authentication code" as a synonym for any kind of checksum, | |||
| regardless of whether or not the checksum is based on the Data | regardless of whether or not the checksum is based on the Data | |||
| Authentication Algorithm. The uncapitalized term can be confused | Authentication Algorithm. The uncapitalized term can be confused | |||
| with the Data Authentication Code and also mixes concepts in a | with the Data Authentication Code and also mixes concepts in a | |||
| potentially misleading way (see: authentication code). | potentially misleading way (see: authentication code). | |||
| $ data compromise | $ data compromise | |||
| 1. (I) A security incident in which information is exposed to | 1. (I) A security incident in which information is exposed to | |||
| potential unauthorized access, such that unauthorized disclosure, | potential unauthorized access, such that unauthorized disclosure, | |||
| alteration, or use of the information might have occurred. | alteration, or use of the information might have occurred. | |||
| skipping to change at page 86, line 38 ¶ | skipping to change at page 86, line 38 ¶ | |||
| Deprecated Definition: The phrase "made available" might be | Deprecated Definition: The phrase "made available" might be | |||
| interpreted to mean that the data could be altered, and that would | interpreted to mean that the data could be altered, and that would | |||
| confuse this term with the concept of "data integrity". | confuse this term with the concept of "data integrity". | |||
| $ data confidentiality service | $ data confidentiality service | |||
| (I) A security service that protects data against unauthorized | (I) A security service that protects data against unauthorized | |||
| disclosure. (See: access control, data confidentiality, datagram | disclosure. (See: access control, data confidentiality, datagram | |||
| confidentiality service, flow control, inference control.) | confidentiality service, flow control, inference control.) | |||
| Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for | Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for | |||
| "privacy", which is a different concept. | "privacy", which is a different concept. | |||
| $ Data Encryption Algorithm (DEA) | $ Data Encryption Algorithm (DEA) | |||
| (N) A symmetric block cipher, defined in the U.S. Government's | (N) A symmetric block cipher, defined in the U.S. Government's | |||
| DES. DEA uses a 64-bit key, of which 56 bits are independently | DES. DEA uses a 64-bit key, of which 56 bits are independently | |||
| chosen and 8 are parity bits, and maps a 64-bit block into another | chosen and 8 are parity bits, and maps a 64-bit block into another | |||
| 64-bit block. [FP046] (See: AES, symmetric cryptography.) | 64-bit block. [FP046] (See: AES, symmetric cryptography.) | |||
| Usage: This algorithm is usually referred to as "DES". The | Usage: This algorithm is usually referred to as "DES". The | |||
| algorithm has also been adopted in standards outside the | algorithm has also been adopted in standards outside the | |||
| skipping to change at page 88, line 36 ¶ | skipping to change at page 88, line 36 ¶ | |||
| service. (See: "relationship between data integrity service and | service. (See: "relationship between data integrity service and | |||
| authentication services" under "data integrity service". | authentication services" under "data integrity service". | |||
| $ data owner | $ data owner | |||
| (N) The organization that has the final statutory and operational | (N) The organization that has the final statutory and operational | |||
| authority for specified information. | authority for specified information. | |||
| $ data privacy | $ data privacy | |||
| (D) Synonym for "data confidentiality". | (D) Synonym for "data confidentiality". | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts | Deprecated Term: IDOCs SHOULD NOT use this term; it mixes concepts | |||
| in a potentially misleading way. Instead, use either "data | in a potentially misleading way. Instead, use either "data | |||
| confidentiality" or "privacy" or both, depending on what is meant. | confidentiality" or "privacy" or both, depending on what is meant. | |||
| $ data recovery | $ data recovery | |||
| 1. (I) /cryptanalysis/ A process for learning, from some cipher | 1. (I) /cryptanalysis/ A process for learning, from some cipher | |||
| text, the plain text that was previously encrypted to produce the | text, the plain text that was previously encrypted to produce the | |||
| cipher text. (See: recovery.) | cipher text. (See: recovery.) | |||
| 2. (I) /system integrity/ The process of restoring information | 2. (I) /system integrity/ The process of restoring information | |||
| following damage or destruction. | following damage or destruction. | |||
| skipping to change at page 89, line 20 ¶ | skipping to change at page 89, line 20 ¶ | |||
| transporting network." [R1983] Example: A PDU of IP. | transporting network." [R1983] Example: A PDU of IP. | |||
| $ datagram confidentiality service | $ datagram confidentiality service | |||
| (I) A data confidentiality service that preserves the | (I) A data confidentiality service that preserves the | |||
| confidentiality of data in a single, independent, packet; i.e., | confidentiality of data in a single, independent, packet; i.e., | |||
| the service applies to datagrams one-at-a-time. Example: ESP. | the service applies to datagrams one-at-a-time. Example: ESP. | |||
| (See: data confidentiality.) | (See: data confidentiality.) | |||
| Usage: When a protocol is said to provide data confidentiality | Usage: When a protocol is said to provide data confidentiality | |||
| service, this is usually understood to mean that only the SDU is | service, this is usually understood to mean that only the SDU is | |||
| protected in each packet. ISDs that use the term to mean that the | protected in each packet. IDOCs that use the term to mean that the | |||
| entire PDU is protected should include a highlighted definition. | entire PDU is protected should include a highlighted definition. | |||
| Tutorial: This basic form of network confidentiality service | Tutorial: This basic form of network confidentiality service | |||
| suffices for protecting the data in a stream of packets in both | suffices for protecting the data in a stream of packets in both | |||
| connectionless and connection-oriented protocols. Except perhaps | connectionless and connection-oriented protocols. Except perhaps | |||
| for traffic flow confidentiality, nothing further is needed to | for traffic flow confidentiality, nothing further is needed to | |||
| protect the confidentiality of data carried by a packet stream. | protect the confidentiality of data carried by a packet stream. | |||
| The OSIRM distinguishes between connection confidentiality and | The OSIRM distinguishes between connection confidentiality and | |||
| connectionless confidentiality. The IPS need not make that | connectionless confidentiality. The IPS need not make that | |||
| distinction, because those services are just instances of the same | distinction, because those services are just instances of the same | |||
| skipping to change at page 90, line 20 ¶ | skipping to change at page 90, line 20 ¶ | |||
| entity receiving false data and believing it to be true. (See: | entity receiving false data and believing it to be true. (See: | |||
| authentication.) | authentication.) | |||
| Tutorial: This is a type of threat consequence, and it can be | Tutorial: This is a type of threat consequence, and it can be | |||
| caused by the following types of threat actions: masquerade, | caused by the following types of threat actions: masquerade, | |||
| falsification, and repudiation. | falsification, and repudiation. | |||
| $ decipher | $ decipher | |||
| (D) Synonym for "decrypt". | (D) Synonym for "decrypt". | |||
| Deprecated Definition: ISDs SHOULD NOT use this term as a synonym | Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym | |||
| for "decrypt". However, see usage note under "encryption". | for "decrypt". However, see usage note under "encryption". | |||
| $ decipherment | $ decipherment | |||
| (D) Synonym for "decryption". | (D) Synonym for "decryption". | |||
| Deprecated Definition: ISDs SHOULD NOT use this term as a synonym | Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym | |||
| for "decryption". However, see the Usage note under "encryption". | for "decryption". However, see the Usage note under "encryption". | |||
| $ declassification | $ declassification | |||
| (I) An authorized process by which information is declassified. | (I) An authorized process by which information is declassified. | |||
| (Compare: classification.) | (Compare: classification.) | |||
| $ declassify | $ declassify | |||
| (I) To officially remove the security level designation of a | (I) To officially remove the security level designation of a | |||
| classified information item or information type, such that the | classified information item or information type, such that the | |||
| information is no longer classified (i.e., becomes unclassified). | information is no longer classified (i.e., becomes unclassified). | |||
| (See: classified, classify, security level. Compare: downgrade.) | (See: classified, classify, security level. Compare: downgrade.) | |||
| $ decode | $ decode | |||
| 1. (I) Convert encoded data back to its original form of | 1. (I) Convert encoded data back to its original form of | |||
| representation. (Compare: decrypt.) | representation. (Compare: decrypt.) | |||
| 2. (D) Synonym for "decrypt". | 2. (D) Synonym for "decrypt". | |||
| Deprecated Definition: Encoding is not usually meant to conceal | Deprecated Definition: Encoding is not usually meant to conceal | |||
| meaning. Therefore, ISDs SHOULD NOT use this term as a synonym for | meaning. Therefore, IDOCs SHOULD NOT use this term as a synonym | |||
| "decrypt", because that would mix concepts in a potentially | for "decrypt", because that would mix concepts in a potentially | |||
| misleading way. | misleading way. | |||
| $ decrypt | $ decrypt | |||
| (I) Cryptographically restore cipher text to the plaintext form it | (I) Cryptographically restore cipher text to the plaintext form it | |||
| had before encryption. | had before encryption. | |||
| $ decryption | $ decryption | |||
| (I) See: secondary definition under "encryption". | (I) See: secondary definition under "encryption". | |||
| $ dedicated security mode | $ dedicated security mode | |||
| skipping to change at page 93, line 8 ¶ | skipping to change at page 93, line 8 ¶ | |||
| $ delta CRL | $ delta CRL | |||
| (I) A partial CRL that only contains entries for certificates that | (I) A partial CRL that only contains entries for certificates that | |||
| have been revoked since the issuance of a prior, base CRL [X509]. | have been revoked since the issuance of a prior, base CRL [X509]. | |||
| This method can be used to partition CRLs that become too large | This method can be used to partition CRLs that become too large | |||
| and unwieldy. (Compare: CRL distribution point.) | and unwieldy. (Compare: CRL distribution point.) | |||
| $ demilitarized zone (DMZ) | $ demilitarized zone (DMZ) | |||
| (D) Synonym for "buffer zone". | (D) Synonym for "buffer zone". | |||
| Deprecated Term: ISDs SHOULD NOT use this term because it mixes | Deprecated Term: IDOCs SHOULD NOT use this term because it mixes | |||
| concepts in a potentially misleading way. (See: Deprecated Usage | concepts in a potentially misleading way. (See: Deprecated Usage | |||
| under "Green Book".) | under "Green Book".) | |||
| $ denial of service | $ denial of service | |||
| (I) The prevention of authorized access to a system resource or | (I) The prevention of authorized access to a system resource or | |||
| the delaying of system operations and functions. (See: | the delaying of system operations and functions. (See: | |||
| availability, critical, flooding.) | availability, critical, flooding.) | |||
| Tutorial: A denial-of-service attack can prevent the normal | Tutorial: A denial-of-service attack can prevent the normal | |||
| conduct of business on the Internet. There are four types of | conduct of business on the Internet. There are four types of | |||
| skipping to change at page 94, line 9 ¶ | skipping to change at page 94, line 9 ¶ | |||
| $ Diffie-Hellman | $ Diffie-Hellman | |||
| $ Diffie-Hellman-Merkle | $ Diffie-Hellman-Merkle | |||
| (N) A key-agreement algorithm published in 1976 by Whitfield | (N) A key-agreement algorithm published in 1976 by Whitfield | |||
| Diffie and Martin Hellman [DH76, R2631]. | Diffie and Martin Hellman [DH76, R2631]. | |||
| Usage: The algorithm is most often called "Diffie-Hellman". | Usage: The algorithm is most often called "Diffie-Hellman". | |||
| However, in the November 1978 issue of "IEEE Communications | However, in the November 1978 issue of "IEEE Communications | |||
| Magazine", Hellman wrote that the algorithm "is a public key | Magazine", Hellman wrote that the algorithm "is a public key | |||
| distribution system, a concept developed by [Ralph C.] Merkle, and | distribution system, a concept developed by [Ralph C.] Merkle, and | |||
| hence should be called 'Diffie-Hellman-Merkle' . . . to recognize | hence should be called 'Diffie-Hellman-Merkle' ... to recognize | |||
| Merkle's equal contribution to the invention of public key | Merkle's equal contribution to the invention of public key | |||
| cryptography." | cryptography." | |||
| Tutorial: Diffie-Hellman-Merkle does key establishment, not | Tutorial: Diffie-Hellman-Merkle does key establishment, not | |||
| encryption. However, the key that it produces may be used for | encryption. However, the key that it produces may be used for | |||
| encryption, for further key management operations, or for any | encryption, for further key management operations, or for any | |||
| other cryptography. | other cryptography. | |||
| The algorithm is described in [R2631] and [Schn]. In brief, Alice | The algorithm is described in [R2631] and [Schn]. In brief, Alice | |||
| and Bob together pick large integers that satisfy certain | and Bob together pick large integers that satisfy certain | |||
| skipping to change at page 94, line 43 ¶ | skipping to change at page 94, line 43 ¶ | |||
| $ digest | $ digest | |||
| See: message digest. | See: message digest. | |||
| $ digital certificate | $ digital certificate | |||
| (I) A certificate document in the form of a digital data object (a | (I) A certificate document in the form of a digital data object (a | |||
| data object used by a computer) to which is appended a computed | data object used by a computer) to which is appended a computed | |||
| digital signature value that depends on the data object. (See: | digital signature value that depends on the data object. (See: | |||
| attribute certificate, public-key certificate.) | attribute certificate, public-key certificate.) | |||
| Deprecated Usage: ISDs SHOULD NOT use this term to refer to a | Deprecated Usage: IDOCs SHOULD NOT use this term to refer to a | |||
| signed CRL or CKL. Although the recommended definition can be | signed CRL or CKL. Although the recommended definition can be | |||
| interpreted to include other signed items, the security community | interpreted to include other signed items, the security community | |||
| does not use the term with those meanings. | does not use the term with those meanings. | |||
| $ digital certification | $ digital certification | |||
| (D) Synonym for "certification". | (D) Synonym for "certification". | |||
| Deprecated Definition: ISDs SHOULD NOT use this definition unless | Deprecated Definition: IDOCs SHOULD NOT use this definition unless | |||
| the context is not sufficient to distinguish between digital | the context is not sufficient to distinguish between digital | |||
| certification and another kind of certification, in which case it | certification and another kind of certification, in which case it | |||
| would be better to use "public-key certification" or another | would be better to use "public-key certification" or another | |||
| phrase that indicates what is being certified. | phrase that indicates what is being certified. | |||
| $ digital document | $ digital document | |||
| (I) An electronic data object that represents information | (I) An electronic data object that represents information | |||
| originally written in a non-electronic, non-magnetic medium | originally written in a non-electronic, non-magnetic medium | |||
| (usually ink on paper) or is an analogue of a document of that | (usually ink on paper) or is an analogue of a document of that | |||
| type. | type. | |||
| $ digital envelope | $ digital envelope | |||
| (I) A combination of (a) encrypted content data (of any kind) | (I) A combination of (a) encrypted content data (of any kind) | |||
| intended for a recipient and (b) the content encryption key in an | intended for a recipient and (b) the content encryption key in an | |||
| encrypted form that has been prepared for the use of the | encrypted form that has been prepared for the use of the | |||
| recipient. | recipient. | |||
| Usage: In ISDs, the term SHOULD be defined at the point of first | Usage: In IDOCs, the term SHOULD be defined at the point of first | |||
| use because, although the term is defined in PKCS #7 and used in | use because, although the term is defined in PKCS #7 and used in | |||
| S/MIME, it is not widely known. | S/MIME, it is not widely known. | |||
| Tutorial: Digital enveloping is not simply a synonym for | Tutorial: Digital enveloping is not simply a synonym for | |||
| implementing data confidentiality with encryption; digital | implementing data confidentiality with encryption; digital | |||
| enveloping is a hybrid encryption scheme to "seal" a message or | enveloping is a hybrid encryption scheme to "seal" a message or | |||
| other data, by encrypting the data and sending both it and a | other data, by encrypting the data and sending both it and a | |||
| protected form of the key to the intended recipient, so that no | protected form of the key to the intended recipient, so that no | |||
| one other than the intended recipient can "open" the message. In | one other than the intended recipient can "open" the message. In | |||
| PKCS #7, it means first encrypting the data using a symmetric | PKCS #7, it means first encrypting the data using a symmetric | |||
| encryption algorithm and a secret key, and then encrypting the | encryption algorithm and a secret key, and then encrypting the | |||
| secret key using an asymmetric encryption algorithm and the public | secret key using an asymmetric encryption algorithm and the public | |||
| key of the intended recipient. In S/MIME, additional methods are | key of the intended recipient. In S/MIME, additional methods are | |||
| defined for encrypting the content encryption key. | defined for encrypting the content encryption key. | |||
| $ Digital ID(service mark) | $ Digital ID(service mark) | |||
| (D) Synonym for "digital certificate". | (D) Synonym for "digital certificate". | |||
| Deprecated Term: ISDs SHOULD NOT use this term. It is a service | Deprecated Term: IDOCs SHOULD NOT use this term. It is a service | |||
| mark of a commercial firm, and it unnecessarily duplicates the | mark of a commercial firm, and it unnecessarily duplicates the | |||
| meaning of a better-established term. (See: credential.) | meaning of a better-established term. (See: credential.) | |||
| $ digital key | $ digital key | |||
| (D) Synonym for an input parameter of a cryptographic algorithm or | (D) Synonym for an input parameter of a cryptographic algorithm or | |||
| other process. (See: key.) | other process. (See: key.) | |||
| Deprecated Usage: The adjective "digital" need not be used with | Deprecated Usage: The adjective "digital" need not be used with | |||
| "key" or "cryptographic key", unless the context is insufficient | "key" or "cryptographic key", unless the context is insufficient | |||
| to distinguish the digital key from another kind of key, such as a | to distinguish the digital key from another kind of key, such as a | |||
| skipping to change at page 97, line 39 ¶ | skipping to change at page 97, line 39 ¶ | |||
| be unobtrusive. Depending on the particular technique that is | be unobtrusive. Depending on the particular technique that is | |||
| used, digital watermarking can assist in proving ownership, | used, digital watermarking can assist in proving ownership, | |||
| controlling duplication, tracing distribution, ensuring data | controlling duplication, tracing distribution, ensuring data | |||
| integrity, and performing other functions to protect intellectual | integrity, and performing other functions to protect intellectual | |||
| property rights. [ACM] | property rights. [ACM] | |||
| $ digitized signature | $ digitized signature | |||
| (D) Denotes various forms of digitized images of handwritten | (D) Denotes various forms of digitized images of handwritten | |||
| signatures. (Compare: digital signature). | signatures. (Compare: digital signature). | |||
| Deprecated Term: ISDs SHOULD NOT use this term without including | Deprecated Term: IDOCs SHOULD NOT use this term without including | |||
| this definition. This term suggests careless use of "digital | this definition. This term suggests careless use of "digital | |||
| signature", which is the term standardized by [I7498-2]. (See: | signature", which is the term standardized by [I7498-2]. (See: | |||
| electronic signature.) | electronic signature.) | |||
| $ DII | $ DII | |||
| (O) See: Defense Information Infrastructure. | (O) See: Defense Information Infrastructure. | |||
| $ direct attack | $ direct attack | |||
| (I) See: secondary definition under "attack". (Compare: indirect | (I) See: secondary definition under "attack". (Compare: indirect | |||
| attack.) | attack.) | |||
| skipping to change at page 98, line 15 ¶ | skipping to change at page 98, line 15 ¶ | |||
| (See: DN, X.500.) | (See: DN, X.500.) | |||
| $ Directory Access Protocol (DAP) | $ Directory Access Protocol (DAP) | |||
| (N) An OSI protocol [X519] for communication between a Directory | (N) An OSI protocol [X519] for communication between a Directory | |||
| User Agent (a type of X.500 client) and a Directory System Agent | User Agent (a type of X.500 client) and a Directory System Agent | |||
| (a type of X.500 server). (See: LDAP.) | (a type of X.500 server). (See: LDAP.) | |||
| $ disaster plan | $ disaster plan | |||
| (O) Synonym for "contingency plan". | (O) Synonym for "contingency plan". | |||
| Deprecated Term: ISDs SHOULD NOT use this term; instead, for | Deprecated Term: IDOCs SHOULD NOT use this term; instead, for | |||
| consistency and neutrality of language, ISDs SHOULD use | consistency and neutrality of language, IDOCs SHOULD use | |||
| "contingency plan". | "contingency plan". | |||
| $ disclosure | $ disclosure | |||
| See: unauthorized disclosure. Compare: exposure. | See: unauthorized disclosure. Compare: exposure. | |||
| $ discretionary access control | $ discretionary access control | |||
| 1a. (I) An access control service that (a) enforces a security | 1a. (I) An access control service that (a) enforces a security | |||
| policy based on the identity of system entities and the | policy based on the identity of system entities and the | |||
| authorizations associated with the identities and (b) incorporates | authorizations associated with the identities and (b) incorporates | |||
| a concept of ownership in which access rights for a system | a concept of ownership in which access rights for a system | |||
| skipping to change at page 100, line 26 ¶ | skipping to change at page 100, line 26 ¶ | |||
| $ DNS | $ DNS | |||
| (I) See: Domain Name System. | (I) See: Domain Name System. | |||
| $ doctrine | $ doctrine | |||
| See: security doctrine. | See: security doctrine. | |||
| $ DoD | $ DoD | |||
| (N) Department of Defense. | (N) Department of Defense. | |||
| Usage: To avoid international misunderstanding, ISDs SHOULD use | Usage: To avoid international misunderstanding, IDOCs SHOULD use | |||
| this abbreviation only with a national qualifier (e.g., U.S. DoD). | this abbreviation only with a national qualifier (e.g., U.S. DoD). | |||
| $ DOI | $ DOI | |||
| (I) See: Domain of Interpretation. | (I) See: Domain of Interpretation. | |||
| $ domain | $ domain | |||
| 1a. (I) /general security/ An environment or context that (a) | 1a. (I) /general security/ An environment or context that (a) | |||
| includes a set of system resources and a set of system entities | includes a set of system resources and a set of system entities | |||
| that have the right to access the resources and (b) usually is | that have the right to access the resources and (b) usually is | |||
| defined by a security policy, security model, or security | defined by a security policy, security model, or security | |||
| architecture. (See: CA domain, domain of interpretation, security | architecture. (See: CA domain, domain of interpretation, security | |||
| perimeter. Compare: COI, enclave.) | perimeter. Compare: COI, enclave.) | |||
| Tutorial: A "controlled interface" or "guard" is required to | Tutorial: A "controlled interface" or "guard" is required to | |||
| transfer information between network domains that operate under | transfer information between network domains that operate under | |||
| different security policies. | different security policies. | |||
| 1b. (O) /security policy/ A set of users, their information | 1b. (O) /security policy/ A set of users, their information | |||
| objects, and a common security policy. [DGSA, SP33] | objects, and a common security policy. [DoD6, SP33] | |||
| 1c. (O) /security policy/ A system or collection of systems that | 1c. (O) /security policy/ A system or collection of systems that | |||
| (a) belongs to a community of interest that implements a | (a) belongs to a community of interest that implements a | |||
| consistent security policy and (b) is administered by a single | consistent security policy and (b) is administered by a single | |||
| authority. | authority. | |||
| 2. (O) /COMPUSEC/ A operating state or mode of a set of computer | 2. (O) /COMPUSEC/ A operating state or mode of a set of computer | |||
| hardware. | hardware. | |||
| Tutorial: Most computers have at least two hardware operating | Tutorial: Most computers have at least two hardware operating | |||
| skipping to change at page 103, line 28 ¶ | skipping to change at page 103, line 28 ¶ | |||
| $ downgrade attack | $ downgrade attack | |||
| (I) A type of man-in-the-middle attack in which the attacker can | (I) A type of man-in-the-middle attack in which the attacker can | |||
| cause two parties, that are negotiating a security association, to | cause two parties, that are negotiating a security association, to | |||
| agree on a lower level of protection than the highest level that | agree on a lower level of protection than the highest level that | |||
| could have been supported by both of them. (Compare: downgrade.) | could have been supported by both of them. (Compare: downgrade.) | |||
| $ draft RFC | $ draft RFC | |||
| (D) A preliminary, temporary version of a document that is | (D) A preliminary, temporary version of a document that is | |||
| intended to become an RFC. (Compare: Internet-Draft.) | intended to become an RFC. (Compare: Internet-Draft.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term. The RFC series is | Deprecated Term: IDOCs SHOULD NOT use this term. The RFC series is | |||
| archival in nature and consists only of documents in permanent | archival in nature and consists only of documents in permanent | |||
| form. A document that is intended to become an RFC usually needs | form. A document that is intended to become an RFC usually needs | |||
| to be published first as an Internet-Draft (RFC 2026). (See: | to be published first as an Internet-Draft (RFC 2026). (See: | |||
| "Draft Standard" under "Internet Standard".) | "Draft Standard" under "Internet Standard".) | |||
| $ Draft Standard | $ Draft Standard | |||
| (I) See: secondary definition under "Internet Standard". | (I) See: secondary definition under "Internet Standard". | |||
| $ DSA | $ DSA | |||
| (N) See: Digital Signature Algorithm. | (N) See: Digital Signature Algorithm. | |||
| skipping to change at page 103, line 54 ¶ | skipping to change at page 103, line 54 ¶ | |||
| (I) A procedure that uses two or more entities (usually persons) | (I) A procedure that uses two or more entities (usually persons) | |||
| operating in concert to protect a system resource, such that no | operating in concert to protect a system resource, such that no | |||
| single entity acting alone can access that resource. (See: no-lone | single entity acting alone can access that resource. (See: no-lone | |||
| zone, separation of duties, split knowledge.) | zone, separation of duties, split knowledge.) | |||
| $ dual signature | $ dual signature | |||
| (O) /SET/ A single digital signature that protects two separate | (O) /SET/ A single digital signature that protects two separate | |||
| messages by including the hash results for both sets in a single | messages by including the hash results for both sets in a single | |||
| encrypted value. [SET2] | encrypted value. [SET2] | |||
| Deprecated Usage: ISDs SHOULD NOT use this term except when | Deprecated Usage: IDOCs SHOULD NOT use this term except when | |||
| qualified as "SET(trademark) dual signature" with this definition. | qualified as "SET(trademark) dual signature" with this definition. | |||
| Tutorial: Generated by hashing each message separately, | Tutorial: Generated by hashing each message separately, | |||
| concatenating the two hash results, and then hashing that value | concatenating the two hash results, and then hashing that value | |||
| and encrypting the result with the signer's private key. Done to | and encrypting the result with the signer's private key. Done to | |||
| reduce the number of encryption operations and to enable | reduce the number of encryption operations and to enable | |||
| verification of data integrity without complete disclosure of the | verification of data integrity without complete disclosure of the | |||
| data. | data. | |||
| $ dual-use certificate | $ dual-use certificate | |||
| (O) A certificate that is intended for use with both digital | (O) A certificate that is intended for use with both digital | |||
| signature and data encryption services. [SP32] | signature and data encryption services. [SP32] | |||
| Usage: ISDs that use this term SHOULD state a definition for it by | Usage: IDOCs that use this term SHOULD state a definition for it | |||
| identifying the intended uses of the certificate, because there | by identifying the intended uses of the certificate, because there | |||
| are more than just these two uses mentioned in the NIST | are more than just these two uses mentioned in the NIST | |||
| publication. A v3 X.509 public-key certificate may have a "key | publication. A v3 X.509 public-key certificate may have a "key | |||
| Usage" extension, which indicates the purposes for which the | Usage" extension, which indicates the purposes for which the | |||
| public key may be used. (See: certificate profile.) | public key may be used. (See: certificate profile.) | |||
| $ duty | $ duty | |||
| (I) An attribute of a role that obligates an entity playing the | (I) An attribute of a role that obligates an entity playing the | |||
| role to perform one or more tasks, which usually are essential for | role to perform one or more tasks, which usually are essential for | |||
| the functioning of the system. [Sand] (Compare authorization, | the functioning of the system. [Sand] (Compare authorization, | |||
| privilege. See: role, billet.) | privilege. See: role, billet.) | |||
| $ e-cash | $ e-cash | |||
| (O) Electronic cash; money that is in the form of data and can be | (O) Electronic cash; money that is in the form of data and can be | |||
| used as a payment mechanism on the Internet. (See: IOTP.) | used as a payment mechanism on the Internet. (See: IOTP.) | |||
| Usage: ISDs that use this term SHOULD state a definition for it | Usage: IDOCs that use this term SHOULD state a definition for it | |||
| because many different types of electronic cash have been devised | because many different types of electronic cash have been devised | |||
| with a variety of security mechanisms. | with a variety of security mechanisms. | |||
| $ EAP | $ EAP | |||
| (I) See: Extensible Authentication Protocol. | (I) See: Extensible Authentication Protocol. | |||
| $ EAL | $ EAL | |||
| (O) See: evaluation assurance level. | (O) See: evaluation assurance level. | |||
| $ Easter egg | $ Easter egg | |||
| (O) "Hidden functionality within an application program, which | (O) "Hidden functionality within an application program, which | |||
| becomes activated when an undocumented, and often convoluted, set | becomes activated when an undocumented, and often convoluted, set | |||
| of commands and keystrokes is entered. Easter eggs are typically | of commands and keystrokes is entered. Easter eggs are typically | |||
| used to display the credits for the development team and [are] | used to display the credits for the development team and [are] | |||
| intended to be non-threatening" [SP28], but Easter eggs have the | intended to be non-threatening" [SP28], but Easter eggs have the | |||
| potential to contain malicious code. | potential to contain malicious code. | |||
| Deprecated Usage: It is likely that other cultures use different | Deprecated Usage: It is likely that other cultures use different | |||
| metaphors for this concept. Therefore, to avoid international | metaphors for this concept. Therefore, to avoid international | |||
| misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated | misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated | |||
| Usage under "Green Book".) | Usage under "Green Book".) | |||
| $ eavesdropping | $ eavesdropping | |||
| (I) Passive wiretapping done secretly, i.e., without the knowledge | (I) Passive wiretapping done secretly, i.e., without the knowledge | |||
| of the originator or the intended recipients of the communication. | of the originator or the intended recipients of the communication. | |||
| $ ECB | $ ECB | |||
| (N) See: electronic codebook. | (N) See: electronic codebook. | |||
| $ ECDSA | $ ECDSA | |||
| skipping to change at page 105, line 39 ¶ | skipping to change at page 105, line 39 ¶ | |||
| $ EDI | $ EDI | |||
| (I) See: electronic data interchange. | (I) See: electronic data interchange. | |||
| $ EDIFACT | $ EDIFACT | |||
| (N) See: secondary definition under "electronic data interchange". | (N) See: secondary definition under "electronic data interchange". | |||
| $ EE | $ EE | |||
| (D) Abbreviation of "end entity" and other terms. | (D) Abbreviation of "end entity" and other terms. | |||
| Deprecated Abbreviation: ISDs SHOULD NOT use this abbreviation; | Deprecated Abbreviation: IDOCs SHOULD NOT use this abbreviation; | |||
| there could be confusion among "end entity", "end-to-end | there could be confusion among "end entity", "end-to-end | |||
| encryption", "escrowed encryption standard", and other terms. | encryption", "escrowed encryption standard", and other terms. | |||
| $ EES | $ EES | |||
| (O) See: Escrowed Encryption Standard. | (O) See: Escrowed Encryption Standard. | |||
| $ effective key length | $ effective key length | |||
| (O) "A measure of strength of a cryptographic algorithm, | (O) "A measure of strength of a cryptographic algorithm, | |||
| regardless of actual key length." [IATF] (See: work factor.) | regardless of actual key length." [IATF] (See: work factor.) | |||
| $ effectiveness | $ effectiveness | |||
| (O) /ITSEC/ A property of a TOE representing how well it provides | (O) /ITSEC/ A property of a TOE representing how well it provides | |||
| security in the context of its actual or proposed operational use. | security in the context of its actual or proposed operational use. | |||
| $ El Gamal algorithm | $ El Gamal algorithm | |||
| (N) An algorithm for asymmetric cryptography, invented in 1985 by | (N) An algorithm for asymmetric cryptography, invented in 1985 by | |||
| Taher El Gamal, that is based on the difficulty of calculating | Taher El Gamal, that is based on the difficulty of calculating | |||
| discrete logarithms and can be used for both encryption and | discrete logarithms and can be used for both encryption and | |||
| digital signatures. | digital signatures. [ElGa] | |||
| $ electronic codebook (ECB) | $ electronic codebook (ECB) | |||
| (N) An block cipher mode in which a plaintext block is used | (N) An block cipher mode in which a plaintext block is used | |||
| directly as input to the encryption algorithm and the resultant | directly as input to the encryption algorithm and the resultant | |||
| output block is used directly as cipher text [FP081]. (See: block | output block is used directly as cipher text [FP081]. (See: block | |||
| cipher, [SP38A].) | cipher, [SP38A].) | |||
| $ electronic commerce | $ electronic commerce | |||
| 1. (I) Business conducted through paperless exchanges of | 1. (I) Business conducted through paperless exchanges of | |||
| information, using electronic data interchange, electronic funds | information, using electronic data interchange, electronic funds | |||
| skipping to change at page 106, line 44 ¶ | skipping to change at page 106, line 44 ¶ | |||
| $ Electronic Key Management System (EKMS) | $ Electronic Key Management System (EKMS) | |||
| (O) "Interoperable collection of systems developed by ... the U.S. | (O) "Interoperable collection of systems developed by ... the U.S. | |||
| Government to automate the planning, ordering, generating, | Government to automate the planning, ordering, generating, | |||
| distributing, storing, filling, using, and destroying of | distributing, storing, filling, using, and destroying of | |||
| electronic keying material and the management of other types of | electronic keying material and the management of other types of | |||
| COMSEC material." [C4009] | COMSEC material." [C4009] | |||
| $ electronic signature | $ electronic signature | |||
| (D) Synonym for "digital signature" or "digitized signature". | (D) Synonym for "digital signature" or "digitized signature". | |||
| Deprecated Term: ISDs SHOULD NOT use this term; there is no | Deprecated Term: IDOCs SHOULD NOT use this term; there is no | |||
| current consensus on its definition. Instead, use "digital | current consensus on its definition. Instead, use "digital | |||
| signature", if that is what was intended | signature", if that is what was intended | |||
| $ electronic wallet | $ electronic wallet | |||
| (D) A secure container to hold, in digitized form, some sensitive | (D) A secure container to hold, in digitized form, some sensitive | |||
| data objects that belong to the owner, such as electronic money, | data objects that belong to the owner, such as electronic money, | |||
| authentication material, and various types of personal | authentication material, and various types of personal | |||
| information. (See: IOTP.) | information. (See: IOTP.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term. There is no | Deprecated Term: IDOCs SHOULD NOT use this term. There is no | |||
| current consensus on its definition; and some uses and definitions | current consensus on its definition; and some uses and definitions | |||
| may be proprietary. Meanings range from virtual wallets | may be proprietary. Meanings range from virtual wallets | |||
| implemented by data structures to physical wallets implemented by | implemented by data structures to physical wallets implemented by | |||
| cryptographic tokens. (See: Deprecated Usage under "Green Book".) | cryptographic tokens. (See: Deprecated Usage under "Green Book".) | |||
| $ elliptic curve cryptography (ECC) | $ elliptic curve cryptography (ECC) | |||
| (I) A type of asymmetric cryptography based on mathematics of | (I) A type of asymmetric cryptography based on mathematics of | |||
| groups that are defined by the points on a curve, where the curve | groups that are defined by the points on a curve, where the curve | |||
| is defined by a quadratic equation in a finite field. [Schn] | is defined by a quadratic equation in a finite field. [Schn] | |||
| skipping to change at page 107, line 53 ¶ | skipping to change at page 107, line 53 ¶ | |||
| system and to preventing or limiting the ability of unauthorized | system and to preventing or limiting the ability of unauthorized | |||
| parties to receive the emissions. | parties to receive the emissions. | |||
| $ embedded cryptography | $ embedded cryptography | |||
| (N) "Cryptography engineered into an equipment or system whose | (N) "Cryptography engineered into an equipment or system whose | |||
| basic function is not cryptographic." [C4009] | basic function is not cryptographic." [C4009] | |||
| $ emergency plan | $ emergency plan | |||
| (D) Synonym for "contingency plan". | (D) Synonym for "contingency plan". | |||
| Deprecated Term: ISDs SHOULD NOT use this term. Instead, for | Deprecated Term: IDOCs SHOULD NOT use this term. Instead, for | |||
| neutrality and consistency of language, use "contingency plan". | neutrality and consistency of language, use "contingency plan". | |||
| $ emergency response | $ emergency response | |||
| (O) An urgent response to a fire, flood, civil commotion, natural | (O) An urgent response to a fire, flood, civil commotion, natural | |||
| disaster, bomb threat, or other serious situation, with the intent | disaster, bomb threat, or other serious situation, with the intent | |||
| of protecting lives, limiting damage to property, and minimizing | of protecting lives, limiting damage to property, and minimizing | |||
| disruption of system operations. [FP087] (See: availability, CERT, | disruption of system operations. [FP087] (See: availability, CERT, | |||
| emergency plan.) | emergency plan.) | |||
| $ EMSEC | $ EMSEC | |||
| skipping to change at page 108, line 41 ¶ | skipping to change at page 108, line 41 ¶ | |||
| (transport mode) or an IP header (tunnel mode). ESP can provide | (transport mode) or an IP header (tunnel mode). ESP can provide | |||
| data confidentiality service, data origin authentication service, | data confidentiality service, data origin authentication service, | |||
| connectionless data integrity service, an anti-replay service, and | connectionless data integrity service, an anti-replay service, and | |||
| limited traffic-flow confidentiality. The set of services depends | limited traffic-flow confidentiality. The set of services depends | |||
| on the placement of the implementation and on options selected | on the placement of the implementation and on options selected | |||
| when the security association is established. | when the security association is established. | |||
| $ encipher | $ encipher | |||
| (D) Synonym for "encrypt". | (D) Synonym for "encrypt". | |||
| Deprecated Definition: ISDs SHOULD NOT use this term as a synonym | Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym | |||
| for "encrypt". However, see Usage note under "encryption". | for "encrypt". However, see Usage note under "encryption". | |||
| $ encipherment | $ encipherment | |||
| (D) Synonym for "encryption". | (D) Synonym for "encryption". | |||
| Deprecated Definition: ISDs SHOULD NOT use this term as a synonym | Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym | |||
| for "encryption". However, see Usage note under "encryption". | for "encryption". However, see Usage note under "encryption". | |||
| $ enclave | $ enclave | |||
| 1. (I) A set of system resources that operate in the same security | 1. (I) A set of system resources that operate in the same security | |||
| domain and that share the protection of a single, common, | domain and that share the protection of a single, common, | |||
| continuous security perimeter. (Compare: domain.) | continuous security perimeter. (Compare: domain.) | |||
| 2. (D) /U.S. Government/ "Collection of computing environments | 2. (D) /U.S. Government/ "Collection of computing environments | |||
| connected by one or more internal networks under the control of a | connected by one or more internal networks under the control of a | |||
| single authority and security policy, including personnel and | single authority and security policy, including personnel and | |||
| physical security." [C4009] | physical security." [C4009] | |||
| Deprecated Definition: ISDs SHOULD NOT use this term with | Deprecated Definition: IDOCs SHOULD NOT use this term with | |||
| definition 2 because the definition applies to what is usually | definition 2 because the definition applies to what is usually | |||
| called a "security domain". That is, a security domain is a set of | called a "security domain". That is, a security domain is a set of | |||
| one or more security enclaves. | one or more security enclaves. | |||
| $ encode | $ encode | |||
| 1. (I) Use a system of symbols to represent information, which | 1. (I) Use a system of symbols to represent information, which | |||
| might originally have some other representation. Example: Morse | might originally have some other representation. Example: Morse | |||
| code. (See: ASCII, BER.) (See: code, decode.) | code. (See: ASCII, BER.) (See: code, decode.) | |||
| 2. (D) Synonym for "encrypt". | 2. (D) Synonym for "encrypt". | |||
| Deprecated Definition: ISDs SHOULD NOT use this term as a synonym | Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym | |||
| for "encrypt"; encoding is not always meant to conceal meaning. | for "encrypt"; encoding is not always meant to conceal meaning. | |||
| $ encrypt | $ encrypt | |||
| (I) Cryptographically transform data to produce cipher text. (See: | (I) Cryptographically transform data to produce cipher text. (See: | |||
| encryption. Compare: seal.) | encryption. Compare: seal.) | |||
| $ encryption | $ encryption | |||
| 1. (I) Cryptographic transformation of data (called "plain text") | 1. (I) Cryptographic transformation of data (called "plain text") | |||
| into a different form (called "cipher text") that conceals the | into a different form (called "cipher text") that conceals the | |||
| data's original meaning and prevents the original form from being | data's original meaning and prevents the original form from being | |||
| used. The corresponding reverse process is "decryption", a | used. The corresponding reverse process is "decryption", a | |||
| transformation that restores encrypted data to its original form. | transformation that restores encrypted data to its original form. | |||
| (See: cryptography.) | (See: cryptography.) | |||
| 2. (O) "The cryptographic transformation of data to produce | 2. (O) "The cryptographic transformation of data to produce | |||
| ciphertext." [I7498-2] | ciphertext." [I7498-2] | |||
| Usage: For this concept, ISDs SHOULD use the verb "to encrypt" | Usage: For this concept, IDOCs SHOULD use the verb "to encrypt" | |||
| (and related variations: encryption, decrypt, and decryption). | (and related variations: encryption, decrypt, and decryption). | |||
| However, because of cultural biases involving human burial, some | However, because of cultural biases involving human burial, some | |||
| international documents (particularly ISO and CCITT standards) | international documents (particularly ISO and CCITT standards) | |||
| avoid "to encrypt" and instead use the verb "to encipher" (and | avoid "to encrypt" and instead use the verb "to encipher" (and | |||
| related variations: encipherment, decipher, decipherment). | related variations: encipherment, decipher, decipherment). | |||
| Tutorial: Usually, the plaintext input to an encryption operation | Tutorial: Usually, the plaintext input to an encryption operation | |||
| is clear text. But in some cases, the plain text may be cipher | is clear text. But in some cases, the plain text may be cipher | |||
| text that was output from another encryption operation. (See: | text that was output from another encryption operation. (See: | |||
| superencryption.) | superencryption.) | |||
| skipping to change at page 110, line 34 ¶ | skipping to change at page 110, line 34 ¶ | |||
| $ end entity | $ end entity | |||
| 1. (I) A system entity that is the subject of a public-key | 1. (I) A system entity that is the subject of a public-key | |||
| certificate and that is using, or is permitted and able to use, | certificate and that is using, or is permitted and able to use, | |||
| the matching private key only for purposes other than signing a | the matching private key only for purposes other than signing a | |||
| digital certificate; i.e., an entity that is not a CA. | digital certificate; i.e., an entity that is not a CA. | |||
| 2. (O) "A certificate subject [that] uses its public [sic] key for | 2. (O) "A certificate subject [that] uses its public [sic] key for | |||
| purposes other than signing certificates." [X509] | purposes other than signing certificates." [X509] | |||
| Deprecated Definition: ISDs SHOULD NOT use definition 2, which is | Deprecated Definition: IDOCs SHOULD NOT use definition 2, which is | |||
| misleading and incomplete. First, that definition should have said | misleading and incomplete. First, that definition should have said | |||
| "private key" rather than "public key" because certificates are | "private key" rather than "public key" because certificates are | |||
| not usefully signed with a public key. Second, the X.509 | not usefully signed with a public key. Second, the X.509 | |||
| definition is ambiguous regarding whether an end entity may or may | definition is ambiguous regarding whether an end entity may or may | |||
| not use the private key to sign a certificate, i.e., whether the | not use the private key to sign a certificate, i.e., whether the | |||
| subject may be a CA. The intent of X.509's authors was that an end | subject may be a CA. The intent of X.509's authors was that an end | |||
| entity certificate is not valid for use in verifying a signature | entity certificate is not valid for use in verifying a signature | |||
| on an X.509 certificate or X.509 CRL. Thus, it would have been | on an X.509 certificate or X.509 CRL. Thus, it would have been | |||
| better for the X.509 definition to have said "only for purposes | better for the X.509 definition to have said "only for purposes | |||
| other than signing certificates". | other than signing certificates". | |||
| skipping to change at page 111, line 37 ¶ | skipping to change at page 111, line 37 ¶ | |||
| protect their communications without depending on the intermediate | protect their communications without depending on the intermediate | |||
| systems to provide the protection. | systems to provide the protection. | |||
| $ end user | $ end user | |||
| 1. (I) /information system/ A system entity, usually a human | 1. (I) /information system/ A system entity, usually a human | |||
| individual, that makes use of system resources, primarily for | individual, that makes use of system resources, primarily for | |||
| application purposes as opposed to system management purposes. | application purposes as opposed to system management purposes. | |||
| 2. (D) /PKI/ Synonym for "end entity". | 2. (D) /PKI/ Synonym for "end entity". | |||
| Deprecated Definition: ISDs SHOULD NOT use "end user" as a synonym | Deprecated Definition: IDOCs SHOULD NOT use "end user" as a | |||
| for "end entity", because that would mix concepts in a potentially | synonym for "end entity", because that would mix concepts in a | |||
| misleading way. | potentially misleading way. | |||
| $ endorsed-for-unclassified cryptographic item (EUCI) | $ endorsed-for-unclassified cryptographic item (EUCI) | |||
| (O) /U.S. Government/ "Unclassified cryptographic equipment that | (O) /U.S. Government/ "Unclassified cryptographic equipment that | |||
| embodies a U.S. Government classified cryptographic logic and is | embodies a U.S. Government classified cryptographic logic and is | |||
| endorsed by NSA for the protection of national security | endorsed by NSA for the protection of national security | |||
| information." [C4009] (Compare: CCI, type 2 product.) | information." [C4009] (Compare: CCI, type 2 product.) | |||
| $ entity | $ entity | |||
| See: system entity. | See: system entity. | |||
| skipping to change at page 116, line 23 ¶ | skipping to change at page 116, line 23 ¶ | |||
| $ fail-safe | $ fail-safe | |||
| 1. (I) Synonym for "fail-secure". | 1. (I) Synonym for "fail-secure". | |||
| 2. (I) A mode of termination of system functions that prevents | 2. (I) A mode of termination of system functions that prevents | |||
| damage to specified system resources and system entities (i.e., | damage to specified system resources and system entities (i.e., | |||
| specified data, property, and life) when a failure occurs or is | specified data, property, and life) when a failure occurs or is | |||
| detected in the system (but the failure still might cause a | detected in the system (but the failure still might cause a | |||
| security compromise). (See: failure control.) | security compromise). (See: failure control.) | |||
| Tutorial: Definitions 1 and 2 are opposing design alternatives. | Tutorial: Definitions 1 and 2 are opposing design alternatives. | |||
| Therefore, ISDs SHOULD NOT use this term without providing a | Therefore, IDOCs SHOULD NOT use this term without providing a | |||
| definition for it. If definition 1 is intended, ISDs can avoid | definition for it. If definition 1 is intended, IDOCs can avoid | |||
| ambiguity by using "fail-secure" instead. | ambiguity by using "fail-secure" instead. | |||
| $ fail-secure | $ fail-secure | |||
| (I) A mode of termination of system functions that prevents loss | (I) A mode of termination of system functions that prevents loss | |||
| of secure state when a failure occurs or is detected in the system | of secure state when a failure occurs or is detected in the system | |||
| (but the failure still might cause damage to some system resource | (but the failure still might cause damage to some system resource | |||
| or system entity). (See: failure control. Compare: fail-safe.) | or system entity). (See: failure control. Compare: fail-safe.) | |||
| $ fail-soft | $ fail-soft | |||
| (I) Selective termination of affected, non-essential system | (I) Selective termination of affected, non-essential system | |||
| skipping to change at page 119, line 7 ¶ | skipping to change at page 119, line 7 ¶ | |||
| initiated transactions or transmission of funds for the extension | initiated transactions or transmission of funds for the extension | |||
| of credit or the custody, loan, exchange, or issuance of money." | of credit or the custody, loan, exchange, or issuance of money." | |||
| [SET2] | [SET2] | |||
| $ fingerprint | $ fingerprint | |||
| 1. (I) A pattern of curves formed by the ridges on a fingertip. | 1. (I) A pattern of curves formed by the ridges on a fingertip. | |||
| (See: biometric authentication. Compare: thumbprint.) | (See: biometric authentication. Compare: thumbprint.) | |||
| 2. (D) /PGP/ A hash result ("key fingerprint") used to | 2. (D) /PGP/ A hash result ("key fingerprint") used to | |||
| authenticate a public key or other data. [PGP] | authenticate a public key or other data. [PGP] | |||
| Deprecated Definition: ISDs SHOULD NOT use this term with | Deprecated Definition: IDOCs SHOULD NOT use this term with | |||
| definition 2, and SHOULD NOT use this term as a synonym for "hash | definition 2, and SHOULD NOT use this term as a synonym for "hash | |||
| result" of *any* kind. Either use would mix concepts in a | result" of *any* kind. Either use would mix concepts in a | |||
| potentially misleading way. | potentially misleading way. | |||
| $ FIPS | $ FIPS | |||
| (N) See: Federal Information Processing Standards. | (N) See: Federal Information Processing Standards. | |||
| $ FIPS PUB 140 | $ FIPS PUB 140 | |||
| (N) The U.S. Government standard [FP140] for security requirements | (N) The U.S. Government standard [FP140] for security requirements | |||
| to be met by a cryptographic module when the module is used to | to be met by a cryptographic module when the module is used to | |||
| skipping to change at page 120, line 35 ¶ | skipping to change at page 120, line 35 ¶ | |||
| $ flaw | $ flaw | |||
| 1. (I) An error in the design, implementation, or operation of an | 1. (I) An error in the design, implementation, or operation of an | |||
| information system. A flaw may result in a vulnerability. | information system. A flaw may result in a vulnerability. | |||
| (Compare: vulnerability.) | (Compare: vulnerability.) | |||
| 2. (D) "An error of commission, omission, or oversight in a system | 2. (D) "An error of commission, omission, or oversight in a system | |||
| that allows protection mechanisms to be bypassed." [NCSSG] | that allows protection mechanisms to be bypassed." [NCSSG] | |||
| (Compare: vulnerability. See: brain-damaged.) | (Compare: vulnerability. See: brain-damaged.) | |||
| Deprecated Definition: ISDs SHOULD NOT use this term with | Deprecated Definition: IDOCs SHOULD NOT use this term with | |||
| definition 2; not every flaw is a vulnerability. | definition 2; not every flaw is a vulnerability. | |||
| $ flaw hypothesis methodology | $ flaw hypothesis methodology | |||
| (I) An evaluation or attack technique in which specifications and | (I) An evaluation or attack technique in which specifications and | |||
| documentation for a system are analyzed to hypothesize flaws in | documentation for a system are analyzed to hypothesize flaws in | |||
| the system. The list of hypothetical flaws is prioritized on the | the system. The list of hypothetical flaws is prioritized on the | |||
| basis of the estimated probability that a flaw exists and, | basis of the estimated probability that a flaw exists and, | |||
| assuming it does, on the ease of exploiting it and the extent of | assuming it does, on the ease of exploiting it and the extent of | |||
| control or compromise it would provide. The prioritized list is | control or compromise it would provide. The prioritized list is | |||
| used to direct a penetration test or attack against the system. | used to direct a penetration test or attack against the system. | |||
| skipping to change at page 123, line 13 ¶ | skipping to change at page 123, line 13 ¶ | |||
| (O) See: For Official Use Only. | (O) See: For Official Use Only. | |||
| $ FPKI | $ FPKI | |||
| (O) See: Federal Public-Key Infrastructure. | (O) See: Federal Public-Key Infrastructure. | |||
| $ fraggle attack | $ fraggle attack | |||
| (D) /slang/ A synonym for "smurf attack". | (D) /slang/ A synonym for "smurf attack". | |||
| Deprecated Term: It is likely that other cultures use different | Deprecated Term: It is likely that other cultures use different | |||
| metaphors for this concept. Therefore, to avoid international | metaphors for this concept. Therefore, to avoid international | |||
| misunderstanding, ISDs SHOULD NOT use this term. | misunderstanding, IDOCs SHOULD NOT use this term. | |||
| Derivation: The Fraggles are a fictional race of small humanoids | Derivation: The Fraggles are a fictional race of small humanoids | |||
| (represented as hand puppets in a children's television series, | (represented as hand puppets in a children's television series, | |||
| "Fraggle Rock") that live underground. | "Fraggle Rock") that live underground. | |||
| $ frequency hopping | $ frequency hopping | |||
| (N) "Repeated switching of frequencies during radio transmission | (N) "Repeated switching of frequencies during radio transmission | |||
| according to a specified algorithm." [C4009] (See: spread | according to a specified algorithm." [C4009] (See: spread | |||
| spectrum.) | spectrum.) | |||
| skipping to change at page 125, line 24 ¶ | skipping to change at page 125, line 24 ¶ | |||
| 1. (N) "Relative fineness to which an access control mechanism can | 1. (N) "Relative fineness to which an access control mechanism can | |||
| be adjusted." [C4009] | be adjusted." [C4009] | |||
| 2. (O) "The size of the smallest protectable unit of information" | 2. (O) "The size of the smallest protectable unit of information" | |||
| in a trusted system. [Huff] | in a trusted system. [Huff] | |||
| $ Green Book | $ Green Book | |||
| (D) /slang/ Synonym for "Defense Password Management Guideline" | (D) /slang/ Synonym for "Defense Password Management Guideline" | |||
| [CSC2]. | [CSC2]. | |||
| Deprecated Term: Except as an explanatory appositive, ISDs SHOULD | Deprecated Term: Except as an explanatory appositive, IDOCs SHOULD | |||
| NOT use this term, regardless of the associated definition. | NOT use this term, regardless of the associated definition. | |||
| Instead, use the full proper name of the document or, in | Instead, use the full proper name of the document or, in | |||
| subsequent references, a conventional abbreviation. (See: Rainbow | subsequent references, a conventional abbreviation. (See: Rainbow | |||
| Series.) | Series.) | |||
| Deprecated Usage: To improve international comprehensibility of | Deprecated Usage: To improve international comprehensibility of | |||
| Internet Standards and the Internet Standards Process, ISDs SHOULD | Internet Standards and the Internet Standards Process, IDOCs | |||
| NOT use "cute" synonyms. No matter how clearly understood or | SHOULD NOT use "cute" synonyms. No matter how clearly understood | |||
| popular a nickname may be in one community, it is likely to cause | or popular a nickname may be in one community, it is likely to | |||
| confusion or offense in others. For example, several other | cause confusion or offense in others. For example, several other | |||
| information system standards also are called "the Green Book"; the | information system standards also are called "the Green Book"; the | |||
| following are some examples: | following are some examples: | |||
| - Each volume of 1992 ITU-T (known at that time as CCITT) | - Each volume of 1992 ITU-T (known at that time as CCITT) | |||
| standards. | standards. | |||
| - "PostScript Language Program Design", Adobe Systems, Addison- | - "PostScript Language Program Design", Adobe Systems, Addison- | |||
| Wesley, 1988. | Wesley, 1988. | |||
| - IEEE 1003.1 POSIX Operating Systems Interface. | - IEEE 1003.1 POSIX Operating Systems Interface. | |||
| - "Smalltalk-80: Bits of History, Words of Advice", Glenn | - "Smalltalk-80: Bits of History, Words of Advice", Glenn | |||
| Krasner, Addison-Wesley, 1983. | Krasner, Addison-Wesley, 1983. | |||
| - "X/Open Compatibility Guide". | - "X/Open Compatibility Guide". | |||
| skipping to change at page 128, line 12 ¶ | skipping to change at page 128, line 12 ¶ | |||
| protections of mandatory access control and (b) the identity-based | protections of mandatory access control and (b) the identity-based | |||
| protections of discretionary access control; usually involves | protections of discretionary access control; usually involves | |||
| administrative security. | administrative security. | |||
| $ Handling Restrictions field | $ Handling Restrictions field | |||
| (I) A 16-bit field that specifies a control and release marking in | (I) A 16-bit field that specifies a control and release marking in | |||
| the security option (option type 130) of IP's datagram header | the security option (option type 130) of IP's datagram header | |||
| format. The valid field values are alphanumeric digraphs assigned | format. The valid field values are alphanumeric digraphs assigned | |||
| by the U.S. Government, as specified in RFC 791. | by the U.S. Government, as specified in RFC 791. | |||
| Deprecated Abbreviation: ISDs SHOULD NOT use the abbreviation "H | Deprecated Abbreviation: IDOCs SHOULD NOT use the abbreviation "H | |||
| field" because it is potentially ambiguous. Instead, use "Handling | field" because it is potentially ambiguous. Instead, use "Handling | |||
| Restrictions field". | Restrictions field". | |||
| $ handshake | $ handshake | |||
| (I) Protocol dialogue between two systems for identifying and | (I) Protocol dialogue between two systems for identifying and | |||
| authenticating themselves to each other, or for synchronizing | authenticating themselves to each other, or for synchronizing | |||
| their operations with each other. | their operations with each other. | |||
| $ Handshake Protocol | $ Handshake Protocol | |||
| (I) /TLS/ The TLS Handshake Protocol consists of three parts | (I) /TLS/ The TLS Handshake Protocol consists of three parts | |||
| (i.e., subprotocols) that enable peer entities to agree upon | (i.e., subprotocols) that enable peer entities to agree upon | |||
| security parameters for the record layer, authenticate themselves | security parameters for the record layer, authenticate themselves | |||
| to each other, instantiate negotiated security parameters, and | to each other, instantiate negotiated security parameters, and | |||
| report error conditions to each other. [R2246] | report error conditions to each other. [R4346] | |||
| $ harden | $ harden | |||
| (I) To protect a system by configuring it to operate in a way that | (I) To protect a system by configuring it to operate in a way that | |||
| eliminates or mitigates known vulnerabilities. Example: [RSCG]. | eliminates or mitigates known vulnerabilities. Example: [RSCG]. | |||
| (See: default account.) | (See: default account.) | |||
| $ hardware | $ hardware | |||
| (I) The material physical components of an information system. | (I) The material physical components of an information system. | |||
| (See: firmware, software.) | (See: firmware, software.) | |||
| $ hardware error | $ hardware error | |||
| (I) /threat action/ See: secondary definitions under "corruption", | (I) /threat action/ See: secondary definitions under "corruption", | |||
| "exposure", and "incapacitation". | "exposure", and "incapacitation". | |||
| $ hardware token | $ hardware token | |||
| See: token. | See: token. | |||
| $ hash code | $ hash code | |||
| (D) Synonym for "hash result" or "hash function". | (D) Synonym for "hash result" or "hash function". | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts | Deprecated Term: IDOCs SHOULD NOT use this term; it mixes concepts | |||
| in a potentially misleading way. A hash result is not a "code", | in a potentially misleading way. A hash result is not a "code", | |||
| and a hash function does not "encode" in any sense defined by this | and a hash function does not "encode" in any sense defined by this | |||
| glossary. (See: hash value, message digest.) | glossary. (See: hash value, message digest.) | |||
| $ hash function | $ hash function | |||
| 1. (I) A function H that maps an arbitrary, variable-length bit | 1. (I) A function H that maps an arbitrary, variable-length bit | |||
| string, s, into a fixed-length string, h = H(s) (called the "hash | string, s, into a fixed-length string, h = H(s) (called the "hash | |||
| result"). For most computing applications, it is desirable that | result"). For most computing applications, it is desirable that | |||
| given a string s with H(s) = h, any change to s that creates a | given a string s with H(s) = h, any change to s that creates a | |||
| different string s' will result in an unpredictable hash result | different string s' will result in an unpredictable hash result | |||
| skipping to change at page 129, line 55 ¶ | skipping to change at page 129, line 55 ¶ | |||
| the same hash result. (See: birthday attack.) | the same hash result. (See: birthday attack.) | |||
| $ hash result | $ hash result | |||
| 1. (I) The output of a hash function. (See: hash code, hash value. | 1. (I) The output of a hash function. (See: hash code, hash value. | |||
| Compare: hash value.) | Compare: hash value.) | |||
| 2. (O) "The output produced by a hash function upon processing a | 2. (O) "The output produced by a hash function upon processing a | |||
| message" (where "message" is broadly defined as "a digital | message" (where "message" is broadly defined as "a digital | |||
| representation of data"). [DSG] | representation of data"). [DSG] | |||
| Usage: ISDs SHOULD avoid the unusual usage of "message" that is | Usage: IDOCs SHOULD avoid the unusual usage of "message" that is | |||
| seen in the "O" definition. | seen in the "O" definition. | |||
| $ hash value | $ hash value | |||
| (D) Synonym for "hash result". | (D) Synonym for "hash result". | |||
| Deprecated Term: ISDs SHOULD NOT use this term for the output of a | Deprecated Term: IDOCs SHOULD NOT use this term for the output of | |||
| hash function; the term could easily be confused with "hashed | a hash function; the term could easily be confused with "hashed | |||
| value", which means the input to a hash function. (See: hash code, | value", which means the input to a hash function. (See: hash code, | |||
| hash result, message digest.) | hash result, message digest.) | |||
| $ HDM | $ HDM | |||
| (O) See: Hierarchical Development Methodology. | (O) See: Hierarchical Development Methodology. | |||
| $ Hierarchical Development Methodology (HDM) | $ Hierarchical Development Methodology (HDM) | |||
| (O) A methodology, language, and integrated set of software tools | (O) A methodology, language, and integrated set of software tools | |||
| developed at SRI International for specifying, coding, and | developed at SRI International for specifying, coding, and | |||
| verifying software to produce correct and reliable programs. | verifying software to produce correct and reliable programs. | |||
| skipping to change at page 130, line 35 ¶ | skipping to change at page 130, line 35 ¶ | |||
| (Compare: mesh PKI, trust-file PKI.) | (Compare: mesh PKI, trust-file PKI.) | |||
| $ hierarchy management | $ hierarchy management | |||
| (I) The process of generating configuration data and issuing | (I) The process of generating configuration data and issuing | |||
| public-key certificates to build and operate a certification | public-key certificates to build and operate a certification | |||
| hierarchy. (See: certificate management.) | hierarchy. (See: certificate management.) | |||
| $ hierarchy of trust | $ hierarchy of trust | |||
| (D) Synonym for "certification hierarchy". | (D) Synonym for "certification hierarchy". | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts | Deprecated Term: IDOCs SHOULD NOT use this term; it mixes concepts | |||
| in a potentially misleading way. (See: certification hierarchy, | in a potentially misleading way. (See: certification hierarchy, | |||
| trust, web of trust.) | trust, web of trust.) | |||
| $ high-assurance guard | $ high-assurance guard | |||
| (O) "An oxymoron," said Lt. Gen. William H. Campbell, former U.S. | (O) "An oxymoron," said Lt. Gen. William H. Campbell, former U.S. | |||
| Army chief information officer, speaking at an Armed Forces | Army chief information officer, speaking at an Armed Forces | |||
| Communications and Electronics Association conference. | Communications and Electronics Association conference. | |||
| Usage: ISDs that use this term SHOULD state a definition for it | Usage: IDOCs that use this term SHOULD state a definition for it | |||
| because the term mixes concepts and could easily be misunderstood. | because the term mixes concepts and could easily be misunderstood. | |||
| $ hijack attack | $ hijack attack | |||
| (I) A form of active wiretapping in which the attacker seizes | (I) A form of active wiretapping in which the attacker seizes | |||
| control of a previously established communication association. | control of a previously established communication association. | |||
| (See: man-in-the-middle attack, pagejacking, piggyback attack.) | (See: man-in-the-middle attack, pagejacking, piggyback attack.) | |||
| $ HIPAA | $ HIPAA | |||
| (N) Health Information Portability and Accountability Act of 1996, | (N) Health Information Portability and Accountability Act of 1996, | |||
| a U.S. law (Public Law 104-191) that is intended to protect the | a U.S. law (Public Law 104-191) that is intended to protect the | |||
| skipping to change at page 131, line 44 ¶ | skipping to change at page 131, line 44 ¶ | |||
| faster or stronger hash is found or required. | faster or stronger hash is found or required. | |||
| $ honey pot | $ honey pot | |||
| (N) A system (e.g., a web server) or system resource (e.g., a file | (N) A system (e.g., a web server) or system resource (e.g., a file | |||
| on a server) that is designed to be attractive to potential | on a server) that is designed to be attractive to potential | |||
| crackers and intruders, like honey is attractive to bears. (See: | crackers and intruders, like honey is attractive to bears. (See: | |||
| entrapment.) | entrapment.) | |||
| Usage: It is likely that other cultures use different metaphors | Usage: It is likely that other cultures use different metaphors | |||
| for this concept. Therefore, to avoid international | for this concept. Therefore, to avoid international | |||
| misunderstanding, an ISD SHOULD NOT use this term without | misunderstanding, an IDOC SHOULD NOT use this term without | |||
| providing a definition for it. (See: Deprecated Usage under "Green | providing a definition for it. (See: Deprecated Usage under "Green | |||
| Book.") | Book.") | |||
| $ host | $ host | |||
| 1. (I) /general/ A computer that is attached to a communication | 1. (I) /general/ A computer that is attached to a communication | |||
| subnetwork or internetwork and can use services provided by the | subnetwork or internetwork and can use services provided by the | |||
| network to exchange data with other attached systems. (See: end | network to exchange data with other attached systems. (See: end | |||
| system. Compare: server.) | system. Compare: server.) | |||
| 2. (I) /IPS/ A networked computer that does not forward IP packets | 2. (I) /IPS/ A networked computer that does not forward IP packets | |||
| skipping to change at page 133, line 52 ¶ | skipping to change at page 133, line 52 ¶ | |||
| $ IDEA | $ IDEA | |||
| (N) See: International Data Encryption Algorithm. | (N) See: International Data Encryption Algorithm. | |||
| $ identification | $ identification | |||
| (I) An act or process that presents an identifier to a system so | (I) An act or process that presents an identifier to a system so | |||
| that the system can recognize a system entity and distinguish it | that the system can recognize a system entity and distinguish it | |||
| from other entities. (See: authentication.) | from other entities. (See: authentication.) | |||
| $ identification information | $ identification information | |||
| (D) Synonym for either "identifier" or "authentication | (D) Synonym for "identifier"; synonynm for "authentication | |||
| information". (See: authentication.) | information". (See: authentication, identifying information.) | |||
| Deprecated Definition: ISDs SHOULD NOT use this term as a synonym | Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for | |||
| for either of those terms; that would be duplicative and would mix | either of those terms; this term (a) is not as precise as they are | |||
| concepts in a potentially misleading way. Instead, use | and (b) mixes concepts in a potentially misleading way. Instead, | |||
| "identifier" or "authentication information ", depending on what | use "identifier" or "authentication information", depending on | |||
| is meant. | what is meant. | |||
| $ Identification Protocol | $ Identification Protocol | |||
| (I) An client-server Internet protocol [R1413] for learning the | (I) An client-server Internet protocol [R1413] for learning the | |||
| identity of a user of a particular TCP connection. | identity of a user of a particular TCP connection. | |||
| Tutorial: Given a TCP port number pair, the server returns a | Tutorial: Given a TCP port number pair, the server returns a | |||
| character string that identifies the owner of that connection on | character string that identifies the owner of that connection on | |||
| the server's system. The protocol does not provide an | the server's system. The protocol does not provide an | |||
| authentication service and is not intended for authorization or | authentication service and is not intended for authorization or | |||
| access control. At best, it provides additional auditing | access control. At best, it provides additional auditing | |||
| skipping to change at page 134, line 35 ¶ | skipping to change at page 134, line 35 ¶ | |||
| Tutorial: Identifiers for system entities must be assigned very | Tutorial: Identifiers for system entities must be assigned very | |||
| carefully, because authenticated identities are the basis for | carefully, because authenticated identities are the basis for | |||
| other security services, such as access control service. | other security services, such as access control service. | |||
| $ identifier credential | $ identifier credential | |||
| 1. (I) See: /authentication/ under "credential". | 1. (I) See: /authentication/ under "credential". | |||
| 2. (D) Synonym for "signature certificate". | 2. (D) Synonym for "signature certificate". | |||
| Usage: ISDs that use this term SHOULD state a definition for it | Usage: IDOCs that use this term SHOULD state a definition for it | |||
| because the term is used in many ways and could easily be | because the term is used in many ways and could easily be | |||
| misunderstood. | misunderstood. | |||
| $ identifying information | ||||
| (D) Synonym for "identifier"; synonynm for "authentication | ||||
| information". (See: authentication, identification information.) | ||||
| Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for | ||||
| either of those terms; this term (a) is not as precise as they are | ||||
| and (b) mixes concepts in a potentially misleading way. Instead, | ||||
| use "identifier" or "authentication information", depending on | ||||
| what is meant. | ||||
| $ identity | $ identity | |||
| (I) The collective aspect of a set of attribute values (i.e., a | (I) The collective aspect of a set of attribute values (i.e., a | |||
| set of characteristics) by which a system user or other system | set of characteristics) by which a system user or other system | |||
| entity is recognizable or known. (See: authenticate, registration. | entity is recognizable or known. (See: authenticate, registration. | |||
| Compare: identifier.) | Compare: identifier.) | |||
| Usage: An ISD MAY apply this term to either a single entity or a | Usage: An IDOC MAY apply this term to either a single entity or a | |||
| set of entities. If an ISD involves both meanings, the ISD SHOULD | set of entities. If an IDOC involves both meanings, the IDOC | |||
| use the following terms and definitions to avoid ambiguity: | SHOULD use the following terms and definitions to avoid ambiguity: | |||
| - "Singular identity": An identity that is registered for an | - "Singular identity": An identity that is registered for an | |||
| entity that is one person or one process. | entity that is one person or one process. | |||
| - "Shared identity": An identity that is registered for an entity | - "Shared identity": An identity that is registered for an entity | |||
| that is a set of singular entities (1) in which each member is | that is a set of singular entities (1) in which each member is | |||
| authorized to assume the identity individually and (2) for | authorized to assume the identity individually and (2) for | |||
| which the registering system maintains a record of the singular | which the registering system maintains a record of the singular | |||
| entities that comprise the set. In this case, we would expect | entities that comprise the set. In this case, we would expect | |||
| each member entity to be registered with a singular identity | each member entity to be registered with a singular identity | |||
| before becoming associated with the shared identity. | before becoming associated with the shared identity. | |||
| - "Group identity": An identity that is registered for an entity | - "Group identity": An identity that is registered for an entity | |||
| skipping to change at page 136, line 43 ¶ | skipping to change at page 136, line 43 ¶ | |||
| $ identity-based security policy | $ identity-based security policy | |||
| (I) "A security policy based on the identities and/or attributes | (I) "A security policy based on the identities and/or attributes | |||
| of users, a group of users, or entities acting on behalf of the | of users, a group of users, or entities acting on behalf of the | |||
| users and the resources/objects being accessed." [I7498-2] (See: | users and the resources/objects being accessed." [I7498-2] (See: | |||
| rule-based security policy.) | rule-based security policy.) | |||
| $ identity proofing | $ identity proofing | |||
| (I) A process that vets and verifies the information that is used | (I) A process that vets and verifies the information that is used | |||
| to establish the identity of a system entity. (See: registration.) | to establish the identity of a system entity. (See: registration.) | |||
| $ IDOC | ||||
| (I) An abbreviation used in this Glossary to refer to a document | ||||
| or other item of written material that is generated in the | ||||
| Internet Standards Process (RFC 2026), i.e., an RFC, an Internet- | ||||
| Draft, or some other item of discourse. | ||||
| Deprecated Usage: This abbreviation SHOULD NOT be used in an IDOC | ||||
| unless it is first defined in the IDOC because the abbreviation | ||||
| was invented for this Glossary and is not widely known. | ||||
| $ IDS | $ IDS | |||
| (I) See: intrusion detection system. | (I) See: intrusion detection system. | |||
| $ IEEE | $ IEEE | |||
| (N) See: Institute of Electrical and Electronics Engineers, Inc. | (N) See: Institute of Electrical and Electronics Engineers, Inc. | |||
| $ IEEE 802.10 | $ IEEE 802.10 | |||
| (N) An IEEE committee developing security standards for local area | (N) An IEEE committee developing security standards for LANs. | |||
| networks. (See: SILS.) | (See: SILS.) | |||
| $ IEEE P1363 | $ IEEE P1363 | |||
| (N) An IEEE working group, Standard for Public-Key Cryptography, | (N) An IEEE working group, Standard for Public-Key Cryptography, | |||
| engaged in developing a comprehensive reference standard for | engaged in developing a comprehensive reference standard for | |||
| asymmetric cryptography. Covers discrete logarithm (e.g., DSA), | asymmetric cryptography. Covers discrete logarithm (e.g., DSA), | |||
| elliptic curve, and integer factorization (e.g., RSA); and covers | elliptic curve, and integer factorization (e.g., RSA); and covers | |||
| key agreement, digital signature, and encryption. | key agreement, digital signature, and encryption. | |||
| $ IESG | $ IESG | |||
| (I) See: Internet Engineering Steering Group. | (I) See: Internet Engineering Steering Group. | |||
| skipping to change at page 141, line 31 ¶ | skipping to change at page 141, line 41 ¶ | |||
| from B with a source address that is not within the range of | from B with a source address that is not within the range of | |||
| legitimately advertised addresses for B. This method does not | legitimately advertised addresses for B. This method does not | |||
| prevent all attacks that can originate from B, but the actual | prevent all attacks that can originate from B, but the actual | |||
| source of such attacks can be more easily traced because the | source of such attacks can be more easily traced because the | |||
| originating network is known. | originating network is known. | |||
| $ initialization value (IV) | $ initialization value (IV) | |||
| (I) /cryptography/ An input parameter that sets the starting state | (I) /cryptography/ An input parameter that sets the starting state | |||
| of a cryptographic algorithm or mode. (Compare: activation data.) | of a cryptographic algorithm or mode. (Compare: activation data.) | |||
| Usage: Sometimes called "initialization vector" or "message | ||||
| indicator", but ISDs SHOULD NOT use these synonyms because they | ||||
| mix concepts in potentially confusing ways. | ||||
| Tutorial: An IV can be used to synchronize one cryptographic | Tutorial: An IV can be used to synchronize one cryptographic | |||
| process with another; e.g., CBC, CFB, and OFB use IVs. An IV also | process with another; e.g., CBC, CFB, and OFB use IVs. An IV also | |||
| can be used to introduce cryptographic variance (see: salt) | can be used to introduce cryptographic variance (see: salt) | |||
| besides that provided by a key. | besides that provided by a key. | |||
| $ initialization vector | $ initialization vector | |||
| (D) /cryptographic function/ Synonym for "initialization value". | (D) /cryptography/ Synonym for "initialization value". | |||
| Deprecated Term: To avoid international misunderstanding, ISDs | Deprecated Term: To avoid international misunderstanding, IDOCs | |||
| SHOULD NOT use this term in the context of cryptographic functions | SHOULD NOT use this term in the context of cryptography because | |||
| because the term's dictionary definition includes the concept of | most dictionary definitions of "vector" includes a concept of | |||
| direction, which is not intended in cryptographic use. | direction or magnitude, which are irrelevant to cryptographic use. | |||
| $ insertion | $ insertion | |||
| 1. (I) /packet/ See: secondary definition under "stream integrity | 1. (I) /packet/ See: secondary definition under "stream integrity | |||
| service". | service". | |||
| 2. (I) /threat action/ See: secondary definition under | 2. (I) /threat action/ See: secondary definition under | |||
| "falsification". | "falsification". | |||
| $ inside attack | $ inside attack | |||
| (I) See: secondary definition under "attack". Compare: insider. | (I) See: secondary definition under "attack". Compare: insider. | |||
| skipping to change at page 143, line 4 ¶ | skipping to change at page 143, line 10 ¶ | |||
| $ integrity | $ integrity | |||
| See: data integrity, datagram integrity service, correctness | See: data integrity, datagram integrity service, correctness | |||
| integrity, source integrity, stream integrity service, system | integrity, source integrity, stream integrity service, system | |||
| integrity. | integrity. | |||
| $ integrity check | $ integrity check | |||
| (D) A computation that is part of a mechanism to provide data | (D) A computation that is part of a mechanism to provide data | |||
| integrity service or data origin authentication service. (Compare: | integrity service or data origin authentication service. (Compare: | |||
| checksum.) | checksum.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term as a synonym for | ||||
| Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for | ||||
| "cryptographic hash" or "protected checksum". This term | "cryptographic hash" or "protected checksum". This term | |||
| unnecessarily duplicates the meaning of other, well-established | unnecessarily duplicates the meaning of other, well-established | |||
| terms; this term only mentions integrity, even though the intended | terms; this term only mentions integrity, even though the intended | |||
| service may be data origin authentication; and not every checksum | service may be data origin authentication; and not every checksum | |||
| is cryptographically protected. | is cryptographically protected. | |||
| $ integrity label | $ integrity label | |||
| (I) A security label that tells the degree of confidence that may | (I) A security label that tells the degree of confidence that may | |||
| be placed in the data, and may also tell what countermeasures are | be placed in the data, and may also tell what countermeasures are | |||
| required to be applied to protect the data against from alteration | required to be applied to protect the data against from alteration | |||
| skipping to change at page 143, line 48 ¶ | skipping to change at page 143, line 55 ¶ | |||
| system and that contains the data but was not intended to | system and that contains the data but was not intended to | |||
| communicate the data. (See: emanation.) | communicate the data. (See: emanation.) | |||
| $ interference | $ interference | |||
| (I) /threat action/ See: secondary definition under "obstruction". | (I) /threat action/ See: secondary definition under "obstruction". | |||
| $ intermediate CA | $ intermediate CA | |||
| (D) The CA that issues a cross-certificate to another CA. [X509] | (D) The CA that issues a cross-certificate to another CA. [X509] | |||
| (See: cross-certification.) | (See: cross-certification.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term because it is not | Deprecated Term: IDOCs SHOULD NOT use this term because it is not | |||
| widely known and mixes concepts in a potentially misleading way. | widely known and mixes concepts in a potentially misleading way. | |||
| For example, suppose that end entity 1 ("EE1) is in one PKI | For example, suppose that end entity 1 ("EE1) is in one PKI | |||
| ("PKI1"), end entity 2 ("EE2) is in another PKI ("PKI2"), and the | ("PKI1"), end entity 2 ("EE2) is in another PKI ("PKI2"), and the | |||
| root in PKI1 ("CA1") cross-certifies the root CA in PKI2 ("CA2"). | root in PKI1 ("CA1") cross-certifies the root CA in PKI2 ("CA2"). | |||
| Then if EE1 constructs the certification path CA1-to-CA2-to-EE2 to | Then if EE1 constructs the certification path CA1-to-CA2-to-EE2 to | |||
| validate a certificate of EE2, conventional English usage would | validate a certificate of EE2, conventional English usage would | |||
| describe CA2 as being in the "intermediate" position in that path, | describe CA2 as being in the "intermediate" position in that path, | |||
| not CA1. | not CA1. | |||
| $ internal controls | $ internal controls | |||
| skipping to change at page 144, line 37 ¶ | skipping to change at page 144, line 44 ¶ | |||
| $ internet, Internet | $ internet, Internet | |||
| 1. (I) /not capitalized/ Abbreviation of "internetwork". | 1. (I) /not capitalized/ Abbreviation of "internetwork". | |||
| 2. (I) /capitalized/ The Internet is the single, interconnected, | 2. (I) /capitalized/ The Internet is the single, interconnected, | |||
| worldwide system of commercial, government, educational, and other | worldwide system of commercial, government, educational, and other | |||
| computer networks that share (a) the protocol suite specified by | computer networks that share (a) the protocol suite specified by | |||
| the IAB (RFC 2026) and (b) the name and address spaces managed by | the IAB (RFC 2026) and (b) the name and address spaces managed by | |||
| the ICANN. (See: Internet Layer, Internet Protocol Suite.) | the ICANN. (See: Internet Layer, Internet Protocol Suite.) | |||
| Usage: Use with definite article "the" when using as a noun. E.g., | Usage: Use with definite article ("the") when using as a noun. For | |||
| say "My LAN is small, but the Internet is large." Don't say "My | example, say "My LAN is small, but the Internet is large." Don't | |||
| LAN is small, but Internet is large." | say "My LAN is small, but Internet is large." | |||
| $ Internet Architecture Board (IAB) | $ Internet Architecture Board (IAB) | |||
| (I) A technical advisory group of the ISOC, chartered by the ISOC | (I) A technical advisory group of the ISOC, chartered by the ISOC | |||
| Trustees to provide oversight of Internet architecture and | Trustees to provide oversight of Internet architecture and | |||
| protocols and, in the context of Internet Standards, a body to | protocols and, in the context of Internet Standards, a body to | |||
| which decisions of the IESG may be appealed. Responsible for | which decisions of the IESG may be appealed. Responsible for | |||
| approving appointments to the IESG from among nominees submitted | approving appointments to the IESG from among nominees submitted | |||
| by the IETF nominating committee. (RFC 2026) | by the IETF nominating committee. (RFC 2026) | |||
| $ Internet Assigned Numbers Authority (IANA) | $ Internet Assigned Numbers Authority (IANA) | |||
| skipping to change at page 146, line 16 ¶ | skipping to change at page 146, line 22 ¶ | |||
| chairs the IESG. (RFC 2026) | chairs the IESG. (RFC 2026) | |||
| $ Internet Engineering Task Force (IETF) | $ Internet Engineering Task Force (IETF) | |||
| (I) A self-organized group of people who make contributions to the | (I) A self-organized group of people who make contributions to the | |||
| development of Internet technology. The principal body engaged in | development of Internet technology. The principal body engaged in | |||
| developing Internet Standards, although not itself a part of the | developing Internet Standards, although not itself a part of the | |||
| ISOC. Composed of Working Groups, which are arranged into Areas | ISOC. Composed of Working Groups, which are arranged into Areas | |||
| (such as the Security Area), each coordinated by one or more Area | (such as the Security Area), each coordinated by one or more Area | |||
| Directors. Nominations to the IAB and the IESG are made by a | Directors. Nominations to the IAB and the IESG are made by a | |||
| committee selected at random from regular IETF meeting attendees | committee selected at random from regular IETF meeting attendees | |||
| who have volunteered. (RFC 2026) [RFC 2323] | who have volunteered. (RFCs 2026, 3935) [R2323] | |||
| $ Internet Key Exchange (IKE) | $ Internet Key Exchange (IKE) | |||
| (I) An Internet, IPsec, key-establishment protocol [R4306] for | (I) An Internet, IPsec, key-establishment protocol [R4306] for | |||
| putting in place authenticated keying material (a) for use with | putting in place authenticated keying material (a) for use with | |||
| ISAKMP and (b) for other security associations, such as in AH and | ISAKMP and (b) for other security associations, such as in AH and | |||
| ESP. | ESP. | |||
| Tutorial: IKE is based on three earlier protocol designs: ISAKMP, | Tutorial: IKE is based on three earlier protocol designs: ISAKMP, | |||
| OAKLEY, and SKEME. | OAKLEY, and SKEME. | |||
| skipping to change at page 146, line 41 ¶ | skipping to change at page 146, line 47 ¶ | |||
| (I) An Internet protocol (RFC 2060) by which a client workstation | (I) An Internet protocol (RFC 2060) by which a client workstation | |||
| can dynamically access a mailbox on a server host to manipulate | can dynamically access a mailbox on a server host to manipulate | |||
| and retrieve mail messages that the server has received and is | and retrieve mail messages that the server has received and is | |||
| holding for the client. (See: POP3.) | holding for the client. (See: POP3.) | |||
| Tutorial: IMAP4 has mechanisms for optionally authenticating a | Tutorial: IMAP4 has mechanisms for optionally authenticating a | |||
| client to a server and providing other security services. (See: | client to a server and providing other security services. (See: | |||
| IMAP4 AUTHENTICATE.) | IMAP4 AUTHENTICATE.) | |||
| $ Internet Open Trading Protocol (IOTP) | $ Internet Open Trading Protocol (IOTP) | |||
| (I) An Internet protocol (RFC 2801) proposed as a general | (I) An Internet protocol [R2801] proposed as a general framework | |||
| framework for Internet commerce, able to encapsulate transactions | for Internet commerce, able to encapsulate transactions of various | |||
| of various proprietary payment systems (e.g., GeldKarte, Mondex, | proprietary payment systems (e.g., GeldKarte, Mondex, SET, Visa | |||
| SET, Visa Cash). Provides optional security services by | Cash). Provides optional security services by incorporating | |||
| incorporating various Internet security mechanisms (e.g., MD5) and | various Internet security mechanisms (e.g., MD5) and protocols | |||
| protocols (e.g., TLS). | (e.g., TLS). | |||
| $ Internet Policy Registration Authority (IPRA) | $ Internet Policy Registration Authority (IPRA) | |||
| (I) An X.509-compliant CA that is the top CA of the Internet | (I) An X.509-compliant CA that is the top CA of the Internet | |||
| certification hierarchy operated under the auspices of the ISOC | certification hierarchy operated under the auspices of the ISOC | |||
| [R1422]. (See: /PEM/ under "certification hierarchy".) | [R1422]. (See: /PEM/ under "certification hierarchy".) | |||
| $ Internet Private Line Interface (IPLI) | $ Internet Private Line Interface (IPLI) | |||
| (O) A successor to the PLI, updated to use TCP/IP and newer | (O) A successor to the PLI, updated to use TCP/IP and newer | |||
| military-grade COMSEC equipment (TSEC/KG-84). The IPLI was a | military-grade COMSEC equipment (TSEC/KG-84). The IPLI was a | |||
| portable, modular system that was developed for use in tactical, | portable, modular system that was developed for use in tactical, | |||
| skipping to change at page 147, line 33 ¶ | skipping to change at page 147, line 39 ¶ | |||
| protocols used there, such as AH and ESP, are just IP variations. | protocols used there, such as AH and ESP, are just IP variations. | |||
| $ Internet Protocol security | $ Internet Protocol security | |||
| See: IP Security Protocol. | See: IP Security Protocol. | |||
| $ Internet Protocol Security Option (IPSO) | $ Internet Protocol Security Option (IPSO) | |||
| (I) Refers to one of three types of IP security options, which are | (I) Refers to one of three types of IP security options, which are | |||
| fields that may be added to an IP datagram for carrying security | fields that may be added to an IP datagram for carrying security | |||
| information about the datagram. (Compare: IPsec.) | information about the datagram. (Compare: IPsec.) | |||
| Deprecated Usage: ISDs SHOULD NOT use this term without a modifier | Deprecated Usage: IDOCs SHOULD NOT use this term without a | |||
| to indicate which of the following three types is meant: | modifier to indicate which of the following three types is meant: | |||
| - "DoD Basic Security Option" (IP option type 130): Defined for | - "DoD Basic Security Option" (IP option type 130): Defined for | |||
| use on U.S. DoD common-use data networks. Identifies the DoD | use on U.S. DoD common-use data networks. Identifies the DoD | |||
| classification level at which the datagram is to be protected | classification level at which the datagram is to be protected | |||
| and the protection authorities whose rules apply to the | and the protection authorities whose rules apply to the | |||
| datagram. (A "protection authority" is a National Access | datagram. (A "protection authority" is a National Access | |||
| Program (e.g., GENSER, SIOP-ESI, SCI, NSA, Department of | Program (e.g., GENSER, SIOP-ESI, SCI, NSA, Department of | |||
| Energy) or Special Access Program that specifies protection | Energy) or Special Access Program that specifies protection | |||
| rules for transmission and processing of the information | rules for transmission and processing of the information | |||
| contained in the datagram.) [R1108] | contained in the datagram.) [R1108] | |||
| - "DoD Extended Security Option" (IP option type 133): Permits | - "DoD Extended Security Option" (IP option type 133): Permits | |||
| skipping to change at page 148, line 52 ¶ | skipping to change at page 149, line 6 ¶ | |||
| |2.Data Link | +-------------+ | |2.Data Link | +-------------+ | |||
| | | LLC [I8802-2] - Network - The IPS does | | | LLC [I8802-2] - Network - The IPS does | |||
| | | MAC [I8802-3] - Hardware - not include | | | MAC [I8802-3] - Hardware - not include | |||
| +----------------+ - (or Network - standards for | +----------------+ - (or Network - standards for | |||
| |1.Physical | Baseband - Substrate) - this layer. | |1.Physical | Baseband - Substrate) - this layer. | |||
| +----------------+ Signaling [Stal] + - - - - - - + | +----------------+ Signaling [Stal] + - - - - - - + | |||
| The diagram approximates how the five IPS layers align with the | The diagram approximates how the five IPS layers align with the | |||
| seven OSIRM layers, and it offers examples of protocol stacks that | seven OSIRM layers, and it offers examples of protocol stacks that | |||
| provide roughly equivalent electronic mail service over a private | provide roughly equivalent electronic mail service over a private | |||
| local area network that uses baseband signaling. | LAN that uses baseband signaling. | |||
| - IPS Application Layer: The user runs an application program. | - IPS Application Layer: The user runs an application program. | |||
| The program selects the data transport service it needs -- | The program selects the data transport service it needs -- | |||
| either a sequence of data messages or a continuous stream of | either a sequence of data messages or a continuous stream of | |||
| data -- and hands application data to the Transport Layer for | data -- and hands application data to the Transport Layer for | |||
| delivery. | delivery. | |||
| - IPS Transport Layer: This layer divides application data into | - IPS Transport Layer: This layer divides application data into | |||
| packets, adds a destination address to each, and communicates | packets, adds a destination address to each, and communicates | |||
| them end-to-end -- from one application program to another -- | them end-to-end -- from one application program to another -- | |||
| skipping to change at page 151, line 17 ¶ | skipping to change at page 151, line 23 ¶ | |||
| Internet. (RFC 2026) (Compare: RFC.) | Internet. (RFC 2026) (Compare: RFC.) | |||
| Tutorial: The "Internet Standards Process" is an activity of the | Tutorial: The "Internet Standards Process" is an activity of the | |||
| ISOC and is organized and managed by the IAB and the IESG. The | ISOC and is organized and managed by the IAB and the IESG. The | |||
| process is concerned with all protocols, procedures, and | process is concerned with all protocols, procedures, and | |||
| conventions used in or by the Internet, whether or not they are | conventions used in or by the Internet, whether or not they are | |||
| part of the IPS. The "Internet Standards Track" has three levels | part of the IPS. The "Internet Standards Track" has three levels | |||
| of increasing maturity: Proposed Standard, Draft Standard, and | of increasing maturity: Proposed Standard, Draft Standard, and | |||
| Standard. (Compare: ISO, W3C.) | Standard. (Compare: ISO, W3C.) | |||
| $ Internet Standards document (ISD) | ||||
| (I) An RFC or an Internet-Draft that is produced as part of the | ||||
| Internet Standards Process (RFC 2026). (See: Internet Standard.) | ||||
| Deprecated Usage: ISDs that use this term SHOULD state a | ||||
| definition for it because neither the term nor the abbreviation is | ||||
| widely accepted. | ||||
| $ internetwork | $ internetwork | |||
| (I) A system of interconnected networks; a network of networks. | (I) A system of interconnected networks; a network of networks. | |||
| Usually shortened to "internet". (See: internet, Internet.) | Usually shortened to "internet". (See: internet, Internet.) | |||
| Tutorial: An internet can be built using OSIRM Layer 3 gateways to | Tutorial: An internet can be built using OSIRM Layer 3 gateways to | |||
| implement connections between a set of similar subnetworks. With | implement connections between a set of similar subnetworks. With | |||
| dissimilar subnetworks, i.e., subnetworks that differ in the Layer | dissimilar subnetworks, i.e., subnetworks that differ in the Layer | |||
| 3 protocol service they offer, an internet can be built by | 3 protocol service they offer, an internet can be built by | |||
| implementing a uniform internetwork protocol (e.g., IP) that | implementing a uniform internetwork protocol (e.g., IP) that | |||
| operates at the top of Layer 3 and hides the underlying | operates at the top of Layer 3 and hides the underlying | |||
| skipping to change at page 153, line 45 ¶ | skipping to change at page 153, line 43 ¶ | |||
| $ IP Security Protocol (IPsec) | $ IP Security Protocol (IPsec) | |||
| 1a. (I) The name of the IETF working group that is specifying an | 1a. (I) The name of the IETF working group that is specifying an | |||
| architecture [R2401] and set of protocols to provide security | architecture [R2401] and set of protocols to provide security | |||
| services for IP traffic. (See: AH, ESP, IKE, SAD, SPD. Compare: | services for IP traffic. (See: AH, ESP, IKE, SAD, SPD. Compare: | |||
| IPSO.) | IPSO.) | |||
| 1b. (I) A collective name for the IP security architecture [R2401] | 1b. (I) A collective name for the IP security architecture [R2401] | |||
| and associated set of protocols (primarily AH, ESP, and IKE). | and associated set of protocols (primarily AH, ESP, and IKE). | |||
| Usage: In ISDs that use the abbreviation "IPsec", the letters "IP" | Usage: In IDOCs that use the abbreviation "IPsec", the letters | |||
| SHOULD be in upper case, and the letters "sec" SHOULD NOT. | "IP" SHOULD be in upper case, and the letters "sec" SHOULD NOT. | |||
| Tutorial: The security services provided by IPsec include access | Tutorial: The security services provided by IPsec include access | |||
| control service, connectionless data integrity service, data | control service, connectionless data integrity service, data | |||
| origin authentication service, protection against replays | origin authentication service, protection against replays | |||
| (detection of the arrival of duplicate datagrams, within a | (detection of the arrival of duplicate datagrams, within a | |||
| constrained window), data confidentiality service, and limited | constrained window), data confidentiality service, and limited | |||
| traffic-flow confidentiality. IPsec specifies (a) security | traffic-flow confidentiality. IPsec specifies (a) security | |||
| protocols (AH and ESP), (b) security associations (what they are, | protocols (AH and ESP), (b) security associations (what they are, | |||
| how they work, how they are managed, and associated processing), | how they work, how they are managed, and associated processing), | |||
| (c) key management (IKE), and (d) algorithms for authentication | (c) key management (IKE), and (d) algorithms for authentication | |||
| skipping to change at page 154, line 28 ¶ | skipping to change at page 154, line 26 ¶ | |||
| $ IPsec | $ IPsec | |||
| (I) See: IP Security Protocol. | (I) See: IP Security Protocol. | |||
| $ IPSO | $ IPSO | |||
| (I) See: Internet Protocol Security Option. | (I) See: Internet Protocol Security Option. | |||
| $ ISAKMP | $ ISAKMP | |||
| (I) See: Internet Security Association and Key Management | (I) See: Internet Security Association and Key Management | |||
| Protocol. | Protocol. | |||
| $ ISD | ||||
| (I) See: Internet Standards document. | ||||
| $ ISO | $ ISO | |||
| (I) International Organization for Standardization, a voluntary, | (I) International Organization for Standardization, a voluntary, | |||
| non-treaty, non-government organization, established in 1947, with | non-treaty, non-government organization, established in 1947, with | |||
| voting members that are designated standards bodies of | voting members that are designated standards bodies of | |||
| participating nations and non-voting observer organizations. | participating nations and non-voting observer organizations. | |||
| (Compare: ANSI, IETF, ITU-T, W3C.) | (Compare: ANSI, IETF, ITU-T, W3C.) | |||
| Tutorial: Legally, ISO is a Swiss, non-profit, private | Tutorial: Legally, ISO is a Swiss, non-profit, private | |||
| organization. ISO and the IEC (the International Electrotechnical | organization. ISO and the IEC (the International Electrotechnical | |||
| Commission) form the specialized system for worldwide | Commission) form the specialized system for worldwide | |||
| skipping to change at page 157, line 6 ¶ | skipping to change at page 156, line 53 ¶ | |||
| Tutorial: Kerberos was originally developed by Project Athena and | Tutorial: Kerberos was originally developed by Project Athena and | |||
| is named for the mythical three-headed dog that guards Hades. The | is named for the mythical three-headed dog that guards Hades. The | |||
| system architecture includes authentication servers and ticket- | system architecture includes authentication servers and ticket- | |||
| granting servers that function as an ACC and a KDC. | granting servers that function as an ACC and a KDC. | |||
| RFC 4556 describes extensions to the Kerberos specification that | RFC 4556 describes extensions to the Kerberos specification that | |||
| modify the initial authentication exchange between a client and | modify the initial authentication exchange between a client and | |||
| the KDC. The extensions employ public-key cryptography to enable | the KDC. The extensions employ public-key cryptography to enable | |||
| the client and KDC to mutually authenticate and establish shared, | the client and KDC to mutually authenticate and establish shared, | |||
| symmetric keys that are used to complete the exchange. (See: | symmetric keys that are used to complete the exchange. (See: | |||
| PKINT.) | PKINIT.) | |||
| $ kernel | $ kernel | |||
| (I) A small, trusted part of a system that provides services on | (I) A small, trusted part of a system that provides services on | |||
| which the other parts of the system depend. (See: security | which the other parts of the system depend. (See: security | |||
| kernel.) | kernel.) | |||
| $ Kernelized Secure Operating System (KSOS) | $ Kernelized Secure Operating System (KSOS) | |||
| (O) An MLS computer operating system, designed to be a provably | (O) An MLS computer operating system, designed to be a provably | |||
| secure replacement for UNIX Version 6, and consisting of a | secure replacement for UNIX Version 6, and consisting of a | |||
| security kernel, non-kernel security-related utility programs, and | security kernel, non-kernel security-related utility programs, and | |||
| skipping to change at page 158, line 29 ¶ | skipping to change at page 158, line 25 ¶ | |||
| $ key authentication | $ key authentication | |||
| (N) "The assurance of the legitimate participants in a key | (N) "The assurance of the legitimate participants in a key | |||
| agreement [i.e., in a key-agreement protocol] that no non- | agreement [i.e., in a key-agreement protocol] that no non- | |||
| legitimate party possesses the shared symmetric key." [A9042] | legitimate party possesses the shared symmetric key." [A9042] | |||
| $ key-auto-key (KAK) | $ key-auto-key (KAK) | |||
| (D) "Cryptographic logic [i.e., a mode of operation] using | (D) "Cryptographic logic [i.e., a mode of operation] using | |||
| previous key to produce key." [C4009, A1523] (See: CTAK, | previous key to produce key." [C4009, A1523] (See: CTAK, | |||
| /cryptographic operation/ under "mode".) | /cryptographic operation/ under "mode".) | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it is neither | Deprecated Term: IDOCs SHOULD NOT use this term; it is neither | |||
| well-known nor precisely defined. Instead, use terms associated | well-known nor precisely defined. Instead, use terms associated | |||
| with modes that are defined in standards, such as CBC, CFB, and | with modes that are defined in standards, such as CBC, CFB, and | |||
| OFB. | OFB. | |||
| $ key center | $ key center | |||
| (I) A centralized, key-distribution process (used in symmetric | (I) A centralized, key-distribution process (used in symmetric | |||
| cryptography), usually a separate computer system, that uses | cryptography), usually a separate computer system, that uses | |||
| master keys (i.e., KEKs) to encrypt and distribute session keys | master keys (i.e., KEKs) to encrypt and distribute session keys | |||
| needed by a community of users. | needed by a community of users. | |||
| skipping to change at page 160, line 44 ¶ | skipping to change at page 160, line 40 ¶ | |||
| key with (b) a bit string representation of the plaintext). | key with (b) a bit string representation of the plaintext). | |||
| $ key length | $ key length | |||
| (I) The number of symbols (usually stated as a number of bits) | (I) The number of symbols (usually stated as a number of bits) | |||
| needed to be able to represent any of the possible values of a | needed to be able to represent any of the possible values of a | |||
| cryptographic key. (See: key space.) | cryptographic key. (See: key space.) | |||
| $ key lifetime | $ key lifetime | |||
| 1. (D) Synonym for "cryptoperiod". | 1. (D) Synonym for "cryptoperiod". | |||
| Deprecated Definition: ISDs SHOULD NOT use this term with | Deprecated Definition: IDOCs SHOULD NOT use this term with | |||
| definition 1 because a key's cryptoperiod may be only a part of | definition 1 because a key's cryptoperiod may be only a part of | |||
| the key's lifetime. A key could be generated at some time prior to | the key's lifetime. A key could be generated at some time prior to | |||
| when its cryptoperiod begins and might not be destroyed (i.e., | when its cryptoperiod begins and might not be destroyed (i.e., | |||
| zeroized) until some time after its cryptoperiod ends. | zeroized) until some time after its cryptoperiod ends. | |||
| 2. (O) /MISSI/ An attribute of a MISSI key pair that specifies a | 2. (O) /MISSI/ An attribute of a MISSI key pair that specifies a | |||
| time span that bounds the validity period of any MISSI X.509 | time span that bounds the validity period of any MISSI X.509 | |||
| public-key certificate that contains the public component of the | public-key certificate that contains the public component of the | |||
| pair. (See: cryptoperiod.) | pair. (See: cryptoperiod.) | |||
| skipping to change at page 161, line 47 ¶ | skipping to change at page 161, line 41 ¶ | |||
| policy." [I7498-2] | policy." [I7498-2] | |||
| $ Key Management Protocol (KMP) | $ Key Management Protocol (KMP) | |||
| (N) A protocol to establish a shared symmetric key between a pair | (N) A protocol to establish a shared symmetric key between a pair | |||
| (or a group) of users. (One version of KMP was developed by SDNS, | (or a group) of users. (One version of KMP was developed by SDNS, | |||
| and another by SILS.) Superseded by ISAKMP and IKE. | and another by SILS.) Superseded by ISAKMP and IKE. | |||
| $ key material | $ key material | |||
| (D) Synonym for "keying material". | (D) Synonym for "keying material". | |||
| Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for | Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for | |||
| "keying material". | "keying material". | |||
| $ key pair | $ key pair | |||
| (I) A set of mathematically related keys -- a public key and a | (I) A set of mathematically related keys -- a public key and a | |||
| private key -- that are used for asymmetric cryptography and are | private key -- that are used for asymmetric cryptography and are | |||
| generated in a way that makes it computationally infeasible to | generated in a way that makes it computationally infeasible to | |||
| derive the private key from knowledge of the public key. (See: | derive the private key from knowledge of the public key. (See: | |||
| Diffie-Hellman-Merkle, RSA.) | Diffie-Hellman-Merkle, RSA.) | |||
| Tutorial: A key pair's owner discloses the public key to other | Tutorial: A key pair's owner discloses the public key to other | |||
| system entities so they can use the key to (a) encrypt data, (b) | system entities so they can use the key to (a) encrypt data, (b) | |||
| verify a digital signature, or (c) generate a key with a key- | verify a digital signature, or (c) generate a key with a key- | |||
| agreement algorithm. The matching private key is kept secret by | agreement algorithm. The matching private key is kept secret by | |||
| the owner, who uses it to (a') decrypt data, (b') generate a | the owner, who uses it to (a') decrypt data, (b') generate a | |||
| digital signature, or (c') generate a key with a key-agreement | digital signature, or (c') generate a key with a key-agreement | |||
| algorithm. | algorithm. | |||
| $ key recovery | $ key recovery | |||
| 1. (I) /cryptanalysis/ A process for learning the value of a | 1. (I) /cryptanalysis/ A process for learning the value of a | |||
| skipping to change at page 163, line 31 ¶ | skipping to change at page 163, line 28 ¶ | |||
| produce a new key. [C4009] | produce a new key. [C4009] | |||
| $ key validation | $ key validation | |||
| 1. (I) "The procedure for the receiver of a public key to check | 1. (I) "The procedure for the receiver of a public key to check | |||
| that the key conforms to the arithmetic requirements for such a | that the key conforms to the arithmetic requirements for such a | |||
| key in order to thwart certain types of attacks." [A9042] (See: | key in order to thwart certain types of attacks." [A9042] (See: | |||
| weak key) | weak key) | |||
| 2. (D) Synonym for "certificate validation". | 2. (D) Synonym for "certificate validation". | |||
| Deprecated Usage: ISDs SHOULD NOT use the term as a synonym for | Deprecated Usage: IDOCs SHOULD NOT use the term as a synonym for | |||
| "certificate validation"; that would unnecessarily duplicate the | "certificate validation"; that would unnecessarily duplicate the | |||
| meaning of the latter term and mix concepts in a potentially | meaning of the latter term and mix concepts in a potentially | |||
| misleading way. In validating an X.509 public-key certificate, the | misleading way. In validating an X.509 public-key certificate, the | |||
| public key contained in the certificate is normally treated as an | public key contained in the certificate is normally treated as an | |||
| opaque data object. | opaque data object. | |||
| $ keyed hash | $ keyed hash | |||
| (I) A cryptographic hash (e.g., [R1828]) in which the mapping to a | (I) A cryptographic hash (e.g., [R1828]) in which the mapping to a | |||
| hash result is varied by a second input parameter that is a | hash result is varied by a second input parameter that is a | |||
| cryptographic key. (See: checksum.) | cryptographic key. (See: checksum.) | |||
| skipping to change at page 165, line 20 ¶ | skipping to change at page 165, line 14 ¶ | |||
| $ label | $ label | |||
| See: time stamp, security label. | See: time stamp, security label. | |||
| $ laboratory attack | $ laboratory attack | |||
| (O) "Use of sophisticated signal recovery equipment in a | (O) "Use of sophisticated signal recovery equipment in a | |||
| laboratory environment to recover information from data storage | laboratory environment to recover information from data storage | |||
| media." [C4009] | media." [C4009] | |||
| $ LAN | $ LAN | |||
| (I) local area network. | (I) Abbreviation for "local area network" [R1983]. (See: [FP191].) | |||
| $ land attack | $ land attack | |||
| (I) A denial-of-service attack that sends an IP packet that (a) | (I) A denial-of-service attack that sends an IP packet that (a) | |||
| has the same address in both the Source Address and Destination | has the same address in both the Source Address and Destination | |||
| Address fields and (b) contains a TCP SYN packet that has the same | Address fields and (b) contains a TCP SYN packet that has the same | |||
| port number in both the Source Port and Destination Port fields. | port number in both the Source Port and Destination Port fields. | |||
| Derivation: This single-packet attack was named for "land", the | Derivation: This single-packet attack was named for "land", the | |||
| program originally published by the cracker who invented this | program originally published by the cracker who invented this | |||
| exploit. Perhaps that name was chosen because the inventor thought | exploit. Perhaps that name was chosen because the inventor thought | |||
| of multi-packet (i.e., flooding) attacks as arriving by "sea". | of multi-packet (i.e., flooding) attacks as arriving by sea. | |||
| $ Language of Temporal Ordering Specification (LOTOS) | $ Language of Temporal Ordering Specification (LOTOS) | |||
| (N) A language (ISO 8807-1990) for formal specification of | (N) A language (ISO 8807-1990) for formal specification of | |||
| computer network protocols; describes the order in which events | computer network protocols; describes the order in which events | |||
| occur. | occur. | |||
| $ lattice | $ lattice | |||
| (I) A finite set together with a partial ordering on its elements | (I) A finite set together with a partial ordering on its elements | |||
| such that for every pair of elements there is a least upper bound | such that for every pair of elements there is a least upper bound | |||
| and a greatest lower bound. | and a greatest lower bound. | |||
| Example: A lattice is formed by a finite set S of security levels | Example: A lattice is formed by a finite set S of security levels | |||
| -- i.e., a set S of all ordered pairs (x,c), where x is one of a | -- i.e., a set S of all ordered pairs (x,c), where x is one of a | |||
| finite set X of hierarchically ordered classification levels X(1), | finite set X of hierarchically ordered classification levels X(1), | |||
| non-hierarchical categories C(1), ..., C(M) -- together with the | non-hierarchical categories C(1), ..., C(M) -- together with the | |||
| "dominate" relation. Security level (x,c) is said to "dominate" | "dominate" relation. Security level (x,c) is said to "dominate" | |||
| (x',c') if and only if (a) x is greater (higher) than or equal to | (x',c') if and only if (a) x is greater (higher) than or equal to | |||
| x' and (b) c includes at least all of the elements of c'. (See: | x' and (b) c includes at least all of the elements of c'. (See: | |||
| dominate, lattice model.) | dominate, lattice model.) | |||
| Tutorial: Lattices are used in some branches of cryptography, both | ||||
| as a basis for hard computational problems upon which | ||||
| cryptographic algorithms can be defined, and also as a basis for | ||||
| attacks on cryptographic algorithms. | ||||
| $ lattice model | $ lattice model | |||
| 1. (I) A description of the semantic structure formed by a finite | 1. (I) A description of the semantic structure formed by a finite | |||
| set of security levels, such as those used in military | set of security levels, such as those used in military | |||
| organizations. (See: dominate, lattice, security model.) | organizations. (See: dominate, lattice, security model.) | |||
| 2. (I) /formal model/ A model for flow control in a system, based | 2. (I) /formal model/ A model for flow control in a system, based | |||
| on the lattice that is formed by the finite security levels in a | on the lattice that is formed by the finite security levels in a | |||
| system and their partial ordering. [Denn] | system and their partial ordering. [Denn] | |||
| $ Law Enforcement Access Field (LEAF) | $ Law Enforcement Access Field (LEAF) | |||
| (N) A data item that is automatically embedded in data encrypted | (N) A data item that is automatically embedded in data encrypted | |||
| skipping to change at page 167, line 37 ¶ | skipping to change at page 167, line 37 ¶ | |||
| 2. (I) /COMSEC/ The initial part, i.e., the first communication | 2. (I) /COMSEC/ The initial part, i.e., the first communication | |||
| step or steps, of a protocol that is vulnerable to attack | step or steps, of a protocol that is vulnerable to attack | |||
| (especially a man-in-the-middle attack) during that part but, if | (especially a man-in-the-middle attack) during that part but, if | |||
| that part is completed without being attacked, is subsequently not | that part is completed without being attacked, is subsequently not | |||
| vulnerable in later steps (i.e., results in a secure communication | vulnerable in later steps (i.e., results in a secure communication | |||
| association for which no man-in-the-middle attack is possible). | association for which no man-in-the-middle attack is possible). | |||
| Usage: This term is listed in English dictionaries, but their | Usage: This term is listed in English dictionaries, but their | |||
| definitions are broad and can be interpreted in many ways in | definitions are broad and can be interpreted in many ways in | |||
| Internet contexts. Similarly, the definition stated here can be | Internet contexts. Similarly, the definition stated here can be | |||
| interpreted in several ways. Therefore, ISDs that use this term | interpreted in several ways. Therefore, IDOCs that use this term | |||
| (especially ISDs that are protocol specifications) SHOULD state a | (especially IDOCs that are protocol specifications) SHOULD state a | |||
| more specific definition for it. | more specific definition for it. | |||
| Tutorial: In a protocol, a leap of faith typically consists of | Tutorial: In a protocol, a leap of faith typically consists of | |||
| accepting a claim of peer identity, data origin, or data integrity | accepting a claim of peer identity, data origin, or data integrity | |||
| without authenticating that claim. When a protocol includes such a | without authenticating that claim. When a protocol includes such a | |||
| step, the protocol might also be designed so that if a man-in-the- | step, the protocol might also be designed so that if a man-in-the- | |||
| middle attack succeeds during the vulnerable first part, then the | middle attack succeeds during the vulnerable first part, then the | |||
| attacker must remain in the middle for all subsequent exchanges or | attacker must remain in the middle for all subsequent exchanges or | |||
| else one of the legitimate parties will be able to detect the | else one of the legitimate parties will be able to detect the | |||
| attack. | attack. | |||
| skipping to change at page 169, line 52 ¶ | skipping to change at page 169, line 52 ¶ | |||
| $ low probability of intercept | $ low probability of intercept | |||
| (I) Result of TRANSEC measures used to prevent interception of a | (I) Result of TRANSEC measures used to prevent interception of a | |||
| communication. | communication. | |||
| $ LOTOS | $ LOTOS | |||
| (N) See: Language of Temporal Ordering Specification. | (N) See: Language of Temporal Ordering Specification. | |||
| $ MAC | $ MAC | |||
| (N) See: mandatory access control, Message Authentication Code. | (N) See: mandatory access control, Message Authentication Code. | |||
| Deprecated Usage: ISDs that use this term SHOULD state a | Deprecated Usage: IDOCs that use this term SHOULD state a | |||
| definition for it because this abbreviation is ambiguous. | definition for it because this abbreviation is ambiguous. | |||
| $ magnetic remanence | $ magnetic remanence | |||
| (N) Magnetic representation of residual information remaining on a | (N) Magnetic representation of residual information remaining on a | |||
| magnetic medium after the medium has been cleared. [NCS25] (See: | magnetic medium after the medium has been cleared. [NCS25] (See: | |||
| clear, degauss, purge.) | clear, degauss, purge.) | |||
| $ main mode | $ main mode | |||
| (I) See: /IKE/ under "mode". | (I) See: /IKE/ under "mode". | |||
| skipping to change at page 170, line 29 ¶ | skipping to change at page 170, line 29 ¶ | |||
| $ malicious logic | $ malicious logic | |||
| (I) Hardware, firmware, or software that is intentionally included | (I) Hardware, firmware, or software that is intentionally included | |||
| or inserted in a system for a harmful purpose. (See: logic bomb, | or inserted in a system for a harmful purpose. (See: logic bomb, | |||
| Trojan horse, spyware, virus, worm. Compare: secondary definitions | Trojan horse, spyware, virus, worm. Compare: secondary definitions | |||
| under "corruption", "incapacitation", "masquerade", and "misuse".) | under "corruption", "incapacitation", "masquerade", and "misuse".) | |||
| $ malware | $ malware | |||
| (D) A contraction of "malicious software". (See: malicious logic.) | (D) A contraction of "malicious software". (See: malicious logic.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it is not listed | Deprecated Term: IDOCs SHOULD NOT use this term; it is not listed | |||
| in most dictionaries and could confuse international readers. | in most dictionaries and could confuse international readers. | |||
| $ MAN | $ MAN | |||
| (I) metropolitan area network. | (I) metropolitan area network. | |||
| $ man-in-the-middle attack | $ man-in-the-middle attack | |||
| (I) A form of active wiretapping attack in which the attacker | (I) A form of active wiretapping attack in which the attacker | |||
| intercepts and selectively modifies communicated data to | intercepts and selectively modifies communicated data to | |||
| masquerade as one or more of the entities involved in a | masquerade as one or more of the entities involved in a | |||
| communication association. (See: hijack attack, piggyback attack.) | communication association. (See: hijack attack, piggyback attack.) | |||
| skipping to change at page 171, line 27 ¶ | skipping to change at page 171, line 27 ¶ | |||
| 2. (O) "A means of restricting access to objects based on the | 2. (O) "A means of restricting access to objects based on the | |||
| sensitivity (as represented by a label) of the information | sensitivity (as represented by a label) of the information | |||
| contained in the objects and the formal authorization (i.e., | contained in the objects and the formal authorization (i.e., | |||
| clearance) of subjects to access information of such sensitivity." | clearance) of subjects to access information of such sensitivity." | |||
| [DoD1] | [DoD1] | |||
| $ manipulation detection code | $ manipulation detection code | |||
| (D) Synonym for "checksum". | (D) Synonym for "checksum". | |||
| Deprecated Term: ISDs SHOULD NOT use this term as a synonym for | Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for | |||
| "checksum"; the word "manipulation" implies protection against | "checksum"; the word "manipulation" implies protection against | |||
| active attacks, which an ordinary checksum might not provide. | active attacks, which an ordinary checksum might not provide. | |||
| Instead, if such protection is intended, use "protected checksum" | Instead, if such protection is intended, use "protected checksum" | |||
| or some particular type thereof, depending on which is meant. If | or some particular type thereof, depending on which is meant. If | |||
| such protection is not intended, use "error detection code" or | such protection is not intended, use "error detection code" or | |||
| some specific type of checksum that is not protected. | some specific type of checksum that is not protected. | |||
| $ marking | $ marking | |||
| See: time stamp, security marking. | See: time stamp, security marking. | |||
| skipping to change at page 171, line 49 ¶ | skipping to change at page 171, line 49 ¶ | |||
| (O) A symmetric, 128-bit block cipher with variable key length | (O) A symmetric, 128-bit block cipher with variable key length | |||
| (128 to 448 bits), developed by IBM as a candidate for the AES. | (128 to 448 bits), developed by IBM as a candidate for the AES. | |||
| $ Martian | $ Martian | |||
| (D) /slang/ A packet that arrives unexpectedly at the wrong | (D) /slang/ A packet that arrives unexpectedly at the wrong | |||
| address or on the wrong network because of incorrect routing or | address or on the wrong network because of incorrect routing or | |||
| because it has a non-registered or ill-formed IP address. [R1208] | because it has a non-registered or ill-formed IP address. [R1208] | |||
| Deprecated Term: It is likely that other cultures use different | Deprecated Term: It is likely that other cultures use different | |||
| metaphors for this concept. Therefore, to avoid international | metaphors for this concept. Therefore, to avoid international | |||
| misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated | misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated | |||
| Usage under "Green Book".) | Usage under "Green Book".) | |||
| $ masquerade | $ masquerade | |||
| (I) A type of threat action whereby an unauthorized entity gains | (I) A type of threat action whereby an unauthorized entity gains | |||
| access to a system or performs a malicious act by illegitimately | access to a system or performs a malicious act by illegitimately | |||
| posing as an authorized entity. (See: deception.) | posing as an authorized entity. (See: deception.) | |||
| Usage: This type of threat action includes the following subtypes: | Usage: This type of threat action includes the following subtypes: | |||
| - "Spoof": Attempt by an unauthorized entity to gain access to a | - "Spoof": Attempt by an unauthorized entity to gain access to a | |||
| system by posing as an authorized user. | system by posing as an authorized user. | |||
| - "Malicious logic": In context of masquerade, any hardware, | - "Malicious logic": In context of masquerade, any hardware, | |||
| skipping to change at page 173, line 24 ¶ | skipping to change at page 173, line 24 ¶ | |||
| PKI, trust-file PKI.) | PKI, trust-file PKI.) | |||
| $ Message Authentication Code (MAC), message authentication code | $ Message Authentication Code (MAC), message authentication code | |||
| 1. (N) /capitalized/ A specific ANSI standard for a checksum that | 1. (N) /capitalized/ A specific ANSI standard for a checksum that | |||
| is computed with a keyed hash that is based on DES. [A9009] Usage: | is computed with a keyed hash that is based on DES. [A9009] Usage: | |||
| a.k.a. Data Authentication Code, which is a U.S. Government | a.k.a. Data Authentication Code, which is a U.S. Government | |||
| standard. [FP113] (See: MAC.) | standard. [FP113] (See: MAC.) | |||
| 2. (D) /not capitalized/ Synonym for "error detection code". | 2. (D) /not capitalized/ Synonym for "error detection code". | |||
| Deprecated Term: ISDs SHOULD NOT use the uncapitalized form | Deprecated Term: IDOCs SHOULD NOT use the uncapitalized form | |||
| "message authentication code". Instead, use "checksum", "error | "message authentication code". Instead, use "checksum", "error | |||
| detection code", "hash", "keyed hash", "Message Authentication | detection code", "hash", "keyed hash", "Message Authentication | |||
| Code", or "protected checksum", depending on what is meant. (See: | Code", or "protected checksum", depending on what is meant. (See: | |||
| authentication code.) | authentication code.) | |||
| The uncapitalized form mixes concepts in a potentially misleading | The uncapitalized form mixes concepts in a potentially misleading | |||
| way. The word "message" is misleading because it implies that the | way. The word "message" is misleading because it implies that the | |||
| mechanism is particularly suitable for or limited to electronic | mechanism is particularly suitable for or limited to electronic | |||
| mail (see: Message Handling Systems). The word "authentication" is | mail (see: Message Handling Systems). The word "authentication" is | |||
| misleading because the mechanism primarily serves a data integrity | misleading because the mechanism primarily serves a data integrity | |||
| function rather than an authentication function. The word "code" | function rather than an authentication function. The word "code" | |||
| is misleading because it implies that either encoding or | is misleading because it implies that either encoding or | |||
| encryption is involved or that the term refers to computer | encryption is involved or that the term refers to computer | |||
| software. | software. | |||
| $ message digest | $ message digest | |||
| (D) Synonym for "hash result". (See: cryptographic hash.) | (D) Synonym for "hash result". (See: cryptographic hash.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term as a synonym for | Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for | |||
| "hash result"; this term unnecessarily duplicates the meaning of | "hash result"; this term unnecessarily duplicates the meaning of | |||
| the other, more general term and mixes concepts in a potentially | the other, more general term and mixes concepts in a potentially | |||
| misleading way. The word "message" is misleading because it | misleading way. The word "message" is misleading because it | |||
| implies that the mechanism is particularly suitable for or limited | implies that the mechanism is particularly suitable for or limited | |||
| to electronic mail (see: Message Handling Systems). | to electronic mail (see: Message Handling Systems). | |||
| $ message handling system | $ message handling system | |||
| (D) Synonym for the Internet electronic mail system. | (D) Synonym for the Internet electronic mail system. | |||
| Deprecated Term: ISDs SHOULD NOT use this term, because it could | Deprecated Term: IDOCs SHOULD NOT use this term, because it could | |||
| be confused with Message Handling System. Instead, use "Internet | be confused with Message Handling System. Instead, use "Internet | |||
| electronic mail" or some other, more specific term. | electronic mail" or some other, more specific term. | |||
| $ Message Handling System | $ Message Handling System | |||
| (O) A ITU-T system concept that encompasses the notion of | (O) A ITU-T system concept that encompasses the notion of | |||
| electronic mail but defines more comprehensive OSI systems and | electronic mail but defines more comprehensive OSI systems and | |||
| services that enable users to exchange messages on a store-and- | services that enable users to exchange messages on a store-and- | |||
| forward basis. (The ISO equivalent is "Message Oriented Text | forward basis. (The ISO equivalent is "Message Oriented Text | |||
| Interchange System".) (See: X.400.) | Interchange System".) (See: X.400.) | |||
| $ message indicator | $ message indicator | |||
| 1. (D) /cryptographic function/ Synonym for "initialization | 1. (D) /cryptographic function/ Synonym for "initialization | |||
| value". (Compare: indicator.) | value". (Compare: indicator.) | |||
| 2. (D) "Sequence of bits transmitted over a communications system | 2. (D) "Sequence of bits transmitted over a communications system | |||
| for synchronizing cryptographic equipment." [C4009] | for synchronizing cryptographic equipment." [C4009] | |||
| Deprecated Term: ISDs SHOULD NOT use this term as a synonym for | Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for | |||
| "initialization value"; the term mixes concepts in a potentially | "initialization value"; the term mixes concepts in a potentially | |||
| misleading way. The word "message" is misleading because it | misleading way. The word "message" is misleading because it | |||
| suggests that the mechanism is limited to electronic mail. (See: | suggests that the mechanism is specific to electronic mail. (See: | |||
| Message Handling System.) | Message Handling System.) | |||
| $ message integrity check | $ message integrity check | |||
| $ message integrity code (MIC) | $ message integrity code (MIC) | |||
| (D) Synonyms for some form of "checksum". | (D) Synonyms for some form of "checksum". | |||
| Deprecated Term: ISDs SHOULD NOT use these terms for any form of | Deprecated Term: IDOCs SHOULD NOT use these terms for any form of | |||
| checksum. Instead, use "checksum", "error detection code", "hash", | checksum. Instead, use "checksum", "error detection code", "hash", | |||
| "keyed hash", "Message Authentication Code", or "protected | "keyed hash", "Message Authentication Code", or "protected | |||
| checksum", depending on what is meant. | checksum", depending on what is meant. | |||
| These two terms mix concepts in potentially misleading ways. The | These two terms mix concepts in potentially misleading ways. The | |||
| word "message" is misleading because it suggests that the | word "message" is misleading because it suggests that the | |||
| mechanism is particularly suitable for or limited to electronic | mechanism is particularly suitable for or limited to electronic | |||
| mail. The word "integrity" is misleading because the checksum may | mail. The word "integrity" is misleading because the checksum may | |||
| be used to perform a data origin authentication function rather | be used to perform a data origin authentication function rather | |||
| than an integrity function. The word "code" is misleading because | than an integrity function. The word "code" is misleading because | |||
| skipping to change at page 175, line 16 ¶ | skipping to change at page 175, line 16 ¶ | |||
| Meta-data can be associated with a data object in two basic ways: | Meta-data can be associated with a data object in two basic ways: | |||
| - Explicitly: Be part of the data object (e.g., a header field of | - Explicitly: Be part of the data object (e.g., a header field of | |||
| a data file or packet) or be linked to the object. | a data file or packet) or be linked to the object. | |||
| - Implicitly: Be associated with the data object because of some | - Implicitly: Be associated with the data object because of some | |||
| other, explicit attribute of the object. | other, explicit attribute of the object. | |||
| $ metadata, Metadata(trademark), METADATA(trademark) | $ metadata, Metadata(trademark), METADATA(trademark) | |||
| (D) Proprietary variants of "meta-data". (See: SPAM(trademark).) | (D) Proprietary variants of "meta-data". (See: SPAM(trademark).) | |||
| Deprecated Usage: ISDs SHOULD NOT use these unhypenated forms; | Deprecated Usage: IDOCs SHOULD NOT use these unhypenated forms; | |||
| ISDs SHOULD use only the uncapitalized, hyphenated "meta-data". | IDOCs SHOULD use only the uncapitalized, hyphenated "meta-data". | |||
| The terms "Metadata" and "METADATA" are claimed as registered | The terms "Metadata" and "METADATA" are claimed as registered | |||
| trademarks (numbers 1,409,260 and 2,185,504) owned by The Metadata | trademarks (numbers 1,409,260 and 2,185,504) owned by The Metadata | |||
| Company, originally known as Metadata Information Partners, a | Company, originally known as Metadata Information Partners, a | |||
| company founded by Jack Myers. The status of "metadata" is | company founded by Jack Myers. The status of "metadata" is | |||
| unclear. | unclear. | |||
| $ MHS | $ MHS | |||
| (N) See: message handling system. | (N) See: message handling system. | |||
| $ MIC | $ MIC | |||
| skipping to change at page 177, line 51 ¶ | skipping to change at page 177, line 51 ¶ | |||
| installation or execution by the recipient." | installation or execution by the recipient." | |||
| 2a. (O) /U.S. DoD/ "Technology that enables the creation of | 2a. (O) /U.S. DoD/ "Technology that enables the creation of | |||
| executable information that can be delivered to an information | executable information that can be delivered to an information | |||
| system and directly executed on any hardware/software architecture | system and directly executed on any hardware/software architecture | |||
| that has an appropriate host execution environment." | that has an appropriate host execution environment." | |||
| 2b. (O) "Programs (e.g., script, macro, or other portable | 2b. (O) "Programs (e.g., script, macro, or other portable | |||
| instruction) that can be shipped unchanged to a heterogeneous | instruction) that can be shipped unchanged to a heterogeneous | |||
| collection of platforms and executed with identical semantics" | collection of platforms and executed with identical semantics" | |||
| [SP-28]. (See: active content.) | [SP28]. (See: active content.) | |||
| Tutorial: Mobile code might be malicious. Using techniques such as | Tutorial: Mobile code might be malicious. Using techniques such as | |||
| "code signing" and a "sandbox" can reduce the risks of receiving | "code signing" and a "sandbox" can reduce the risks of receiving | |||
| and executing mobile code. | and executing mobile code. | |||
| $ mode | $ mode | |||
| $ mode of operation | $ mode of operation | |||
| 1. (I) /cryptographic operation/ A technique for enhancing the | 1. (I) /cryptographic operation/ A technique for enhancing the | |||
| effect of a cryptographic algorithm or adapting the algorithm for | effect of a cryptographic algorithm or adapting the algorithm for | |||
| an application, such as applying a block cipher to a sequence of | an application, such as applying a block cipher to a sequence of | |||
| skipping to change at page 182, line 47 ¶ | skipping to change at page 182, line 47 ¶ | |||
| (I) A penetration technique in which an intruder avoids detection | (I) A penetration technique in which an intruder avoids detection | |||
| and traceback by using multiple linked communication networks to | and traceback by using multiple linked communication networks to | |||
| access and attack a system. [C4009] | access and attack a system. [C4009] | |||
| $ NIAP | $ NIAP | |||
| (N) See: National Information Assurance Partnership. | (N) See: National Information Assurance Partnership. | |||
| $ nibble | $ nibble | |||
| (D) Half of a byte (i.e., usually, 4 bits). | (D) Half of a byte (i.e., usually, 4 bits). | |||
| Deprecated Term: To avoid international misunderstanding, ISDs | Deprecated Term: To avoid international misunderstanding, IDOCs | |||
| SHOULD NOT use this term; instead, state the size of the block | SHOULD NOT use this term; instead, state the size of the block | |||
| explicitly (e.g., "4-bit block"). (See: Deprecated Usage under | explicitly (e.g., "4-bit block"). (See: Deprecated Usage under | |||
| "Green Book".) | "Green Book".) | |||
| $ NIPRNET | $ NIPRNET | |||
| (O) The U.S. DoD's common-use Non-Classified Internet Protocol | (O) The U.S. DoD's common-use Non-Classified Internet Protocol | |||
| Router Network; the part of the Internet that is wholly controlled | Router Network; the part of the Internet that is wholly controlled | |||
| by the U.S. DoD and is used for official DoD business. | by the U.S. DoD and is used for official DoD business. | |||
| $ NIST | $ NIST | |||
| skipping to change at page 183, line 53 ¶ | skipping to change at page 183, line 53 ¶ | |||
| can deny that it sent a data object, or it can deny that it | can deny that it sent a data object, or it can deny that it | |||
| received a data object -- and, therefore, two separate types of | received a data object -- and, therefore, two separate types of | |||
| non-repudiation service are possible. (See: non-repudiation with | non-repudiation service are possible. (See: non-repudiation with | |||
| proof of origin, non-repudiation with proof of receipt.) | proof of origin, non-repudiation with proof of receipt.) | |||
| 2. (D) "Assurance [that] the sender of data is provided with proof | 2. (D) "Assurance [that] the sender of data is provided with proof | |||
| of delivery and the recipient is provided with proof of the | of delivery and the recipient is provided with proof of the | |||
| sender's identity, so neither can later deny having processed the | sender's identity, so neither can later deny having processed the | |||
| data." [C4009] | data." [C4009] | |||
| Deprecated Definition: ISDs SHOULD NOT use definition 2 because it | Deprecated Definition: IDOCs SHOULD NOT use definition 2 because | |||
| bundles two security services -- non-repudiation with proof of | it bundles two security services -- non-repudiation with proof of | |||
| origin, and non-repudiation with proof of receipt -- that can be | origin, and non-repudiation with proof of receipt -- that can be | |||
| provided independently of each other. | provided independently of each other. | |||
| Usage: ISDs SHOULD distinguish between the technical aspects and | Usage: IDOCs SHOULD distinguish between the technical aspects and | |||
| the legal aspects of a non-repudiation service: | the legal aspects of a non-repudiation service: | |||
| - "Technical non-repudiation": Refers to the assurance a relying | - "Technical non-repudiation": Refers to the assurance a relying | |||
| party has that if a public key is used to validate a digital | party has that if a public key is used to validate a digital | |||
| signature, then that signature had to have been made by the | signature, then that signature had to have been made by the | |||
| corresponding private signature key. [SP32] | corresponding private signature key. [SP32] | |||
| - "Legal non-repudiation": Refers to how well possession or | - "Legal non-repudiation": Refers to how well possession or | |||
| control of the private signature key can be established. [SP32] | control of the private signature key can be established. [SP32] | |||
| Tutorial: Non-repudiation service does not prevent an entity from | Tutorial: Non-repudiation service does not prevent an entity from | |||
| repudiating a communication. Instead, the service provides | repudiating a communication. Instead, the service provides | |||
| skipping to change at page 187, line 56 ¶ | skipping to change at page 187, line 56 ¶ | |||
| $ OFB | $ OFB | |||
| (N) See: output feedback. | (N) See: output feedback. | |||
| $ off-line attack | $ off-line attack | |||
| (I) See: secondary definition under "attack". | (I) See: secondary definition under "attack". | |||
| $ ohnosecond | $ ohnosecond | |||
| (D) That minuscule fraction of time in which you realize that your | (D) That minuscule fraction of time in which you realize that your | |||
| private key has been compromised. | private key has been compromised. | |||
| Deprecated Usage: ISDs SHOULD NOT use this term; it is a joke for | Deprecated Usage: IDOCs SHOULD NOT use this term; it is a joke for | |||
| English speakers. (See: Deprecated Usage under "Green Book".) | English speakers. (See: Deprecated Usage under "Green Book".) | |||
| $ OID | $ OID | |||
| (N) See: object identifier. | (N) See: object identifier. | |||
| $ On-line Certificate Status Protocol (OCSP) | $ On-line Certificate Status Protocol (OCSP) | |||
| (I) An Internet protocol [R2560] used by a client to obtain from a | (I) An Internet protocol [R2560] used by a client to obtain from a | |||
| server the validity status and other information about a digital | server the validity status and other information about a digital | |||
| certificate. (Mentioned in [X509] but not specified there.) | certificate. (Mentioned in [X509] but not specified there.) | |||
| skipping to change at page 189, line 15 ¶ | skipping to change at page 189, line 15 ¶ | |||
| other than exhaustive procedures even if the cryptographic key is | other than exhaustive procedures even if the cryptographic key is | |||
| known. (See: brute force, encryption.) | known. (See: brute force, encryption.) | |||
| $ one-way function | $ one-way function | |||
| (I) "A (mathematical) function, f, [that] is easy to compute, but | (I) "A (mathematical) function, f, [that] is easy to compute, but | |||
| which for a general value y in the range, it is computationally | which for a general value y in the range, it is computationally | |||
| difficult to find a value x in the domain such that f(x) = y. | difficult to find a value x in the domain such that f(x) = y. | |||
| There may be a few values of y for which finding x is not | There may be a few values of y for which finding x is not | |||
| computationally difficult." [X509] | computationally difficult." [X509] | |||
| Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for | Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for | |||
| "cryptographic hash". | "cryptographic hash". | |||
| $ onion routing | $ onion routing | |||
| (I) A system that can be used to provide both (a) data | (I) A system that can be used to provide both (a) data | |||
| confidentiality and (b) traffic-flow confidentiality for network | confidentiality and (b) traffic-flow confidentiality for network | |||
| packets, and also provide (c) anonymity for the source of the | packets, and also provide (c) anonymity for the source of the | |||
| packets. | packets. | |||
| Tutorial: The source, instead of sending a packet directly to the | Tutorial: The source, instead of sending a packet directly to the | |||
| intended destination, sends it to an "onion routing proxy" that | intended destination, sends it to an "onion routing proxy" that | |||
| skipping to change at page 191, line 16 ¶ | skipping to change at page 191, line 16 ¶ | |||
| (I) Synonym for "system integrity"; this synonym emphasizes the | (I) Synonym for "system integrity"; this synonym emphasizes the | |||
| actual performance of system functions rather than just the | actual performance of system functions rather than just the | |||
| ability to perform them. | ability to perform them. | |||
| $ operational security | $ operational security | |||
| 1. (I) System capabilities, or performance of system functions, | 1. (I) System capabilities, or performance of system functions, | |||
| that are needed either (a) to securely manage a system or (b) to | that are needed either (a) to securely manage a system or (b) to | |||
| manage security features of a system. (Compare: operations | manage security features of a system. (Compare: operations | |||
| security (OPSEC).) | security (OPSEC).) | |||
| Usage: ISDs that use this term SHOULD state a definition because | Usage: IDOCs that use this term SHOULD state a definition because | |||
| (a) the definition provided here is general and vague and (b) the | (a) the definition provided here is general and vague and (b) the | |||
| term could easily be confused with "operations security", which is | term could easily be confused with "operations security", which is | |||
| a different concept. | a different concept. | |||
| Tutorial: For example, in the context of an Internet service | Tutorial: For example, in the context of an Internet service | |||
| provider, the term could refer to capabilities to manage network | provider, the term could refer to capabilities to manage network | |||
| devices in the event of attacks, simplify troubleshooting, keep | devices in the event of attacks, simplify troubleshooting, keep | |||
| track of events that affect system integrity, help analyze sources | track of events that affect system integrity, help analyze sources | |||
| of attacks, and provide administrators with control over network | of attacks, and provide administrators with control over network | |||
| addresses and protocols to help mitigate the most common attacks | addresses and protocols to help mitigate the most common attacks | |||
| and exploits. [R3871] | and exploits. [R3871] | |||
| 2. (D) Synonym for "administrative security". | 2. (D) Synonym for "administrative security". | |||
| Deprecated Definition: ISDs SHOULD NOT use this term as a synonym | Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym | |||
| for "administrative security". Any type of security may affect | for "administrative security". Any type of security may affect | |||
| system operations; therefore, the term may be misleading. Instead, | system operations; therefore, the term may be misleading. Instead, | |||
| use "administrative security", "communication security", "computer | use "administrative security", "communication security", "computer | |||
| security", "emanations security", "personnel security", "physical | security", "emanations security", "personnel security", "physical | |||
| security", or whatever specific type is meant. (See: security | security", or whatever specific type is meant. (See: security | |||
| architecture. Compare: operational integrity, OPSEC.) | architecture. Compare: operational integrity, OPSEC.) | |||
| $ operations security (OPSEC) | $ operations security (OPSEC) | |||
| (I) A process to identify, control, and protect evidence of the | (I) A process to identify, control, and protect evidence of the | |||
| planning and execution of sensitive activities and operations, and | planning and execution of sensitive activities and operations, and | |||
| thereby prevent potential adversaries from gaining knowledge of | thereby prevent potential adversaries from gaining knowledge of | |||
| capabilities and intentions. (See: communications cover. Compare: | capabilities and intentions. (See: communications cover. Compare: | |||
| operational security.) | operational security.) | |||
| $ operator | $ operator | |||
| (I) A person who has been authorized to direct selected functions | (I) A person who has been authorized to direct selected functions | |||
| of a system. (Compare: manager, user.) | of a system. (Compare: manager, user.) | |||
| Usage: ISDs that use this term SHOULD state a definition for it | Usage: IDOCs that use this term SHOULD state a definition for it | |||
| because a system operator may or may not be treated as a "user". | because a system operator may or may not be treated as a "user". | |||
| $ OPSEC | $ OPSEC | |||
| 1. (I) Abbreviation for "operations security". | 1. (I) Abbreviation for "operations security". | |||
| 2. (D) Abbreviation for "operational security". | 2. (D) Abbreviation for "operational security". | |||
| Deprecated Usage: ISDs SHOULD NOT use this abbreviation for | Deprecated Usage: IDOCs SHOULD NOT use this abbreviation for | |||
| "operational security" (as defined in this Glossary), because its | "operational security" (as defined in this Glossary), because its | |||
| use for "operations security" has been well established for many | use for "operations security" has been well established for many | |||
| years, particular in the military community. | years, particular in the military community. | |||
| $ ORA | $ ORA | |||
| See: organizational registration authority. | See: organizational registration authority. | |||
| $ Orange Book | $ Orange Book | |||
| (D) /slang/ Synonym for "Trusted Computer System Evaluation | (D) /slang/ Synonym for "Trusted Computer System Evaluation | |||
| Criteria" [CSC001, DoD1]. | Criteria" [CSC1, DoD1]. | |||
| Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for | Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for | |||
| "Trusted Computer System Evaluation Criteria" [CSC001, DoD1]. | "Trusted Computer System Evaluation Criteria" [CSC001, DoD1]. | |||
| Instead, use the full, proper name of the document or, in | Instead, use the full, proper name of the document or, in | |||
| subsequent references, the abbreviation "TCSEC". (See: Deprecated | subsequent references, the abbreviation "TCSEC". (See: Deprecated | |||
| Usage under "Green Book".) | Usage under "Green Book".) | |||
| $ organizational certificate | $ organizational certificate | |||
| 1. (I) An X.509 public-key certificate in which the "subject" | 1. (I) An X.509 public-key certificate in which the "subject" | |||
| field contains the name of an institution or set (e.g., a | field contains the name of an institution or set (e.g., a | |||
| business, government, school, labor union, club, ethnic group, | business, government, school, labor union, club, ethnic group, | |||
| nationality, system, or group of individuals playing the same | nationality, system, or group of individuals playing the same | |||
| skipping to change at page 193, line 7 ¶ | skipping to change at page 193, line 7 ¶ | |||
| administrative authority, and the term refers both to the role and | administrative authority, and the term refers both to the role and | |||
| to the person who plays that role. An ORA does not sign | to the person who plays that role. An ORA does not sign | |||
| certificates, CRLs, or CKLs. (See: no-PIN ORA, SSO-PIN ORA, user- | certificates, CRLs, or CKLs. (See: no-PIN ORA, SSO-PIN ORA, user- | |||
| PIN ORA.) | PIN ORA.) | |||
| $ origin authentication | $ origin authentication | |||
| (D) Synonym for "data origin authentication". (See: | (D) Synonym for "data origin authentication". (See: | |||
| authentication, data origin authentication.) | authentication, data origin authentication.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it suggests | Deprecated Term: IDOCs SHOULD NOT use this term; it suggests | |||
| careless use of the internationally standardized term "data origin | careless use of the internationally standardized term "data origin | |||
| authentication" and also could be confused with "peer entity | authentication" and also could be confused with "peer entity | |||
| authentication." | authentication." | |||
| $ origin authenticity | $ origin authenticity | |||
| (D) Synonym for "data origin authentication". (See: authenticity, | (D) Synonym for "data origin authentication". (See: authenticity, | |||
| data origin authentication.) | data origin authentication.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it suggests | Deprecated Term: IDOCs SHOULD NOT use this term; it suggests | |||
| careless use of the internationally standardized term "data origin | careless use of the internationally standardized term "data origin | |||
| authentication" and mixes concepts in a potentially misleading | authentication" and mixes concepts in a potentially misleading | |||
| way. | way. | |||
| $ OSI, OSIRM | $ OSI, OSIRM | |||
| (N) See: Open Systems Interconnection Reference Model. | (N) See: Open Systems Interconnection Reference Model. | |||
| $ OSIRM Security Architecture | $ OSIRM Security Architecture | |||
| (N) The part of the OSIRM [I7498-2] that specifies the security | (N) The part of the OSIRM [I7498-2] that specifies the security | |||
| services and security mechanisms that can be applied to protect | services and security mechanisms that can be applied to protect | |||
| skipping to change at page 193, line 39 ¶ | skipping to change at page 193, line 39 ¶ | |||
| Tutorial: This part of the OSIRM includes an allocation of | Tutorial: This part of the OSIRM includes an allocation of | |||
| security services to protocol layers. The following table show | security services to protocol layers. The following table show | |||
| which security services (see definitions in this Glossary) are | which security services (see definitions in this Glossary) are | |||
| permitted by the OSIRM in each of its layer. (Also, an application | permitted by the OSIRM in each of its layer. (Also, an application | |||
| process that operates above the Application Layer may itself | process that operates above the Application Layer may itself | |||
| provide security services.) Similarly, the table suggests which | provide security services.) Similarly, the table suggests which | |||
| services are suitable for each IPS layer. However, explaining and | services are suitable for each IPS layer. However, explaining and | |||
| justifying these allocations is beyond the scope of this Glossary. | justifying these allocations is beyond the scope of this Glossary. | |||
| Legend for Table Entries: | Legend for Table Entries: | |||
| O = Yes, [IS7498-2] permits the service in this OSIRM layer. | O = Yes, [I7498-2] permits the service in this OSIRM layer. | |||
| I = Yes, the service can be incorporated in this IPS layer. | I = Yes, the service can be incorporated in this IPS layer. | |||
| * = This layer subsumed by Application Layer in IPS. | * = This layer subsumed by Application Layer in IPS. | |||
| IPS Protocol Layers +-----------------------------------------+ | IPS Protocol Layers +-----------------------------------------+ | |||
| |Network| Net |In-| Trans | Application | | |Network| Net |In-| Trans | Application | | |||
| | H/W |Inter|ter| -port | | | | H/W |Inter|ter| -port | | | |||
| | |-face|net| | | | | |-face|net| | | | |||
| OSIRM Protocol Layers +-----------------------------------------+ | OSIRM Protocol Layers +-----------------------------------------+ | |||
| | 1 | 2 | 3 | 4 | 5 | 6 | 7 | | | 1 | 2 | 3 | 4 | 5 | 6 | 7 | | |||
| Confidentiality +-----------------------------------------+ | Confidentiality +-----------------------------------------+ | |||
| skipping to change at page 196, line 15 ¶ | skipping to change at page 196, line 15 ¶ | |||
| $ packet filter | $ packet filter | |||
| (I) See: secondary definition under "filtering router". | (I) See: secondary definition under "filtering router". | |||
| $ packet monkey | $ packet monkey | |||
| (D) /slang/ Someone who floods a system with packets, creating a | (D) /slang/ Someone who floods a system with packets, creating a | |||
| denial-of-service condition for the system's users. (See: | denial-of-service condition for the system's users. (See: | |||
| cracker.) | cracker.) | |||
| Deprecated Term: It is likely that other cultures use different | Deprecated Term: It is likely that other cultures use different | |||
| metaphors for this concept. Therefore, to avoid international | metaphors for this concept. Therefore, to avoid international | |||
| misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated | misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated | |||
| Usage under "Green Book".) | Usage under "Green Book".) | |||
| $ pagejacking | $ pagejacking | |||
| (D) /slang/ A contraction of "Web page hijacking". A masquerade | (D) /slang/ A contraction of "Web page hijacking". A masquerade | |||
| attack in which the attacker copies (steals) a home page or other | attack in which the attacker copies (steals) a home page or other | |||
| material from the target server, rehosts the page on a server the | material from the target server, rehosts the page on a server the | |||
| attacker controls, and causes the rehosted page to be indexed by | attacker controls, and causes the rehosted page to be indexed by | |||
| the major Web search services, thereby diverting browsers from the | the major Web search services, thereby diverting browsers from the | |||
| target server to the attacker's server. | target server to the attacker's server. | |||
| Deprecated Term: ISDs SHOULD NOT use this contraction. The term is | Deprecated Term: IDOCs SHOULD NOT use this contraction. The term | |||
| not listed in most dictionaries and could confuse international | is not listed in most dictionaries and could confuse international | |||
| readers. (See: Deprecated Usage under "Green Book".) | readers. (See: Deprecated Usage under "Green Book".) | |||
| $ PAN | $ PAN | |||
| (O) See: primary account number. | (O) See: primary account number. | |||
| $ PAP | $ PAP | |||
| (I) See: Password Authentication Protocol. | (I) See: Password Authentication Protocol. | |||
| $ parity bit | $ parity bit | |||
| (I) A checksum that is computed on a block of bits by computing | (I) A checksum that is computed on a block of bits by computing | |||
| skipping to change at page 197, line 6 ¶ | skipping to change at page 197, line 6 ¶ | |||
| Usage: Usually abbreviated as "partitioned mode". This term was | Usage: Usually abbreviated as "partitioned mode". This term was | |||
| defined in U.S. Government policy on system accreditation. | defined in U.S. Government policy on system accreditation. | |||
| $ PASS | $ PASS | |||
| (N) See: personnel authentication system string. | (N) See: personnel authentication system string. | |||
| $ passive attack | $ passive attack | |||
| (I) See: secondary definition under "attack". | (I) See: secondary definition under "attack". | |||
| $ passive user | $ passive user | |||
| (I) See: secondary definition under "user". | (I) See: secondary definition under "system user". | |||
| $ passive wiretapping | $ passive wiretapping | |||
| (I) A wiretapping attack that attempts only to observe a | (I) A wiretapping attack that attempts only to observe a | |||
| communication flow and gain knowledge of the data it contains, but | communication flow and gain knowledge of the data it contains, but | |||
| does not alter or otherwise affect that flow. (See: wiretapping. | does not alter or otherwise affect that flow. (See: wiretapping. | |||
| Compare: passive attack, active wiretapping.) | Compare: passive attack, active wiretapping.) | |||
| $ password | $ password | |||
| 1a. (I) A secret data value, usually a character string, that is | 1a. (I) A secret data value, usually a character string, that is | |||
| presented to a system by a user to authenticate the user's | presented to a system by a user to authenticate the user's | |||
| skipping to change at page 199, line 6 ¶ | skipping to change at page 199, line 6 ¶ | |||
| and width, roughly the size of a credit card, but differ in their | and width, roughly the size of a credit card, but differ in their | |||
| thickness from 3.3 to 10.5 mm. Examples include storage modules, | thickness from 3.3 to 10.5 mm. Examples include storage modules, | |||
| modems, device interface adapters, and cryptographic modules. | modems, device interface adapters, and cryptographic modules. | |||
| $ PCA | $ PCA | |||
| (D) Abbreviation of various kinds of "certification authority". | (D) Abbreviation of various kinds of "certification authority". | |||
| (See: Internet policy certification authority, (MISSI) policy | (See: Internet policy certification authority, (MISSI) policy | |||
| creation authority, (SET) payment gateway certification | creation authority, (SET) payment gateway certification | |||
| authority.) | authority.) | |||
| Deprecated Usage: An ISD that uses this abbreviation SHOULD define | Deprecated Usage: An IDOC that uses this abbreviation SHOULD | |||
| it at the point of first use. | define it at the point of first use. | |||
| $ PCI | $ PCI | |||
| (N) See: "protocol control information" under "protocol data | (N) See: "protocol control information" under "protocol data | |||
| unit". | unit". | |||
| $ PCMCIA | $ PCMCIA | |||
| (N) Personal Computer Memory Card International Association, a | (N) Personal Computer Memory Card International Association, a | |||
| group of manufacturers, developers, and vendors, founded in 1989 | group of manufacturers, developers, and vendors, founded in 1989 | |||
| to standardize plug-in peripheral memory cards for personal | to standardize plug-in peripheral memory cards for personal | |||
| computers and now extended to deal with any technology that works | computers and now extended to deal with any technology that works | |||
| skipping to change at page 204, line 25 ¶ | skipping to change at page 204, line 25 ¶ | |||
| (D) /slang/ A technique for attempting to acquire sensitive data, | (D) /slang/ A technique for attempting to acquire sensitive data, | |||
| such as bank account numbers, through a fraudulent solicitation in | such as bank account numbers, through a fraudulent solicitation in | |||
| email or on a Web site, in which the perpetrator masquerades as a | email or on a Web site, in which the perpetrator masquerades as a | |||
| legitimate business or reputable person. (See: social | legitimate business or reputable person. (See: social | |||
| engineering.) | engineering.) | |||
| Derivation: Possibly from "phony fishing"; the solicitation | Derivation: Possibly from "phony fishing"; the solicitation | |||
| usually involves some kind of lure or bait to hook unwary | usually involves some kind of lure or bait to hook unwary | |||
| recipients. (Compare: phreaking.) | recipients. (Compare: phreaking.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it is not listed | Deprecated Term: IDOCs SHOULD NOT use this term; it is not listed | |||
| in most dictionaries and could confuse international readers. | in most dictionaries and could confuse international readers. | |||
| (See: Deprecated Usage under "Green Book.") | (See: Deprecated Usage under "Green Book.") | |||
| $ Photuris | $ Photuris | |||
| (I) A UDP-based, key establishment protocol for session keys, | (I) A UDP-based, key establishment protocol for session keys, | |||
| designed for use with the IPsec protocols AH and ESP. Superseded | designed for use with the IPsec protocols AH and ESP. Superseded | |||
| by IKE. | by IKE. | |||
| $ phreaking | $ phreaking | |||
| (D) A contraction of "telephone breaking". An attack on or | (D) A contraction of "telephone breaking". An attack on or | |||
| penetration of a telephone system or, by extension, any other | penetration of a telephone system or, by extension, any other | |||
| communication or information system. [Raym] | communication or information system. [Raym] | |||
| Deprecated Term: ISDs SHOULD NOT use this contraction; it is not | Deprecated Term: IDOCs SHOULD NOT use this contraction; it is not | |||
| listed in most dictionaries and could confuse international | listed in most dictionaries and could confuse international | |||
| readers. (See: Deprecated Usage under "Green Book.") | readers. (See: Deprecated Usage under "Green Book.") | |||
| $ physical destruction | $ physical destruction | |||
| (I) /threat action/ See: secondary definition under | (I) /threat action/ See: secondary definition under | |||
| "incapacitation". | "incapacitation". | |||
| $ physical security | $ physical security | |||
| (I) Tangible means of preventing unauthorized physical access to a | (I) Tangible means of preventing unauthorized physical access to a | |||
| system. Examples: Fences, walls, and other barriers; locks, safes, | system. Examples: Fences, walls, and other barriers; locks, safes, | |||
| and vaults; dogs and armed guards; sensors and alarm bells. | and vaults; dogs and armed guards; sensors and alarm bells. | |||
| [FP031, R1455] (See: security architecture.) | [FP031, R1455] (See: security architecture.) | |||
| $ piggyback attack | $ piggyback attack | |||
| (I) A form of active wiretapping in which the attacker gains | (I) A form of active wiretapping in which the attacker gains | |||
| access to a system via intervals of inactivity in another user's | access to a system via intervals of inactivity in another user's | |||
| legitimate communication connection. Sometimes called a "between- | legitimate communication connection. Sometimes called a "between- | |||
| the-lines" attack. (See: hijack attack, man-in-the-middle attack.) | the-lines" attack. (See: hijack attack, man-in-the-middle attack.) | |||
| Deprecated Usage: ISDs that use this term SHOULD state a | Deprecated Usage: IDOCs that use this term SHOULD state a | |||
| definition for it because the term could confuse international | definition for it because the term could confuse international | |||
| readers. | readers. | |||
| $ PIN | $ PIN | |||
| (I) See: personal identification number. | (I) See: personal identification number. | |||
| $ ping of death | $ ping of death | |||
| (D) A denial-of-service attack that sends an improperly large ICMP | (D) A denial-of-service attack that sends an improperly large ICMP | |||
| echo request packet (a "ping") with the intent of causing the | echo request packet (a "ping") with the intent of causing the | |||
| destination system to fail. (See: ping sweep, teardrop.) | destination system to fail. (See: ping sweep, teardrop.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term; instead, use "ping | Deprecated Term: IDOCs SHOULD NOT use this term; instead, use | |||
| packet overflow attack" or some other term that is specific with | "ping packet overflow attack" or some other term that is specific | |||
| regard to the attack mechanism. | with regard to the attack mechanism. | |||
| Tutorial: This attack seeks to exploit an implementation | Tutorial: This attack seeks to exploit an implementation | |||
| vulnerability. The IP specification requires hosts to be prepared | vulnerability. The IP specification requires hosts to be prepared | |||
| to accept datagrams of up to 576 octets, but also permits IP | to accept datagrams of up to 576 octets, but also permits IP | |||
| datagrams to be up to 65,535 octets long. If an IP implementation | datagrams to be up to 65,535 octets long. If an IP implementation | |||
| does not properly handle very long IP packets, the ping packet may | does not properly handle very long IP packets, the ping packet may | |||
| overflow the input buffer and cause a fatal system error. | overflow the input buffer and cause a fatal system error. | |||
| $ ping sweep | $ ping sweep | |||
| (I) An attack that sends ICMP echo requests ("pings") to a range | (I) An attack that sends ICMP echo requests ("pings") to a range | |||
| skipping to change at page 206, line 21 ¶ | skipping to change at page 206, line 21 ¶ | |||
| possibly in PKCS #7 format. | possibly in PKCS #7 format. | |||
| $ PKCS #11 | $ PKCS #11 | |||
| (N) A standard [PKC11] from the PKCS series; defines CAPI called | (N) A standard [PKC11] from the PKCS series; defines CAPI called | |||
| "Cryptoki" for devices that hold cryptographic information and | "Cryptoki" for devices that hold cryptographic information and | |||
| perform cryptographic functions. | perform cryptographic functions. | |||
| $ PKI | $ PKI | |||
| (I) See: public-key infrastructure. | (I) See: public-key infrastructure. | |||
| $ PKINT | $ PKINIT | |||
| (I) Abbreviation for "Public Key Cryptography for Initial | (I) Abbreviation for "Public Key Cryptography for Initial | |||
| Authentication in Kerberos" (RFC 4556). (See: Tutorial under | Authentication in Kerberos" (RFC 4556). (See: Tutorial under | |||
| "Kerberos".) | "Kerberos".) | |||
| $ PKIX | $ PKIX | |||
| 1a. (I) A contraction of "Public-Key Infrastructure (X.509)", the | 1a. (I) A contraction of "Public-Key Infrastructure (X.509)", the | |||
| name of the IETF working group that is specifying an architecture | name of the IETF working group that is specifying an architecture | |||
| [R3280] and set of protocols [R4210] to provide X.509-based PKI | [R3280] and set of protocols [R4210] to provide X.509-based PKI | |||
| services for the Internet. | services for the Internet. | |||
| skipping to change at page 207, line 5 ¶ | skipping to change at page 207, line 5 ¶ | |||
| the PKI, and (d) information about certificate policies and CPSs, | the PKI, and (d) information about certificate policies and CPSs, | |||
| covering the areas of PKI security not directly addressed in the | covering the areas of PKI security not directly addressed in the | |||
| rest of PKIX. | rest of PKIX. | |||
| $ plain text | $ plain text | |||
| 1. (I) /noun/ Data that is input to an encryption process. (See: | 1. (I) /noun/ Data that is input to an encryption process. (See: | |||
| plaintext. Compare: cipher text, clear text.) | plaintext. Compare: cipher text, clear text.) | |||
| 2. (D) /noun/ Synonym for "clear text". | 2. (D) /noun/ Synonym for "clear text". | |||
| Deprecated Definition: ISDs SHOULD NOT use this term as a synonym | Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym | |||
| for "clear text". Sometimes plain text that is input to an | for "clear text". Sometimes plain text that is input to an | |||
| encryption operation is clear text, but other times plain text is | encryption operation is clear text, but other times plain text is | |||
| cipher text that was output from a previous encryption operation. | cipher text that was output from a previous encryption operation. | |||
| (See: superencryption.) | (See: superencryption.) | |||
| $ plaintext | $ plaintext | |||
| 1. (O) /noun/ Synonym for "plain text". | 1. (O) /noun/ Synonym for "plain text". | |||
| 2. (I) /adjective/ Referring to plain text. Usage: Commonly used | 2. (I) /adjective/ Referring to plain text. Usage: Commonly used | |||
| instead of "plain-text". (Compare: ciphertext, cleartext.) | instead of "plain-text". (Compare: ciphertext, cleartext.) | |||
| 3. (D) /noun/ Synonym for "cleartext". | 3. (D) /noun/ Synonym for "cleartext". | |||
| Deprecated Definition: ISDs SHOULD NOT use this term as a synonym | Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym | |||
| for "cleartext". Cleartext data is, by definition, not encrypted; | for "cleartext". Cleartext data is, by definition, not encrypted; | |||
| but plaintext data that is input to an encryption operation may be | but plaintext data that is input to an encryption operation may be | |||
| cleartext data or may be ciphertext data that was output from a | cleartext data or may be ciphertext data that was output from a | |||
| previous encryption operation. (See: superencryption.) | previous encryption operation. (See: superencryption.) | |||
| $ PLI | $ PLI | |||
| (I) See: Private Line Interface. | (I) See: Private Line Interface. | |||
| $ PMA | $ PMA | |||
| (N) See: policy management authority. | (N) See: policy management authority. | |||
| skipping to change at page 208, line 16 ¶ | skipping to change at page 208, line 16 ¶ | |||
| 1a. (I) A plan or course of action that is stated for a system or | 1a. (I) A plan or course of action that is stated for a system or | |||
| organization and is intended to affect and direct the decisions | organization and is intended to affect and direct the decisions | |||
| and deeds of that entity's components or members. (See: security | and deeds of that entity's components or members. (See: security | |||
| policy.) | policy.) | |||
| 1b. (O) A definite goal, course, or method of action to guide and | 1b. (O) A definite goal, course, or method of action to guide and | |||
| determine present and future decisions, that is implemented or | determine present and future decisions, that is implemented or | |||
| executed within a particular context, such as within a business | executed within a particular context, such as within a business | |||
| unit. [R3198] | unit. [R3198] | |||
| Deprecated Abbreviation: ISDs SHOULD NOT use "policy" as an | Deprecated Abbreviation: IDOCs SHOULD NOT use "policy" as an | |||
| abbreviation of either "security policy" or "certificate policy". | abbreviation of either "security policy" or "certificate policy". | |||
| Instead, to avoid misunderstanding, use a fully qualified term, at | Instead, to avoid misunderstanding, use a fully qualified term, at | |||
| least at the point of first usage. | least at the point of first usage. | |||
| Tutorial: The introduction of new technology to replace | Tutorial: The introduction of new technology to replace | |||
| traditional systems can result in new systems being deployed | traditional systems can result in new systems being deployed | |||
| without adequate policy definition and before the implications of | without adequate policy definition and before the implications of | |||
| the new technology are fully understand. In some cases, it can be | the new technology are fully understand. In some cases, it can be | |||
| difficult to establish policies for new technology before the | difficult to establish policies for new technology before the | |||
| technology has been operationally tested and evaluated. Thus, | technology has been operationally tested and evaluated. Thus, | |||
| skipping to change at page 209, line 11 ¶ | skipping to change at page 209, line 11 ¶ | |||
| - For every control defined by a practice statement, there should | - For every control defined by a practice statement, there should | |||
| be corresponding procedures to implement the control and | be corresponding procedures to implement the control and | |||
| provide ongoing measurement of the control parameters. | provide ongoing measurement of the control parameters. | |||
| Conversely, procedures require management practices to insure | Conversely, procedures require management practices to insure | |||
| consistent and correct operational behavior. | consistent and correct operational behavior. | |||
| $ policy approval authority | $ policy approval authority | |||
| (D) /PKI/ Synonym for "policy management authority". [PAG] | (D) /PKI/ Synonym for "policy management authority". [PAG] | |||
| Deprecated Term: ISDs SHOULD NOT use this term as synonym for | Deprecated Term: IDOCs SHOULD NOT use this term as synonym for | |||
| "policy management authority". The term suggests a limited, | "policy management authority". The term suggests a limited, | |||
| passive role that is not typical of PMAs. | passive role that is not typical of PMAs. | |||
| $ policy approving authority (PAA) | $ policy approving authority (PAA) | |||
| (O) /MISSI/ The top-level signing authority of a MISSI | (O) /MISSI/ The top-level signing authority of a MISSI | |||
| certification hierarchy. The term refers both to that | certification hierarchy. The term refers both to that | |||
| authoritative office or role and to the person who plays that | authoritative office or role and to the person who plays that | |||
| role. (See: policy management authority, root registry.) | role. (See: policy management authority, root registry.) | |||
| Tutorial: A MISSI PAA (a) registers MISSI PCAs and signs their | Tutorial: A MISSI PAA (a) registers MISSI PCAs and signs their | |||
| X.509 public-key certificates, (b) issues CRLs but does not issue | X.509 public-key certificates, (b) issues CRLs but does not issue | |||
| a CKL, and (c) may issue cross-certificates to other PAAs. | a CKL, and (c) may issue cross-certificates to other PAAs. | |||
| $ policy authority | $ policy authority | |||
| (D) /PKI/ Synonym for "policy management authority". [PAG] | (D) /PKI/ Synonym for "policy management authority". [PAG] | |||
| Deprecated Term: ISDs SHOULD NOT use this term as synonym for | Deprecated Term: IDOCs SHOULD NOT use this term as synonym for | |||
| "policy management authority". The term is unnecessarily vague and | "policy management authority". The term is unnecessarily vague and | |||
| thus may be confused with other PKI entities, such as CAs and RAs, | thus may be confused with other PKI entities, such as CAs and RAs, | |||
| that enforce of apply various aspects of PKI policy. | that enforce of apply various aspects of PKI policy. | |||
| $ policy certification authority (Internet PCA) | $ policy certification authority (Internet PCA) | |||
| (I) An X.509-compliant CA at the second level of the Internet | (I) An X.509-compliant CA at the second level of the Internet | |||
| certification hierarchy, under the IPRA. Each PCA operates under | certification hierarchy, under the IPRA. Each PCA operates under | |||
| its published security policy (see: certificate policy, CPS) and | its published security policy (see: certificate policy, CPS) and | |||
| within constraints established by the IPRA for all PCAs. [R1422]. | within constraints established by the IPRA for all PCAs. [R1422]. | |||
| (See: policy creation authority.) | (See: policy creation authority.) | |||
| skipping to change at page 211, line 25 ¶ | skipping to change at page 211, line 25 ¶ | |||
| $ positive authorization | $ positive authorization | |||
| (I) The principle that a security architecture should be designed | (I) The principle that a security architecture should be designed | |||
| so that access to system resources is permitted only when | so that access to system resources is permitted only when | |||
| explicitly granted; i.e., in the absence of an explicit | explicitly granted; i.e., in the absence of an explicit | |||
| authorization that grants access, the default action shall be to | authorization that grants access, the default action shall be to | |||
| refuse access. (See: authorization, access.) | refuse access. (See: authorization, access.) | |||
| $ POSIX | $ POSIX | |||
| (N) Portable Operating System Interface for Computer Environments, | (N) Portable Operating System Interface for Computer Environments, | |||
| a standard [FP151, IS9945-1] (originally IEEE Standard P1003.1) | a standard [FP151, I9945] (originally IEEE Standard P1003.1) that | |||
| that defines an operating system interface and environment to | defines an operating system interface and environment to support | |||
| support application portability at the source code level. It is | application portability at the source code level. It is intended | |||
| intended to be used by both application developers and system | to be used by both application developers and system implementers. | |||
| implementers. | ||||
| Tutorial: P1003.1 supports security functionality like that on | Tutorial: P1003.1 supports security functionality like that on | |||
| most UNIX systems, including discretionary access control and | most UNIX systems, including discretionary access control and | |||
| privileges. IEEE Draft Standard P1003.6 specifies additional | privileges. IEEE Draft Standard P1003.6 specifies additional | |||
| functionality not provided in the base standard, including (a) | functionality not provided in the base standard, including (a) | |||
| discretionary access control, (b) audit trail mechanisms, (c) | discretionary access control, (b) audit trail mechanisms, (c) | |||
| privilege mechanisms, (d) mandatory access control, and (e) | privilege mechanisms, (d) mandatory access control, and (e) | |||
| information label mechanisms. | information label mechanisms. | |||
| $ Post Office Protocol, version 3 (POP3) | $ Post Office Protocol, version 3 (POP3) | |||
| skipping to change at page 213, line 6 ¶ | skipping to change at page 213, line 4 ¶ | |||
| "web of trust". | "web of trust". | |||
| $ prevention | $ prevention | |||
| (I) See: secondary definition under "security". | (I) See: secondary definition under "security". | |||
| $ primary account number (PAN) | $ primary account number (PAN) | |||
| (O) /SET/ "The assigned number that identifies the card issuer and | (O) /SET/ "The assigned number that identifies the card issuer and | |||
| cardholder. This account number is composed of an issuer | cardholder. This account number is composed of an issuer | |||
| identification number, an individual account number | identification number, an individual account number | |||
| identification, and an accompanying check digit as defined by ISO | identification, and an accompanying check digit as defined by ISO | |||
| 7812-1985." [SET2, IS7812] (See: bank identification number.) | 7812-1985." [SET2, I7812] (See: bank identification number.) | |||
| Tutorial: The PAN is embossed, encoded, or both on a magnetic- | Tutorial: The PAN is embossed, encoded, or both on a magnetic- | |||
| strip-based credit card. The PAN identifies the issuer to which a | strip-based credit card. The PAN identifies the issuer to which a | |||
| transaction is to be routed and the account to which it is to be | transaction is to be routed and the account to which it is to be | |||
| applied unless specific instructions indicate otherwise. The | applied unless specific instructions indicate otherwise. The | |||
| authority that assigns the BIN part of the PAN is the American | authority that assigns the BIN part of the PAN is the American | |||
| Bankers Association. | Bankers Association. | |||
| $ principal | $ principal | |||
| (I) A specific identity claimed by a user when accessing a system. | (I) A specific identity claimed by a user when accessing a system. | |||
| skipping to change at page 213, line 40 ¶ | skipping to change at page 213, line 38 ¶ | |||
| (I) /information system/ Precedence for processing an event or | (I) /information system/ Precedence for processing an event or | |||
| data object, determined by security importance or other factors. | data object, determined by security importance or other factors. | |||
| (See: precedence.) | (See: precedence.) | |||
| $ privacy | $ privacy | |||
| 1. (I) The right of an entity (normally a person), acting in its | 1. (I) The right of an entity (normally a person), acting in its | |||
| own behalf, to determine the degree to which it will interact with | own behalf, to determine the degree to which it will interact with | |||
| its environment, including the degree to which the entity is | its environment, including the degree to which the entity is | |||
| willing to share its personal information with others. (See: | willing to share its personal information with others. (See: | |||
| HIPAA, personal information, Privacy Act of 1974. Compare: | HIPAA, personal information, Privacy Act of 1974. Compare: | |||
| anonymity, data confidentiality.) | anonymity, data confidentiality.) [FP041] | |||
| 2. (O) "The right of individuals to control or influence what | 2. (O) "The right of individuals to control or influence what | |||
| information related to them may be collected and stored and by | information related to them may be collected and stored and by | |||
| whom and to whom that information may be disclosed." [I7498-2] | whom and to whom that information may be disclosed." [I7498-2] | |||
| 3. (D) Synonym for "data confidentiality". | 3. (D) Synonym for "data confidentiality". | |||
| Deprecated Definition: ISDs SHOULD NOT use this term as a synonym | Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym | |||
| for "data confidentiality" or "data confidentiality service", | for "data confidentiality" or "data confidentiality service", | |||
| which are different concepts. Privacy is a reason for security | which are different concepts. Privacy is a reason for security | |||
| rather than a kind of security. For example, a system that stores | rather than a kind of security. For example, a system that stores | |||
| personal data needs to protect the data to prevent harm, | personal data needs to protect the data to prevent harm, | |||
| embarrassment, inconvenience, or unfairness to any person about | embarrassment, inconvenience, or unfairness to any person about | |||
| whom data is maintained, and to protect the person's privacy. For | whom data is maintained, and to protect the person's privacy. For | |||
| that reason, the system may need to provide data confidentiality | that reason, the system may need to provide data confidentiality | |||
| service. | service. | |||
| Tutorial: The term "privacy" is used for various separate but | Tutorial: The term "privacy" is used for various separate but | |||
| related concepts, including bodily privacy, territorial privacy, | related concepts, including bodily privacy, territorial privacy, | |||
| personal information privacy, and communication privacy. ISDs are | personal information privacy, and communication privacy. IDOCs are | |||
| expected to address only communication privacy, which in this | expected to address only communication privacy, which in this | |||
| Glossary is defined primarily by "data confidentiality" and | Glossary is defined primarily by "data confidentiality" and | |||
| secondarily by "data integrity". | secondarily by "data integrity". | |||
| ISDs are not expected to address information privacy, but this | IDOCs are not expected to address information privacy, but this | |||
| Glossary provides definition 1 for that concept because personal | Glossary provides definition 1 for that concept because personal | |||
| information privacy is often confused with communication privacy. | information privacy is often confused with communication privacy. | |||
| ISDS are not expected to address bodily privacy or territorial | IDOCs are not expected to address bodily privacy or territorial | |||
| privacy, and this Glossary does not define those concepts because | privacy, and this Glossary does not define those concepts because | |||
| they are not easily confused with communication privacy. | they are not easily confused with communication privacy. | |||
| $ Privacy Act of 1974 | $ Privacy Act of 1974 | |||
| (O) A U.S. Federal law (Section 552a of Title 5, United States | (O) A U.S. Federal law (Section 552a of Title 5, United States | |||
| Code) that seeks to balance the U.S. Government's need to maintain | Code) that seeks to balance the U.S. Government's need to maintain | |||
| data about individuals with the rights of individuals to be | data about individuals with the rights of individuals to be | |||
| protected against unwarranted invasions of their privacy stemming | protected against unwarranted invasions of their privacy stemming | |||
| from federal agencies' collection, maintenance, use, and | from federal agencies' collection, maintenance, use, and | |||
| disclosure of personal data. (See: privacy.) | disclosure of personal data. (See: privacy.) | |||
| skipping to change at page 215, line 15 ¶ | skipping to change at page 215, line 13 ¶ | |||
| over MD2). | over MD2). | |||
| PEM is designed to be compatible with a wide range of key | PEM is designed to be compatible with a wide range of key | |||
| management methods, but is limited to specifying security services | management methods, but is limited to specifying security services | |||
| only for text messages and, like MOSS, has not been widely | only for text messages and, like MOSS, has not been widely | |||
| implemented in the Internet. | implemented in the Internet. | |||
| $ private component | $ private component | |||
| (I) Synonym for "private key". | (I) Synonym for "private key". | |||
| Deprecated Usage: In most cases, ISDs SHOULD NOT use this term; | Deprecated Usage: In most cases, IDOCs SHOULD NOT use this term; | |||
| instead, to avoid confusing readers, use "private key". However, | instead, to avoid confusing readers, use "private key". However, | |||
| the term MAY be used when discussing a key pair; e.g., "A key pair | the term MAY be used when discussing a key pair; e.g., "A key pair | |||
| has a public component and a private component." | has a public component and a private component." | |||
| $ private extension | $ private extension | |||
| (I) See: secondary definition under "extension". | (I) See: secondary definition under "extension". | |||
| $ private key | $ private key | |||
| 1. (I) The secret component of a pair of cryptographic keys used | 1. (I) The secret component of a pair of cryptographic keys used | |||
| for asymmetric cryptography. (See: key pair, public key, secret | for asymmetric cryptography. (See: key pair, public key, secret | |||
| skipping to change at page 215, line 51 ¶ | skipping to change at page 215, line 49 ¶ | |||
| 1b. (I) /computer platform/ An authorization to perform a | 1b. (I) /computer platform/ An authorization to perform a | |||
| security-relevant function in the context of a computer's | security-relevant function in the context of a computer's | |||
| operating system. | operating system. | |||
| $ privilege management infrastructure | $ privilege management infrastructure | |||
| (O) "The infrastructure able to support the management of | (O) "The infrastructure able to support the management of | |||
| privileges in support of a comprehensive authorization service and | privileges in support of a comprehensive authorization service and | |||
| in relationship with a" PKI; i.e., processes concerned with | in relationship with a" PKI; i.e., processes concerned with | |||
| attribute certificates. [X509] | attribute certificates. [X509] | |||
| Deprecated Usage: ISDs SHOULD NOT use this term with this | Deprecated Usage: IDOCs SHOULD NOT use this term with this | |||
| definition. This definition is vague, and there is no consensus on | definition. This definition is vague, and there is no consensus on | |||
| a more specific one. | a more specific one. | |||
| $ privileged process | $ privileged process | |||
| (I) An computer process that is authorized (and, therefore, | (I) An computer process that is authorized (and, therefore, | |||
| trusted) to perform some security-relevant functions that ordinary | trusted) to perform some security-relevant functions that ordinary | |||
| processes are not. (See: privilege, trusted process.) | processes are not. (See: privilege, trusted process.) | |||
| $ privileged user | $ privileged user | |||
| (I) An user that has access to system control, monitoring, or | (I) An user that has access to system control, monitoring, or | |||
| skipping to change at page 216, line 39 ¶ | skipping to change at page 216, line 35 ¶ | |||
| something about the system. (See: port scan.) | something about the system. (See: port scan.) | |||
| Tutorial: The purpose of a probe may be offensive, e.g., an | Tutorial: The purpose of a probe may be offensive, e.g., an | |||
| attempt to gather information for circumventing the system's | attempt to gather information for circumventing the system's | |||
| protections; or the purpose may be defensive, e.g., to verify that | protections; or the purpose may be defensive, e.g., to verify that | |||
| the system is working properly. | the system is working properly. | |||
| $ procedural security | $ procedural security | |||
| (D) Synonym for "administrative security". | (D) Synonym for "administrative security". | |||
| Deprecated Term: ISDs SHOULD NOT use this term as a synonym for | Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for | |||
| "administrative security". The term may be misleading because any | "administrative security". The term may be misleading because any | |||
| type of security may involve procedures, and procedures may be | type of security may involve procedures, and procedures may be | |||
| either external to the system or internal. Instead, use | either external to the system or internal. Instead, use | |||
| "administrative security", "communication security", "computer | "administrative security", "communication security", "computer | |||
| security", "emanations security", "personnel security", "physical | security", "emanations security", "personnel security", "physical | |||
| security", or whatever specific type is meant. (See: security | security", or whatever specific type is meant. (See: security | |||
| architecture.) | architecture.) | |||
| $ profile | $ profile | |||
| See: certificate profile, protection profile. | See: certificate profile, protection profile. | |||
| skipping to change at page 220, line 28 ¶ | skipping to change at page 220, line 28 ¶ | |||
| authentication of clients, or peer entity authentication of | authentication of clients, or peer entity authentication of | |||
| servers when clients do not have that ability. A proxy at OSIRM | servers when clients do not have that ability. A proxy at OSIRM | |||
| Layer 7 can also provide finer-grained security service than can a | Layer 7 can also provide finer-grained security service than can a | |||
| filtering router at Layer 3. For example, an FTP proxy could | filtering router at Layer 3. For example, an FTP proxy could | |||
| permit transfers out of, but not into, a protected network. | permit transfers out of, but not into, a protected network. | |||
| $ proxy certificate | $ proxy certificate | |||
| (I) An X.509 public-key certificate derived from a end-entity | (I) An X.509 public-key certificate derived from a end-entity | |||
| certificate, or from another proxy certificate, for the purpose of | certificate, or from another proxy certificate, for the purpose of | |||
| establishing proxies and delegating authorizations in the context | establishing proxies and delegating authorizations in the context | |||
| of a PKI-based authentication system. [R3280] | of a PKI-based authentication system. [R3820] | |||
| Tutorial: A proxy certificate has the following properties: | Tutorial: A proxy certificate has the following properties: | |||
| - It contains an critical extension that (a) identifies it as a | - It contains an critical extension that (a) identifies it as a | |||
| proxy certificate and (b) may contain a certification path | proxy certificate and (b) may contain a certification path | |||
| length constraint and policy constraints. | length constraint and policy constraints. | |||
| - It contains the public component of a key pair that is distinct | - It contains the public component of a key pair that is distinct | |||
| from that associated with any other certificate. | from that associated with any other certificate. | |||
| - It is signed by the private component of a key pair that is | - It is signed by the private component of a key pair that is | |||
| associated with an end-entity certificate or another proxy | associated with an end-entity certificate or another proxy | |||
| certificate. | certificate. | |||
| skipping to change at page 221, line 5 ¶ | skipping to change at page 221, line 5 ¶ | |||
| (I) A sequence of values that appears to be random (i.e., | (I) A sequence of values that appears to be random (i.e., | |||
| unpredictable) but is actually generated by a deterministic | unpredictable) but is actually generated by a deterministic | |||
| algorithm. (See: compression, random, random number generator.) | algorithm. (See: compression, random, random number generator.) | |||
| $ pseudorandom number generator | $ pseudorandom number generator | |||
| (I) See: secondary definition under "random number generator". | (I) See: secondary definition under "random number generator". | |||
| $ public component | $ public component | |||
| (I) Synonym for "public key". | (I) Synonym for "public key". | |||
| Deprecated Usage: In most cases, ISDs SHOULD NOT use this term; to | Deprecated Usage: In most cases, IDOCs SHOULD NOT use this term; | |||
| avoid confusing readers, use "private key" instead. However, the | to avoid confusing readers, use "private key" instead. However, | |||
| term MAY be used when discussing a key pair; e.g., "A key pair has | the term MAY be used when discussing a key pair; e.g., "A key pair | |||
| a public component and a private component." | has a public component and a private component." | |||
| $ public key | $ public key | |||
| 1. (I) The publicly disclosable component of a pair of | 1. (I) The publicly disclosable component of a pair of | |||
| cryptographic keys used for asymmetric cryptography. (See: key | cryptographic keys used for asymmetric cryptography. (See: key | |||
| pair. Compare: private key.) | pair. Compare: private key.) | |||
| 2. (O) In a public key cryptosystem, "that key of a user's key | 2. (O) In a public key cryptosystem, "that key of a user's key | |||
| pair which is publicly known." [X509] | pair which is publicly known." [X509] | |||
| $ public-key certificate | $ public-key certificate | |||
| skipping to change at page 221, line 40 ¶ | skipping to change at page 221, line 40 ¶ | |||
| unforgeable. Thus, the certificate can be published, such as by | unforgeable. Thus, the certificate can be published, such as by | |||
| posting it in a directory, without the directory having to protect | posting it in a directory, without the directory having to protect | |||
| the certificate's data integrity. | the certificate's data integrity. | |||
| $ public-key cryptography | $ public-key cryptography | |||
| (I) Synonym for "asymmetric cryptography". | (I) Synonym for "asymmetric cryptography". | |||
| $ Public-Key Cryptography Standards (PKCS) | $ Public-Key Cryptography Standards (PKCS) | |||
| (N) A series of specifications published by RSA Laboratories for | (N) A series of specifications published by RSA Laboratories for | |||
| data structures and algorithms used in basic applications of | data structures and algorithms used in basic applications of | |||
| asymmetric cryptography. (See: PKCS #5 through PKCS #11.) | asymmetric cryptography. [PKCS] (See: PKCS #5 through PKCS #11.) | |||
| Tutorial: The PKCS were begun in 1991 in cooperation with industry | Tutorial: The PKCS were begun in 1991 in cooperation with industry | |||
| and academia, originally including Apple, Digital, Lotus, | and academia, originally including Apple, Digital, Lotus, | |||
| Microsoft, Northern Telecom, Sun, and MIT. Today, the | Microsoft, Northern Telecom, Sun, and MIT. Today, the | |||
| specifications are widely used, but they are not sanctioned by an | specifications are widely used, but they are not sanctioned by an | |||
| official standards organization, such as ANSI, ITU-T, or IETF. RSA | official standards organization, such as ANSI, ITU-T, or IETF. RSA | |||
| Laboratories retains sole decision-making authority over the PKCS. | Laboratories retains sole decision-making authority over the PKCS. | |||
| $ public-key forward secrecy (PFS) | $ public-key forward secrecy (PFS) | |||
| (I) For a key-agreement protocol based on asymmetric cryptography, | (I) For a key-agreement protocol based on asymmetric cryptography, | |||
| skipping to change at page 223, line 10 ¶ | skipping to change at page 223, line 10 ¶ | |||
| resistant. [C4009] (Compare: protective packaging, TEMPEST.) | resistant. [C4009] (Compare: protective packaging, TEMPEST.) | |||
| Tutorial: Equipment cannot be made completely tamper-proof, but it | Tutorial: Equipment cannot be made completely tamper-proof, but it | |||
| can be made tamper-resistant or tamper-evident. | can be made tamper-resistant or tamper-evident. | |||
| $ qualified certificate | $ qualified certificate | |||
| (I) A public-key certificate that has the primary purpose of | (I) A public-key certificate that has the primary purpose of | |||
| identifying a person with a high level of assurance, where the | identifying a person with a high level of assurance, where the | |||
| certificate meets some qualification requirements defined by an | certificate meets some qualification requirements defined by an | |||
| applicable legal framework, such as the European Directive on | applicable legal framework, such as the European Directive on | |||
| Electronic Signature [EU-ESDIR]. [R3739]. | Electronic Signature. [R3739] | |||
| $ quick mode | $ quick mode | |||
| (I) See: /IKE/ under "mode". | (I) See: /IKE/ under "mode". | |||
| $ RA | $ RA | |||
| (I) See: registration authority. | (I) See: registration authority. | |||
| $ RA domains | $ RA domains | |||
| (I) A feature of a CAW that allows a CA to divide the | (I) A feature of a CAW that allows a CA to divide the | |||
| responsibility for certificate requests among multiple RAs. | responsibility for certificate requests among multiple RAs. | |||
| skipping to change at page 224, line 20 ¶ | skipping to change at page 224, line 20 ¶ | |||
| uniformly distributed. | uniformly distributed. | |||
| - "Pseudorandom number generator": It uses a deterministic | - "Pseudorandom number generator": It uses a deterministic | |||
| computational process (usually implemented by software) that | computational process (usually implemented by software) that | |||
| has one or more inputs called "seeds", and it outputs a | has one or more inputs called "seeds", and it outputs a | |||
| sequence of values that appears to be random according to | sequence of values that appears to be random according to | |||
| specified statistical tests. | specified statistical tests. | |||
| $ RBAC | $ RBAC | |||
| (N) See: role-based access control, rule-based access control. | (N) See: role-based access control, rule-based access control. | |||
| Deprecated Usage: ISDs that use this term SHOULD state a | Deprecated Usage: IDOCs that use this term SHOULD state a | |||
| definition for it because the abbreviation is ambiguous. | definition for it because the abbreviation is ambiguous. | |||
| $ RC2, RC4, RC6 | $ RC2, RC4, RC6 | |||
| (N) See: Rivest Cipher #2, #4, #6. | (N) See: Rivest Cipher #2, #4, #6. | |||
| $ read | $ read | |||
| (I) /security model/ A system operation that causes a flow of | (I) /security model/ A system operation that causes a flow of | |||
| information from an object to a subject. (See: access mode. | information from an object to a subject. (See: access mode. | |||
| Compare: write.) | Compare: write.) | |||
| skipping to change at page 225, line 24 ¶ | skipping to change at page 225, line 24 ¶ | |||
| $ RED/BLACK separation | $ RED/BLACK separation | |||
| (N) An architectural concept for cryptographic systems that | (N) An architectural concept for cryptographic systems that | |||
| strictly separates the parts of a system that handle plain text | strictly separates the parts of a system that handle plain text | |||
| (i.e., RED information) from the parts that handle cipher text | (i.e., RED information) from the parts that handle cipher text | |||
| (i.e., BLACK information). (See: BLACK, RED.) | (i.e., BLACK information). (See: BLACK, RED.) | |||
| $ Red Book | $ Red Book | |||
| (D) /slang/ Synonym for "Trusted Network Interpretation of the | (D) /slang/ Synonym for "Trusted Network Interpretation of the | |||
| Trusted Computer System Evaluation Criteria" [NCS05]. | Trusted Computer System Evaluation Criteria" [NCS05]. | |||
| Deprecated Term: ISDs SHOULD NOT use this term. Instead, use the | Deprecated Term: IDOCs SHOULD NOT use this term. Instead, use the | |||
| full proper name of the document or, in subsequent references, a | full proper name of the document or, in subsequent references, a | |||
| more conventional abbreviation, e.g., TNI-TCSEC. (See: TCSEC, | more conventional abbreviation, e.g., TNI-TCSEC. (See: TCSEC, | |||
| Rainbow Series, Deprecated Usage under "Green Book".) | Rainbow Series, Deprecated Usage under "Green Book".) | |||
| $ RED key | $ RED key | |||
| (N) A cleartext key, which is usable in its present form (i.e., it | (N) A cleartext key, which is usable in its present form (i.e., it | |||
| does not need to be decrypted before being used). (See: RED. | does not need to be decrypted before being used). (See: RED. | |||
| Compare: BLACK key.) | Compare: BLACK key.) | |||
| $ reference monitor | $ reference monitor | |||
| skipping to change at page 225, line 53 ¶ | skipping to change at page 225, line 53 ¶ | |||
| to analysis and tests to ensure that it is correct). | to analysis and tests to ensure that it is correct). | |||
| $ reflection attack | $ reflection attack | |||
| (I) An attack in which a valid data transmission is replayed to | (I) An attack in which a valid data transmission is replayed to | |||
| the originator by an attacker who intercepts the original | the originator by an attacker who intercepts the original | |||
| transmission. (Compare: indirect attack, replay attack.) | transmission. (Compare: indirect attack, replay attack.) | |||
| $ reflector attack | $ reflector attack | |||
| (D) Synonym for "indirect attack". | (D) Synonym for "indirect attack". | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it could be | Deprecated Term: IDOCs SHOULD NOT use this term; it could be | |||
| confused with "reflection attack", which is a different concept. | confused with "reflection attack", which is a different concept. | |||
| $ registered user | $ registered user | |||
| (I) A system entity that is authorized to receive a system's | (I) A system entity that is authorized to receive a system's | |||
| products and services or otherwise access system resources. (See: | products and services or otherwise access system resources. (See: | |||
| registration, user.) | registration, user.) | |||
| $ registration | $ registration | |||
| 1. (I) /information system/ A system process that (a) initializes | 1. (I) /information system/ A system process that (a) initializes | |||
| an identity (of a system entity) in the system, (b) establishes an | an identity (of a system entity) in the system, (b) establishes an | |||
| skipping to change at page 229, line 45 ¶ | skipping to change at page 229, line 45 ¶ | |||
| responsibility for sending data. | responsibility for sending data. | |||
| - False denial of receipt: Action whereby a recipient denies | - False denial of receipt: Action whereby a recipient denies | |||
| receiving and possessing data. | receiving and possessing data. | |||
| 3. (O) /OSIRM/ "Denial by one of the entities involved in a | 3. (O) /OSIRM/ "Denial by one of the entities involved in a | |||
| communication of having participated in all or part of the | communication of having participated in all or part of the | |||
| communication." [I7498-2] | communication." [I7498-2] | |||
| $ Request for Comment (RFC) | $ Request for Comment (RFC) | |||
| 1. (I) One of the documents in the archival series that is the | 1. (I) One of the documents in the archival series that is the | |||
| official channel for ISDs and other publications of the Internet | official channel for IDOCs and other publications of the Internet | |||
| Engineering Steering Group, the Internet Architecture Board, and | Engineering Steering Group, the Internet Architecture Board, and | |||
| the Internet community in general. (RFC 2026, 2223) (See: Internet | the Internet community in general. (RFC 2026, 2223) (See: Internet | |||
| Standard.) | Standard.) | |||
| 2. (D) A popularly misused synonym for a document on the Internet | 2. (D) A popularly misused synonym for a document on the Internet | |||
| Standards Track, i.e., an Internet Standard, Draft Standard, or | Standards Track, i.e., an Internet Standard, Draft Standard, or | |||
| Proposed Standard. (See: Internet Standard.) | Proposed Standard. (See: Internet Standard.) | |||
| Deprecated Definition: ISDs SHOULD NOT use this term with | Deprecated Definition: IDOCs SHOULD NOT use this term with | |||
| definition 2 because many other types of documents also are | definition 2 because many other types of documents also are | |||
| published as RFCs. | published as RFCs. | |||
| $ residual risk | $ residual risk | |||
| (I) The portion of an original risk or set of risks that remains | (I) The portion of an original risk or set of risks that remains | |||
| after countermeasures have been applied. (Compare: acceptable | after countermeasures have been applied. (Compare: acceptable | |||
| risk, risk analysis.) | risk, risk analysis.) | |||
| $ restore | $ restore | |||
| See: card restore. | See: card restore. | |||
| skipping to change at page 233, line 38 ¶ | skipping to change at page 233, line 38 ¶ | |||
| to get v'. He then computes h(m') = v". If v' equals v", Bob is | to get v'. He then computes h(m') = v". If v' equals v", Bob is | |||
| assured that m' is the same m that Alice sent. | assured that m' is the same m that Alice sent. | |||
| $ robustness | $ robustness | |||
| (N) See: level of robustness. | (N) See: level of robustness. | |||
| $ role | $ role | |||
| 1. (I) A job function or employment position to which people or | 1. (I) A job function or employment position to which people or | |||
| other system entities may be assigned in a system. (See: role- | other system entities may be assigned in a system. (See: role- | |||
| based access control. Compare: duty, billet, principal, user.) | based access control. Compare: duty, billet, principal, user.) | |||
| f | ||||
| 2. (O) /Common Criteria/ A pre-defined set of rules establishing | 2. (O) /Common Criteria/ A pre-defined set of rules establishing | |||
| the allowed interactions between a user and the TOE. | the allowed interactions between a user and the TOE. | |||
| $ role-based access control | $ role-based access control | |||
| (I) A form of identity-based access control wherein the system | (I) A form of identity-based access control wherein the system | |||
| entities that are identified and controlled are functional | entities that are identified and controlled are functional | |||
| positions in an organization or process. [Sand] (See: | positions in an organization or process. [Sand] (See: | |||
| authorization, constraint, identity, principal, role.) | authorization, constraint, identity, principal, role.) | |||
| Tutorial: Administrators assign permissions to roles as needed to | Tutorial: Administrators assign permissions to roles as needed to | |||
| skipping to change at page 237, line 22 ¶ | skipping to change at page 237, line 22 ¶ | |||
| $ salami swindle | $ salami swindle | |||
| (D) /slang/ "Slicing off a small amount from each transaction. | (D) /slang/ "Slicing off a small amount from each transaction. | |||
| This kind of theft was made worthwhile by automation. Given a high | This kind of theft was made worthwhile by automation. Given a high | |||
| transaction flow, even rounding down to the nearest cent and | transaction flow, even rounding down to the nearest cent and | |||
| putting the 'extra' in a bogus account can be very profitable." | putting the 'extra' in a bogus account can be very profitable." | |||
| [NCSSG] | [NCSSG] | |||
| Deprecated Term: It is likely that other cultures use different | Deprecated Term: It is likely that other cultures use different | |||
| metaphors for this concept. Therefore, to avoid international | metaphors for this concept. Therefore, to avoid international | |||
| misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated | misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated | |||
| Usage under "Green Book.") | Usage under "Green Book.") | |||
| $ salt | $ salt | |||
| (I) A data value used to vary the results of a computation in a | (I) A data value used to vary the results of a computation in a | |||
| security mechanism, so that an exposed computational result from | security mechanism, so that an exposed computational result from | |||
| one instance of applying the mechanism cannot be reused by an | one instance of applying the mechanism cannot be reused by an | |||
| attacker in another instance. (Compare: initialization value.) | attacker in another instance. (Compare: initialization value.) | |||
| Example: A password-based access control mechanism might protect | Example: A password-based access control mechanism might protect | |||
| against capture or accidental disclosure of its password file by | against capture or accidental disclosure of its password file by | |||
| skipping to change at page 238, line 32 ¶ | skipping to change at page 238, line 32 ¶ | |||
| $ SCOMP | $ SCOMP | |||
| (N) Secure COMmunications Processor; an enhanced, MLS version of | (N) Secure COMmunications Processor; an enhanced, MLS version of | |||
| the Honeywell Level 6 minicomputer. It was the first system to be | the Honeywell Level 6 minicomputer. It was the first system to be | |||
| rated in TCSEC Class A1. (See: KSOS.) | rated in TCSEC Class A1. (See: KSOS.) | |||
| $ screen room | $ screen room | |||
| (D) /slang/ Synonym for "shielded enclosure" in the context of | (D) /slang/ Synonym for "shielded enclosure" in the context of | |||
| electromagnetic emanations. (See: EMSEC, TEMPEST.) | electromagnetic emanations. (See: EMSEC, TEMPEST.) | |||
| Deprecated Term: To avoid international misunderstanding, ISDs | Deprecated Term: To avoid international misunderstanding, IDOCs | |||
| SHOULD NOT use this term. | SHOULD NOT use this term. | |||
| $ screening router | $ screening router | |||
| (I) Synonym for "filtering router". | (I) Synonym for "filtering router". | |||
| $ script kiddy | $ script kiddy | |||
| (D) /slang/ A cracker who is able to use existing attack | (D) /slang/ A cracker who is able to use existing attack | |||
| techniques (i.e., to read scripts) and execute existing attack | techniques (i.e., to read scripts) and execute existing attack | |||
| software, but is unable to invent new exploits or manufacture the | software, but is unable to invent new exploits or manufacture the | |||
| tools to perform them; pejoratively, an immature or novice | tools to perform them; pejoratively, an immature or novice | |||
| cracker. | cracker. | |||
| Deprecated Term: It is likely that other cultures use different | Deprecated Term: It is likely that other cultures use different | |||
| metaphors for this concept. Therefore, to avoid international | metaphors for this concept. Therefore, to avoid international | |||
| misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated | misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated | |||
| Usage under "Green Book".) | Usage under "Green Book".) | |||
| $ SDE | $ SDE | |||
| (N) See: Secure Data Exchange. | (N) See: Secure Data Exchange. | |||
| $ SDNS | $ SDNS | |||
| (O) See: Secure Data Network System. | (O) See: Secure Data Network System. | |||
| $ SDU | $ SDU | |||
| (N) See: "service data unit" under "protocol data unit". | (N) See: "service data unit" under "protocol data unit". | |||
| $ seal | $ seal | |||
| 1. (I) To use asymmetric cryptography to encrypt plain text with a | 1. (I) To use asymmetric cryptography to encrypt plain text with a | |||
| public key in such a way that only the holder of the matching | public key in such a way that only the holder of the matching | |||
| private key can learn what was the plain text. [Chau] (Compare: | private key can learn what was the plain text. [Chau] (Compare: | |||
| shroud, wrap.) | shroud, wrap.) | |||
| Deprecated Usage: ISDs SHOULD NOT use this term with definition 1 | Deprecated Usage: An IDOC SHOULD NOT use this term with definition | |||
| unless the ISD includes the definition, because the definition is | 1 unless the IDOC includes the definition, because the definition | |||
| not widely known and the concept can be expressed by using other, | is not widely known and the concept can be expressed by using | |||
| standard terms. Instead, use "salt and encrypt" or other | other, standard terms. Instead, use "salt and encrypt" or other | |||
| terminology that is specific with regard to the mechanism being | terminology that is specific with regard to the mechanism being | |||
| used. | used. | |||
| Tutorial: The definition does *not* say "only the holder of the | Tutorial: The definition does *not* say "only the holder of the | |||
| matching private key can decrypt the ciphertext to learn what was | matching private key can decrypt the ciphertext to learn what was | |||
| the plaintext"; sealing is stronger than that. If Alice simply | the plaintext"; sealing is stronger than that. If Alice simply | |||
| encrypts a plaintext P with a public key K to produce ciphertext C | encrypts a plaintext P with a public key K to produce ciphertext C | |||
| = K(P), then if Bob guesses that P = X, Bob could verify the guess | = K(P), then if Bob guesses that P = X, Bob could verify the guess | |||
| by checking whether K(P) = K(X). To "seal" P and block Bob's | by checking whether K(P) = K(X). To "seal" P and block Bob's | |||
| guessing attack, Alice could attach a long string R of random bits | guessing attack, Alice could attach a long string R of random bits | |||
| to P before encrypting to produce C = K(P,R); if Bob guesses that | to P before encrypting to produce C = K(P,R); if Bob guesses that | |||
| P = X, Bob can only test the guess by also guessing R. (See: | P = X, Bob can only test the guess by also guessing R. (See: | |||
| salt.) | salt.) | |||
| 2. (D) To use cryptography to provide data integrity service for a | 2. (D) To use cryptography to provide data integrity service for a | |||
| data object. (See: sign.) | data object. (See: sign.) | |||
| Deprecated Definition: ISDs SHOULD NOT use this term with | Deprecated Definition: IDOCs SHOULD NOT use this term with | |||
| definition 2. Instead, use a term that is more specific with | definition 2. Instead, use a term that is more specific with | |||
| regard to the mechanism used to provide the data integrity | regard to the mechanism used to provide the data integrity | |||
| service; e.g., use "sign" when the mechanism is digital signature. | service; e.g., use "sign" when the mechanism is digital signature. | |||
| $ secret | $ secret | |||
| 1a. (I) /adjective/ The condition of information being protected | 1a. (I) /adjective/ The condition of information being protected | |||
| from being known by any system entities except those that are | from being known by any system entities except those that are | |||
| intended to know it. (See: data confidentiality.) | intended to know it. (See: data confidentiality.) | |||
| 1b. (I) /noun/ An item of information that is protected thusly. | 1b. (I) /noun/ An item of information that is protected thusly. | |||
| Usage: This term applies to symmetric keys, private keys, and | Usage: This term applies to symmetric keys, private keys, and | |||
| passwords. | passwords. | |||
| $ secret key | $ secret key | |||
| (D) A key that is kept secret or needs to be kept secret. | (D) A key that is kept secret or needs to be kept secret. | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts | Deprecated Term: IDOCs SHOULD NOT use this term; it mixes concepts | |||
| in a potentially misleading way. In the context of asymmetric | in a potentially misleading way. In the context of asymmetric | |||
| cryptography, ISDs SHOULD use "private key". In the context of | cryptography, IDOCs SHOULD use "private key". In the context of | |||
| symmetric cryptography, the adjective "secret" is unnecessary | symmetric cryptography, the adjective "secret" is unnecessary | |||
| because all keys must be kept secret. | because all keys must be kept secret. | |||
| $ secret-key cryptography | $ secret-key cryptography | |||
| (D) Synonym for "symmetric cryptography". | (D) Synonym for "symmetric cryptography". | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it could be | Deprecated Term: IDOCs SHOULD NOT use this term; it could be | |||
| confused with "asymmetric cryptography", in which the private key | confused with "asymmetric cryptography", in which the private key | |||
| is kept secret. | is kept secret. | |||
| Derivation: Symmetric cryptography is sometimes called "secret-key | Derivation: Symmetric cryptography is sometimes called "secret-key | |||
| cryptography" because entities that share the key, such as the | cryptography" because entities that share the key, such as the | |||
| originator and the recipient of a message, need to keep the key | originator and the recipient of a message, need to keep the key | |||
| secret from other entities. | secret from other entities. | |||
| $ Secure BGP (S-BGP) | $ Secure BGP (S-BGP) | |||
| (I) A project of BBN Technologies, sponsored by the U.S. DoD's | (I) A project of BBN Technologies, sponsored by the U.S. DoD's | |||
| skipping to change at page 240, line 54 ¶ | skipping to change at page 240, line 54 ¶ | |||
| $ Secure Data Network System (SDNS) | $ Secure Data Network System (SDNS) | |||
| (O) An NSA program that developed security protocols for | (O) An NSA program that developed security protocols for | |||
| electronic mail (see: MSP), OSIRM Layer 3 (see: SP3), OSIRM Layer | electronic mail (see: MSP), OSIRM Layer 3 (see: SP3), OSIRM Layer | |||
| 4 (see: SP4), and key establishment (see: KMP). | 4 (see: SP4), and key establishment (see: KMP). | |||
| $ secure distribution | $ secure distribution | |||
| (I) See: trusted distribution. | (I) See: trusted distribution. | |||
| $ Secure Hash Algorithm (SHA) | $ Secure Hash Algorithm (SHA) | |||
| (N) A cryptographic hash function (specified in SHS) that produces | (N) A cryptographic hash function (specified in SHS) that produces | |||
| a 160-bit output (hash result) for input data of any length < | an output (see: "hash result") -- of selectable length of either | |||
| 160, 224, 256, 384, or 512 bits -- for input data of any length < | ||||
| 2**64 bits. | 2**64 bits. | |||
| $ Secure Hash Standard (SHS) | $ Secure Hash Standard (SHS) | |||
| (N) The U.S. Government standard [FP180] that specifies SHA. | (N) The U.S. Government standard [FP180] that specifies SHA. | |||
| $ Secure Hypertext Transfer Protocol (S-HTTP) | $ Secure Hypertext Transfer Protocol (S-HTTP) | |||
| (I) A Internet protocol [R2660] for providing client-server | (I) A Internet protocol [R2660] for providing client-server | |||
| security services for HTTP communications. (Compare: https.) | security services for HTTP communications. (Compare: https.) | |||
| Tutorial: S-HTTP was originally specified by CommerceNet, a | Tutorial: S-HTTP was originally specified by CommerceNet, a | |||
| skipping to change at page 241, line 52 ¶ | skipping to change at page 241, line 53 ¶ | |||
| - Multicast security policy: Policy translation and | - Multicast security policy: Policy translation and | |||
| interpretation across the multiple administrative domains that | interpretation across the multiple administrative domains that | |||
| typically are spanned by a multicast application. | typically are spanned by a multicast application. | |||
| $ Secure Shell(trademark) (SSH(trademark)) | $ Secure Shell(trademark) (SSH(trademark)) | |||
| (N) Refers to a protocol for secure remote login and other secure | (N) Refers to a protocol for secure remote login and other secure | |||
| network services. | network services. | |||
| Usage: On the Web site of SSH Communication Security Corporation, | Usage: On the Web site of SSH Communication Security Corporation, | |||
| at http://www.ssh.com/legal_notice.html, it says, "SSH [and] the | at http://www.ssh.com/legal_notice.html, it says, "SSH [and] the | |||
| SSH logo . . . are either trademarks or registered trademarks of | SSH logo ... are either trademarks or registered trademarks of | |||
| SSH." This Glossary seeks to make readers aware of this trademark | SSH." This Glossary seeks to make readers aware of this trademark | |||
| claim but takes no position on its validity. | claim but takes no position on its validity. | |||
| Tutorial: SSH has three main parts: | Tutorial: SSH has three main parts: | |||
| - Transport layer protocol: Provides server authentication, | - Transport layer protocol: Provides server authentication, | |||
| confidentiality, and integrity; and can optionally provide | confidentiality, and integrity; and can optionally provide | |||
| compression. This layer typically runs over a TCP connection, | compression. This layer typically runs over a TCP connection, | |||
| but might also run on top of any other reliable data stream. | but might also run on top of any other reliable data stream. | |||
| - User authentication protocol: Authenticates the client-side | - User authentication protocol: Authenticates the client-side | |||
| user to the server. It runs over the transport layer protocol. | user to the server. It runs over the transport layer protocol. | |||
| skipping to change at page 244, line 37 ¶ | skipping to change at page 244, line 38 ¶ | |||
| 3. (O) "A set of policy and cryptographic keys that provide | 3. (O) "A set of policy and cryptographic keys that provide | |||
| security services to network traffic that matches that policy". | security services to network traffic that matches that policy". | |||
| [R3740] (See: cryptographic association, group security | [R3740] (See: cryptographic association, group security | |||
| association.) | association.) | |||
| 4. (O) "The totality of communications and security mechanisms and | 4. (O) "The totality of communications and security mechanisms and | |||
| functions (e.g., communications protocols, security protocols, | functions (e.g., communications protocols, security protocols, | |||
| security mechanisms and functions) that securely binds together | security mechanisms and functions) that securely binds together | |||
| two security contexts in different end systems or relay systems | two security contexts in different end systems or relay systems | |||
| supporting the same information domain." [DGSA] | supporting the same information domain." [DoD6] | |||
| $ Security Association Database (SAD) | $ Security Association Database (SAD) | |||
| (I) /IPsec/ In an IPsec implementation that operates in a network | (I) /IPsec/ In an IPsec implementation that operates in a network | |||
| node, a database that contains parameters to describe the status | node, a database that contains parameters to describe the status | |||
| and operation of each of the active security associations that the | and operation of each of the active security associations that the | |||
| node has established with other nodes. Separate inbound and | node has established with other nodes. Separate inbound and | |||
| outbound SADs are needed because of the directionality of IPsec | outbound SADs are needed because of the directionality of IPsec | |||
| security associations. [R2401] (Compare: SPD.) | security associations. [R2401] (Compare: SPD.) | |||
| $ security association identifier (SAID) | $ security association identifier (SAID) | |||
| skipping to change at page 245, line 14 ¶ | skipping to change at page 245, line 17 ¶ | |||
| for having confidence that the system operates such that the | for having confidence that the system operates such that the | |||
| system's security policy is enforced. (Compare: trust.) | system's security policy is enforced. (Compare: trust.) | |||
| 2. (I) A procedure that ensures a system is developed and operated | 2. (I) A procedure that ensures a system is developed and operated | |||
| as intended by the system's security policy. | as intended by the system's security policy. | |||
| 3. (D) "The degree of confidence one has that the security | 3. (D) "The degree of confidence one has that the security | |||
| controls operate correctly and protect the system as intended." | controls operate correctly and protect the system as intended." | |||
| [SP12] | [SP12] | |||
| Deprecated Definition: ISDs SHOULD NOT use definition 3; it is a | Deprecated Definition: IDOCs SHOULD NOT use definition 3; it is a | |||
| definition for "assurance level" rather than for "assurance". | definition for "assurance level" rather than for "assurance". | |||
| 4. (D) /U.S. Government, identity authentication/ The (a) "degree | 4. (D) /U.S. Government, identity authentication/ The (a) "degree | |||
| of confidence in the vetting process used to establish the | of confidence in the vetting process used to establish the | |||
| identity of the individual to whom the [identity] credential was | identity of the individual to whom the [identity] credential was | |||
| issued" and the (b) "degree of confidence that the individual who | issued" and the (b) "degree of confidence that the individual who | |||
| uses the credential is the individual to whom the credential was | uses the credential is the individual to whom the credential was | |||
| issued". [M0404] | issued". [M0404] | |||
| Deprecated Definition: ISDs SHOULD NOT use definition 4; it mixes | Deprecated Definition: IDOCs SHOULD NOT use definition 4; it mixes | |||
| concepts in a potentially misleading way. Part "a" is a definition | concepts in a potentially misleading way. Part "a" is a definition | |||
| for "assurance level" (rather than "security assurance") of an | for "assurance level" (rather than "security assurance") of an | |||
| identity registration process; and part "b" is a definition for | identity registration process; and part "b" is a definition for | |||
| "assurance level" (rather than "security assurance") of an | "assurance level" (rather than "security assurance") of an | |||
| identity authentication process. Also, the processes of | identity authentication process. Also, the processes of | |||
| registration and authentication should be defined and designed | registration and authentication should be defined and designed | |||
| separately to ensure clarity in certification. | separately to ensure clarity in certification. | |||
| $ security audit | $ security audit | |||
| (I) An independent review and examination of a system's records | (I) An independent review and examination of a system's records | |||
| skipping to change at page 246, line 28 ¶ | skipping to change at page 246, line 31 ¶ | |||
| In computer and network security, the principle of "no security by | In computer and network security, the principle of "no security by | |||
| obscurity" also applies to security mechanisms other than | obscurity" also applies to security mechanisms other than | |||
| cryptography. For example, if the design and implementation of a | cryptography. For example, if the design and implementation of a | |||
| protocol for access control are strong, then reading the | protocol for access control are strong, then reading the | |||
| protocol's source code should not enable you to find a way to | protocol's source code should not enable you to find a way to | |||
| evade the protection and penetrate the system. | evade the protection and penetrate the system. | |||
| $ security class | $ security class | |||
| (D) Synonym for "security level". | (D) Synonym for "security level". | |||
| Deprecated Term: ISDs SHOULD NOT use this term. Instead, use | Deprecated Term: IDOCs SHOULD NOT use this term. Instead, use | |||
| "security level", which is more widely established and understood. | "security level", which is more widely established and understood. | |||
| $ security clearance | $ security clearance | |||
| (I) A determination that a person is eligible, under the standards | (I) A determination that a person is eligible, under the standards | |||
| of a specific security policy, for authorization to access | of a specific security policy, for authorization to access | |||
| sensitive information or other system resources. (See: clearance | sensitive information or other system resources. (See: clearance | |||
| level.) | level.) | |||
| $ security compromise | $ security compromise | |||
| (I) A security violation in which a system resource is exposed, or | (I) A security violation in which a system resource is exposed, or | |||
| skipping to change at page 248, line 29 ¶ | skipping to change at page 248, line 31 ¶ | |||
| $ security incident | $ security incident | |||
| 1. (I) A security event that involves a security violation. (See: | 1. (I) A security event that involves a security violation. (See: | |||
| CERT, security event, security intrusion, security violation.) | CERT, security event, security intrusion, security violation.) | |||
| Tutorial: In other words, a security event in which the system's | Tutorial: In other words, a security event in which the system's | |||
| security policy is disobeyed or otherwise breached. | security policy is disobeyed or otherwise breached. | |||
| 2. (D) "Any adverse event [that] compromises some aspect of | 2. (D) "Any adverse event [that] compromises some aspect of | |||
| computer or network security." [R2350] | computer or network security." [R2350] | |||
| Deprecated Definition: ISDs SHOULD NOT use definition 2 because | Deprecated Definition: IDOCs SHOULD NOT use definition 2 because | |||
| (a) a security incident may occur without actually being harmful | (a) a security incident may occur without actually being harmful | |||
| (i.e., adverse) and because (b) this Glossary defines "compromise" | (i.e., adverse) and because (b) this Glossary defines "compromise" | |||
| more narrowly in relation to unauthorized access. | more narrowly in relation to unauthorized access. | |||
| 3. (D) "A violation or imminent threat of violation of computer | 3. (D) "A violation or imminent threat of violation of computer | |||
| security policies, acceptable use policies, or standard computer | security policies, acceptable use policies, or standard computer | |||
| security practices." [SP61] | security practices." [SP61] | |||
| Deprecated Definition: ISDs SHOULD NOT use definition 3 because it | Deprecated Definition: IDOCs SHOULD NOT use definition 3 because | |||
| mixes concepts in way that does not agree with common usage; a | it mixes concepts in way that does not agree with common usage; a | |||
| security incident is commonly thought of as involving a | security incident is commonly thought of as involving a | |||
| realization of a threat (see: threat action), not just a threat. | realization of a threat (see: threat action), not just a threat. | |||
| $ security intrusion | $ security intrusion | |||
| (I) A security event, or a combination of multiple security | (I) A security event, or a combination of multiple security | |||
| events, that constitutes a security incident in which an intruder | events, that constitutes a security incident in which an intruder | |||
| gains, or attempts to gain, access to a system or system resource | gains, or attempts to gain, access to a system or system resource | |||
| without having authorization to do so. | without having authorization to do so. | |||
| $ security kernel | $ security kernel | |||
| skipping to change at page 248, line 54 ¶ | skipping to change at page 249, line 4 ¶ | |||
| (I) A security event, or a combination of multiple security | (I) A security event, or a combination of multiple security | |||
| events, that constitutes a security incident in which an intruder | events, that constitutes a security incident in which an intruder | |||
| gains, or attempts to gain, access to a system or system resource | gains, or attempts to gain, access to a system or system resource | |||
| without having authorization to do so. | without having authorization to do so. | |||
| $ security kernel | $ security kernel | |||
| (I) "The hardware, firmware, and software elements of a trusted | (I) "The hardware, firmware, and software elements of a trusted | |||
| computing base that implement the reference monitor concept. It | computing base that implement the reference monitor concept. It | |||
| must mediate all accesses, be protected from modification, and be | must mediate all accesses, be protected from modification, and be | |||
| verifiable as correct." [NCS04] (See: kernel, TCB.) | verifiable as correct." [NCS04] (See: kernel, TCB.) | |||
| Tutorial: A security kernel is an implementation of a reference | Tutorial: A security kernel is an implementation of a reference | |||
| monitor for a given hardware base. [Huff] | monitor for a given hardware base. [Huff] | |||
| $ security label | $ security label | |||
| (I) An item of meta-data that designates the value of one or more | (I) An item of meta-data that designates the value of one or more | |||
| security-relevant attributes (e.g., security level) of a system | security-relevant attributes (e.g., security level) of a system | |||
| resource. (See: [R1457]. Compare: security marking.) | resource. (See: [R1457]. Compare: security marking.) | |||
| Deprecated usage: To avoid confusion, ISDs SHOULD NOT use | Deprecated usage: To avoid confusion, IDOCs SHOULD NOT use | |||
| "security label" for "security marking", or vice versa, even | "security label" for "security marking", or vice versa, even | |||
| though that is commonly done (including in some national and | though that is commonly done (including in some national and | |||
| international standards that should know better). | international standards that should know better). | |||
| Tutorial: Humans and automated security mechanisms use a security | Tutorial: Humans and automated security mechanisms use a security | |||
| label of a system resource to determine, according to applicable | label of a system resource to determine, according to applicable | |||
| security policy, how to control access to the resource (and they | security policy, how to control access to the resource (and they | |||
| affix appropriate, matching security markings to physical | affix appropriate, matching security markings to physical | |||
| instances of the resource). Security labels are most often used to | instances of the resource). Security labels are most often used to | |||
| support data confidentiality policy, and sometimes used to support | support data confidentiality policy, and sometimes used to support | |||
| skipping to change at page 249, line 44 ¶ | skipping to change at page 249, line 45 ¶ | |||
| Both classified and unclassified system resources may require a | Both classified and unclassified system resources may require a | |||
| security label. (See: FOUO.) | security label. (See: FOUO.) | |||
| $ security level | $ security level | |||
| (I) The combination of a hierarchical classification level and a | (I) The combination of a hierarchical classification level and a | |||
| set of non-hierarchical category designations that represents how | set of non-hierarchical category designations that represents how | |||
| sensitive a specified type or item of information is. (See: | sensitive a specified type or item of information is. (See: | |||
| dominate, lattice model. Compare: classification level.) | dominate, lattice model. Compare: classification level.) | |||
| Usage: ISDs that use this term SHOULD state a definition for it. | Usage: IDOCs that use this term SHOULD state a definition for it. | |||
| The term is usually understood to involve sensitivity to | The term is usually understood to involve sensitivity to | |||
| disclosure, but it also is used in many other ways and could | disclosure, but it also is used in many other ways and could | |||
| easily be misunderstood. | easily be misunderstood. | |||
| $ Security Level field | $ Security Level field | |||
| (I) A 16-bit field that specifies a security level value in the | (I) A 16-bit field that specifies a security level value in the | |||
| security option (option type 130) of version 4 IP's datagram | security option (option type 130) of version 4 IP's datagram | |||
| header format. | header format. | |||
| Deprecated Abbreviation: ISDs SHOULD NOT use the abbreviation "S | Deprecated Abbreviation: IDOCs SHOULD NOT use the abbreviation "S | |||
| field", which is potentially ambiguous. | field", which is potentially ambiguous. | |||
| $ security management infrastructure (SMI) | $ security management infrastructure (SMI) | |||
| (I) System components and activities that support security policy | (I) System components and activities that support security policy | |||
| by monitoring and controlling security services and mechanisms, | by monitoring and controlling security services and mechanisms, | |||
| distributing security information, and reporting security events. | distributing security information, and reporting security events. | |||
| Tutorial: The associated functions are as follows [I7498-4]: | Tutorial: The associated functions are as follows [I7498-4]: | |||
| - Controlling (granting or restricting) access to system | - Controlling (granting or restricting) access to system | |||
| resources: This includes verifying authorizations and | resources: This includes verifying authorizations and | |||
| skipping to change at page 250, line 52 ¶ | skipping to change at page 250, line 55 ¶ | |||
| Usage: Usually understood to refer primarily to components of | Usage: Usually understood to refer primarily to components of | |||
| communication security, computer security, and emanation security. | communication security, computer security, and emanation security. | |||
| Examples: Authentication exchange, checksum, digital signature, | Examples: Authentication exchange, checksum, digital signature, | |||
| encryption, and traffic padding. | encryption, and traffic padding. | |||
| $ security model | $ security model | |||
| (I) A schematic description of a set of entities and relationships | (I) A schematic description of a set of entities and relationships | |||
| by which a specified set of security services are provided by or | by which a specified set of security services are provided by or | |||
| within a system. Example: Bell-LaPadula model, OSIRM . (See: | within a system. Example: Bell-LaPadula model, OSIRM. (See: | |||
| Tutorial under "security policy".) | Tutorial under "security policy".) | |||
| $ security parameters index (SPI) | $ security parameters index (SPI) | |||
| 1. (I) /IPsec/ A 32-bit identifier used to distinguish among | 1. (I) /IPsec/ A 32-bit identifier used to distinguish among | |||
| security associations that terminate at the same destination (IP | security associations that terminate at the same destination (IP | |||
| address) and use the same security protocol (AH or ESP). Carried | address) and use the same security protocol (AH or ESP). Carried | |||
| in AH and ESP to enable the receiving system to determine under | in AH and ESP to enable the receiving system to determine under | |||
| which security association to process a received packet. | which security association to process a received packet. | |||
| 2. (I) /mobile IP/ A 32-bit index identifying a security | 2. (I) /mobile IP/ A 32-bit index identifying a security | |||
| skipping to change at page 251, line 25 ¶ | skipping to change at page 251, line 25 ¶ | |||
| protocol messages that the nodes exchange. | protocol messages that the nodes exchange. | |||
| $ security perimeter | $ security perimeter | |||
| (I) A physical or logical boundary that is defined for a domain or | (I) A physical or logical boundary that is defined for a domain or | |||
| enclave and within which a particular security policy or security | enclave and within which a particular security policy or security | |||
| architecture applies. (See: insider, outsider.) | architecture applies. (See: insider, outsider.) | |||
| $ security policy | $ security policy | |||
| 1. (I) A definite goal, course, or method of action to guide and | 1. (I) A definite goal, course, or method of action to guide and | |||
| determine present and future decisions concerning security in a | determine present and future decisions concerning security in a | |||
| system. [R3198] (Compare: certificate policy.) | system. [NCS03, R3198] (Compare: certificate policy.) | |||
| 2a. (I) A set of policy rules (or principles) that direct how a | 2a. (I) A set of policy rules (or principles) that direct how a | |||
| system (or an organization) provides security services to protect | system (or an organization) provides security services to protect | |||
| sensitive and critical system resources. (See: identity-based | sensitive and critical system resources. (See: identity-based | |||
| security policy, policy rule, rule-based security policy, rules of | security policy, policy rule, rule-based security policy, rules of | |||
| behavior. Compare: security architecture, security doctrine, | behavior. Compare: security architecture, security doctrine, | |||
| security mechanism, security model, [R1281].) | security mechanism, security model, [R1281].) | |||
| 2b. (O) A set of rules to administer, manage, and control access | 2b. (O) A set of rules to administer, manage, and control access | |||
| to network resources. [R3060, R3198] | to network resources. [R3060, R3198] | |||
| skipping to change at page 253, line 19 ¶ | skipping to change at page 253, line 19 ¶ | |||
| data security at the top of OSIRM Layer 3. (Compare: IPsec, NLSP.) | data security at the top of OSIRM Layer 3. (Compare: IPsec, NLSP.) | |||
| $ Security Protocol 4 (SP4) | $ Security Protocol 4 (SP4) | |||
| (O) A protocol [SDNS4] developed by SDNS to provide either | (O) A protocol [SDNS4] developed by SDNS to provide either | |||
| connectionless or end-to-end connection-oriented data security at | connectionless or end-to-end connection-oriented data security at | |||
| the bottom of OSIRM Layer 4. (See: TLSP.) | the bottom of OSIRM Layer 4. (See: TLSP.) | |||
| $ security-relevant event | $ security-relevant event | |||
| (D) Synonym for "security event". | (D) Synonym for "security event". | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it is wordy. | Deprecated Term: IDOCs SHOULD NOT use this term; it is wordy. | |||
| $ security-sensitive function | $ security-sensitive function | |||
| (D) Synonym for "security function". | (D) Synonym for "security function". | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it is wordy. | Deprecated Term: IDOCs SHOULD NOT use this term; it is wordy. | |||
| $ security service | $ security service | |||
| 1. (I) A processing or communication service that is provided by a | 1. (I) A processing or communication service that is provided by a | |||
| system to give a specific kind of protection to system resources. | system to give a specific kind of protection to system resources. | |||
| (See: access control service, audit service, availability service, | (See: access control service, audit service, availability service, | |||
| data confidentiality service, data integrity service, data origin | data confidentiality service, data integrity service, data origin | |||
| authentication service, non-repudiation service, peer entity | authentication service, non-repudiation service, peer entity | |||
| authentication service, system integrity service.) | authentication service, system integrity service.) | |||
| Tutorial: Security services implement security policies, and are | Tutorial: Security services implement security policies, and are | |||
| skipping to change at page 256, line 24 ¶ | skipping to change at page 256, line 24 ¶ | |||
| defense or foreign policy. | defense or foreign policy. | |||
| Tutorial: Systems that are not U.S. national security systems, but | Tutorial: Systems that are not U.S. national security systems, but | |||
| contain sensitive U.S. Federal Government information, must be | contain sensitive U.S. Federal Government information, must be | |||
| protected according to the Computer Security Act of 1987 (Public | protected according to the Computer Security Act of 1987 (Public | |||
| Law 100-235). (See: national security.) | Law 100-235). (See: national security.) | |||
| $ sensitivity label | $ sensitivity label | |||
| (D) Synonym for "classification label". | (D) Synonym for "classification label". | |||
| Deprecated term: ISDs SHOULD NOT use this term because the | Deprecated term: IDOCs SHOULD NOT use this term because the | |||
| definition of "sensitive" involves not only data confidentiality, | definition of "sensitive" involves not only data confidentiality, | |||
| but also data integrity. | but also data integrity. | |||
| $ sensitivity level | $ sensitivity level | |||
| (D) Synonym for "classification level". | (D) Synonym for "classification level". | |||
| Deprecated term: ISDs SHOULD NOT use this term because the | Deprecated term: IDOCs SHOULD NOT use this term because the | |||
| definition of "sensitive" involves not only data confidentiality, | definition of "sensitive" involves not only data confidentiality, | |||
| but also data integrity. | but also data integrity. | |||
| $ separation of duties | $ separation of duties | |||
| (I) The practice of dividing the steps in a system process among | (I) The practice of dividing the steps in a system process among | |||
| different individual entities (i.e., different users or different | different individual entities (i.e., different users or different | |||
| roles) so as to prevent a single entity acting alone from being | roles) so as to prevent a single entity acting alone from being | |||
| able to subvert the process. Usage: a.k.a. "separation of | able to subvert the process. Usage: a.k.a. "separation of | |||
| privilege". (See: administrative security, dual control.) | privilege". (See: administrative security, dual control.) | |||
| skipping to change at page 258, line 45 ¶ | skipping to change at page 258, line 45 ¶ | |||
| $ SHA, SHA-1, SHA-2 | $ SHA, SHA-1, SHA-2 | |||
| (N) See: Secure Hash Algorithm. | (N) See: Secure Hash Algorithm. | |||
| $ shared identity | $ shared identity | |||
| (I) See: secondary definition under "identity". | (I) See: secondary definition under "identity". | |||
| $ shared secret | $ shared secret | |||
| (D) Synonym for "cryptographic key" or "password". | (D) Synonym for "cryptographic key" or "password". | |||
| Deprecated Usage: ISDs that use this term SHOULD state a | Deprecated Usage: IDOCs that use this term SHOULD state a | |||
| definition for it because the term is used in many ways and could | definition for it because the term is used in many ways and could | |||
| easily be misunderstood. | easily be misunderstood. | |||
| $ shielded enclosure | $ shielded enclosure | |||
| (O) "Room or container designed to attenuate electromagnetic | (O) "Room or container designed to attenuate electromagnetic | |||
| radiation." [C4009] (See: emanation. Compare: SCIF.) | radiation." [C4009] (See: emanation. Compare: SCIF.) | |||
| $ short title | $ short title | |||
| (O) "Identifying combination of letters and numbers assigned to | (O) "Identifying combination of letters and numbers assigned to | |||
| certain items of COMSEC material to facilitate handling, | certain items of COMSEC material to facilitate handling, | |||
| accounting, and controlling." [C4009] (Compare: KMID, long title.) | accounting, and controlling." [C4009] (Compare: KMID, long title.) | |||
| $ shroud | $ shroud | |||
| (D) /verb/ To encrypt a private key, possibly in concert with a | (D) /verb/ To encrypt a private key, possibly in concert with a | |||
| policy that prevents the key from ever being available in | policy that prevents the key from ever being available in | |||
| cleartext form beyond a certain, well-defined security perimeter. | cleartext form beyond a certain, well-defined security perimeter. | |||
| [PKCS12] (See: encrypt. Compare: seal, wrap.) | [PKC12] (See: encrypt. Compare: seal, wrap.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term as defined here; | Deprecated Term: IDOCs SHOULD NOT use this term as defined here; | |||
| the definition duplicates the meaning of other, standard terms. | the definition duplicates the meaning of other, standard terms. | |||
| Instead, use "encrypt" or other terminology that is specific with | Instead, use "encrypt" or other terminology that is specific with | |||
| regard to the mechanism being used. | regard to the mechanism being used. | |||
| $ SHS | $ SHS | |||
| (N) See: Secure Hash Standard. | (N) See: Secure Hash Standard. | |||
| $ sign | $ sign | |||
| (I) Create a digital signature for a data object. (See: signer.) | (I) Create a digital signature for a data object. (See: signer.) | |||
| skipping to change at page 261, line 26 ¶ | skipping to change at page 261, line 26 ¶ | |||
| established and used to encrypt the session key, and the encrypted | established and used to encrypt the session key, and the encrypted | |||
| session key is placed in a SKIP header that is added to each IP | session key is placed in a SKIP header that is added to each IP | |||
| packet that is encrypted with that session key. | packet that is encrypted with that session key. | |||
| $ Simple Mail Transfer Protocol (SMTP) | $ Simple Mail Transfer Protocol (SMTP) | |||
| (I) A TCP-based, Application-Layer, Internet Standard protocol | (I) A TCP-based, Application-Layer, Internet Standard protocol | |||
| (RFC 821) for moving electronic mail messages from one computer to | (RFC 821) for moving electronic mail messages from one computer to | |||
| another. | another. | |||
| $ Simple Network Management Protocol (SNMP) | $ Simple Network Management Protocol (SNMP) | |||
| (I) A TCP-based, Application-Layer, Internet Standard protocol | (I) A (usually) UDP-based, Application-Layer, Internet Standard | |||
| (RFCs 3410-3418) for conveying management information between | protocol (RFCs 3410-3418) for conveying management information | |||
| system components that act as managers and agents. | between system components that act as managers and agents. | |||
| $ Simple Public Key Infrastructure (SPKI) | $ Simple Public Key Infrastructure (SPKI) | |||
| (I) A set of experimental concepts (RFCs 2692, 2693) that were | (I) A set of experimental concepts (RFCs 2692, 2693) that were | |||
| proposed as alternatives to the concepts standardized in PKIX. | proposed as alternatives to the concepts standardized in PKIX. | |||
| $ simple security property | $ simple security property | |||
| (N) /formal model/ Property of a system whereby a subject has | (N) /formal model/ Property of a system whereby a subject has | |||
| read access to an object only if the clearance of the subject | read access to an object only if the clearance of the subject | |||
| dominates the classification of the object. See: Bell-LaPadula | dominates the classification of the object. See: Bell-LaPadula | |||
| model. | model. | |||
| skipping to change at page 263, line 24 ¶ | skipping to change at page 263, line 24 ¶ | |||
| $ SMTP | $ SMTP | |||
| (I) See: Simple Mail Transfer Protocol. | (I) See: Simple Mail Transfer Protocol. | |||
| $ smurf attack | $ smurf attack | |||
| (D) /slang/ A denial-of-service attack that uses IP broadcast | (D) /slang/ A denial-of-service attack that uses IP broadcast | |||
| addressing to send ICMP ping packets with the intent of flooding a | addressing to send ICMP ping packets with the intent of flooding a | |||
| system. (See: fraggle attack, ICMP flood.) | system. (See: fraggle attack, ICMP flood.) | |||
| Deprecated Term: It is likely that other cultures use different | Deprecated Term: It is likely that other cultures use different | |||
| metaphors for this concept. Therefore, to avoid international | metaphors for this concept. Therefore, to avoid international | |||
| misunderstanding, ISDs SHOULD NOT use this term. | misunderstanding, IDOCs SHOULD NOT use this term. | |||
| Derivation: The Smurfs are a fictional race of small, blue | Derivation: The Smurfs are a fictional race of small, blue | |||
| creatures that were created by a cartoonist. Perhaps the inventor | creatures that were created by a cartoonist. Perhaps the inventor | |||
| of this attack thought that a swarm of ping packets resembled a | of this attack thought that a swarm of ping packets resembled a | |||
| gang of smurfs. (See: Deprecated Usage under "Green Book".) | gang of smurfs. (See: Deprecated Usage under "Green Book".) | |||
| Tutorial: The attacker sends ICMP echo request ("ping") packets | Tutorial: The attacker sends ICMP echo request ("ping") packets | |||
| that appear to originate not from the attacker's own IP address, | that appear to originate not from the attacker's own IP address, | |||
| but from the address of the host or router that is the target of | but from the address of the host or router that is the target of | |||
| the attack. Each packet is addressed to an IP broadcast address, | the attack. Each packet is addressed to an IP broadcast address, | |||
| skipping to change at page 263, line 48 ¶ | skipping to change at page 263, line 48 ¶ | |||
| disrupt service at a particular host, at the hosts that depend on | disrupt service at a particular host, at the hosts that depend on | |||
| a particular router, or in an entire network. | a particular router, or in an entire network. | |||
| $ sneaker net | $ sneaker net | |||
| (D) /slang/ A process that transfers data between systems only | (D) /slang/ A process that transfers data between systems only | |||
| manually, under human control; i.e., a data transfer process that | manually, under human control; i.e., a data transfer process that | |||
| involves an air gap. | involves an air gap. | |||
| Deprecated Term: It is likely that other cultures use different | Deprecated Term: It is likely that other cultures use different | |||
| metaphors for this concept. Therefore, to avoid international | metaphors for this concept. Therefore, to avoid international | |||
| misunderstanding, ISDs SHOULD NOT use this term. | misunderstanding, IDOCs SHOULD NOT use this term. | |||
| $ Snefru | $ Snefru | |||
| (N) A public-domain, cryptographic hash function (a.k.a. "The | (N) A public-domain, cryptographic hash function (a.k.a. "The | |||
| Xerox Secure Hash Function") designed by Ralph C. Merkle at Xerox | Xerox Secure Hash Function") designed by Ralph C. Merkle at Xerox | |||
| Corporation. Snefru can produce either a 128-bit or 256-bit output | Corporation. Snefru can produce either a 128-bit or 256-bit output | |||
| (i.e., hash result). [Schn] (See: Khafre, Khufu.) | (i.e., hash result). [Schn] (See: Khafre, Khufu.) | |||
| $ sniffing | $ sniffing | |||
| (D) /slang/ Synonym for "passive wiretapping"; most often refers | (D) /slang/ Synonym for "passive wiretapping"; most often refers | |||
| to capturing and examining the data packets carried on a LAN. | to capturing and examining the data packets carried on a LAN. | |||
| (See: password sniffing.) | (See: password sniffing.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it unnecessarily | Deprecated Term: IDOCs SHOULD NOT use this term; it unnecessarily | |||
| duplicates the meaning of a term that is better established. (See: | duplicates the meaning of a term that is better established. (See: | |||
| Deprecated Usage under "Green Book". | Deprecated Usage under "Green Book". | |||
| $ SNMP | $ SNMP | |||
| (I) See: Simple Network Management Protocol. | (I) See: Simple Network Management Protocol. | |||
| $ social engineering | $ social engineering | |||
| (D) Euphemism for non-technical or low-technology methods, often | (D) Euphemism for non-technical or low-technology methods, often | |||
| involving trickery or fraud, that are used to attack information | involving trickery or fraud, that are used to attack information | |||
| systems. Example: phishing. | systems. Example: phishing. | |||
| Deprecated Term: ISDs SHOULD NOT use this term; it is too vague. | Deprecated Term: IDOCs SHOULD NOT use this term; it is too vague. | |||
| Instead, use a term that is specific with regard to the means of | Instead, use a term that is specific with regard to the means of | |||
| attack, e.g., blackmail, bribery, coercion, impersonation, | attack, e.g., blackmail, bribery, coercion, impersonation, | |||
| intimidation, lying, or theft. | intimidation, lying, or theft. | |||
| $ SOCKS | $ SOCKS | |||
| (I) An Internet protocol [R1928] that provides a generalized proxy | (I) An Internet protocol [R1928] that provides a generalized proxy | |||
| server that enables client-server applications (e.g., TELNET, FTP, | server that enables client-server applications (e.g., TELNET, FTP, | |||
| or HTTP; running over either TCP or UDP) to use the services of a | or HTTP; running over either TCP or UDP) to use the services of a | |||
| firewall. | firewall. | |||
| skipping to change at page 264, line 52 ¶ | skipping to change at page 264, line 52 ¶ | |||
| $ soft TEMPEST | $ soft TEMPEST | |||
| (O) The use of software techniques to reduce the radio frequency | (O) The use of software techniques to reduce the radio frequency | |||
| information leakage from computer displays and keyboards. [Kuhn] | information leakage from computer displays and keyboards. [Kuhn] | |||
| (See: TEMPEST.) | (See: TEMPEST.) | |||
| $ soft token | $ soft token | |||
| (D) A data object that is used to control access or authenticate | (D) A data object that is used to control access or authenticate | |||
| authorization. (See: token.) | authorization. (See: token.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term as defined here; | Deprecated Term: IDOCs SHOULD NOT use this term as defined here; | |||
| the definition duplicates the meaning of other, standard terms. | the definition duplicates the meaning of other, standard terms. | |||
| Instead, use "attribute certificate" or another term that is | Instead, use "attribute certificate" or another term that is | |||
| specific with regard to the mechanism being used. | specific with regard to the mechanism being used. | |||
| $ software | $ software | |||
| (I) Computer programs (which are stored in and executed by | (I) Computer programs (which are stored in and executed by | |||
| computer hardware) and associated data (which also is stored in | computer hardware) and associated data (which also is stored in | |||
| the hardware) that may be dynamically written or modified during | the hardware) that may be dynamically written or modified during | |||
| execution. (Compare: firmware.) | execution. (Compare: firmware.) | |||
| skipping to change at page 265, line 23 ¶ | skipping to change at page 265, line 23 ¶ | |||
| "exposure", and "incapacitation". | "exposure", and "incapacitation". | |||
| $ SORA | $ SORA | |||
| (O) See: SSO-PIN ORA. | (O) See: SSO-PIN ORA. | |||
| $ source authentication | $ source authentication | |||
| (D) Synonym for "data origin authentication" or "peer entity | (D) Synonym for "data origin authentication" or "peer entity | |||
| authentication". (See: data origin authentication, peer entity | authentication". (See: data origin authentication, peer entity | |||
| authentication). | authentication). | |||
| Deprecated Term: ISDs SHOULD NOT use this term because it is | Deprecated Term: IDOCs SHOULD NOT use this term because it is | |||
| ambiguous and, in either meaning, duplicates the meaning of | ambiguous and, in either meaning, duplicates the meaning of | |||
| internationally standardized terms. If the intent is to | internationally standardized terms. If the intent is to | |||
| authenticate the original creator or packager of data received, | authenticate the original creator or packager of data received, | |||
| then use "data origin authentication". If the intent is to | then use "data origin authentication". If the intent is to | |||
| authenticate the identity of the sender of data in the current | authenticate the identity of the sender of data in the current | |||
| instance, then use "peer entity authentication". | instance, then use "peer entity authentication". | |||
| $ source integrity | $ source integrity | |||
| (I) The property that data is trustworthy (i.e., worthy of | (I) The property that data is trustworthy (i.e., worthy of | |||
| reliance or trust), based on the trustworthiness of its sources | reliance or trust), based on the trustworthiness of its sources | |||
| skipping to change at page 266, line 4 ¶ | skipping to change at page 266, line 4 ¶ | |||
| $ SP4 | $ SP4 | |||
| (O) See: Security Protocol 4. | (O) See: Security Protocol 4. | |||
| $ spam | $ spam | |||
| 1a. (I) /slang verb/ To indiscriminately send unsolicited, | 1a. (I) /slang verb/ To indiscriminately send unsolicited, | |||
| unwanted, irrelevant, or inappropriate messages, especially | unwanted, irrelevant, or inappropriate messages, especially | |||
| commercial advertising in mass quantities. | commercial advertising in mass quantities. | |||
| 1b. (I) /slang noun/ Electronic "junk mail". [R2635] | 1b. (I) /slang noun/ Electronic "junk mail". [R2635] | |||
| Deprecated Usage: ISDs SHOULD NOT use this term in upper-case | Deprecated Usage: IDOCs SHOULD NOT use this term in upper-case | |||
| letters, because SPAM(trademark) is a trademark of Hormel Foods | letters, because SPAM(trademark) is a trademark of Hormel Foods | |||
| Corporation. Hormel says, "We do not object to use of this slang | Corporation. Hormel says, "We do not object to use of this slang | |||
| term [spam] to describe [unsolicited advertising email], although | term [spam] to describe [unsolicited advertising email], although | |||
| we do object to the use of our product image in association with | we do object to the use of our product image in association with | |||
| that term. Also, if the term is to be used, it SHOULD be used in | that term. Also, if the term is to be used, it SHOULD be used in | |||
| all lower-case letters to distinguish it from our trademark SPAM, | all lower-case letters to distinguish it from our trademark SPAM, | |||
| which SHOULD be used with all uppercase letters." (See: metadata.) | which SHOULD be used with all uppercase letters." (See: metadata.) | |||
| Tutorial: In sufficient volume, spam can cause denial of service. | Tutorial: In sufficient volume, spam can cause denial of service. | |||
| (See: flooding.) According to Hormel, the term was adopted as a | (See: flooding.) According to Hormel, the term was adopted as a | |||
| skipping to change at page 267, line 34 ¶ | skipping to change at page 267, line 34 ¶ | |||
| technique decreases potential interference to other receivers, | technique decreases potential interference to other receivers, | |||
| while achieving data confidentiality and increasing immunity of | while achieving data confidentiality and increasing immunity of | |||
| spread spectrum receivers to noise and interference. | spread spectrum receivers to noise and interference. | |||
| $ spyware | $ spyware | |||
| (D) /slang/ Software that an intruder has installed | (D) /slang/ Software that an intruder has installed | |||
| surreptitiously on a networked computer to gather data from that | surreptitiously on a networked computer to gather data from that | |||
| computer and send it through the network to the intruder or some | computer and send it through the network to the intruder or some | |||
| other interested party. (See: malicious logic, Trojan horse.) | other interested party. (See: malicious logic, Trojan horse.) | |||
| Deprecated Usage: ISDs that use this term SHOULD state a | Deprecated Usage: IDOCs that use this term SHOULD state a | |||
| definition for it because the term is used in many ways and could | definition for it because the term is used in many ways and could | |||
| easily be misunderstood. | easily be misunderstood. | |||
| Tutorial: Some examples of the types of data that might be | Tutorial: Some examples of the types of data that might be | |||
| gathered by spyware are application files, passwords, email | gathered by spyware are application files, passwords, email | |||
| addresses, usage histories, and keystrokes. Some examples of | addresses, usage histories, and keystrokes. Some examples of | |||
| motivations for gathering the data are blackmail, financial fraud, | motivations for gathering the data are blackmail, financial fraud, | |||
| identity theft, industrial espionage, market research, and | identity theft, industrial espionage, market research, and | |||
| voyeurism. | voyeurism. | |||
| skipping to change at page 268, line 19 ¶ | skipping to change at page 268, line 19 ¶ | |||
| use by an end user and also the functions intended for use by a | use by an end user and also the functions intended for use by a | |||
| MISSI CA. (See: user PIN.) | MISSI CA. (See: user PIN.) | |||
| $ SSO-PIN ORA (SORA) | $ SSO-PIN ORA (SORA) | |||
| (O) /MISSI/ A MISSI organizational RA that operates in a mode in | (O) /MISSI/ A MISSI organizational RA that operates in a mode in | |||
| which the ORA performs all card management functions and, | which the ORA performs all card management functions and, | |||
| therefore, requires knowledge of the SSO PIN for FORTEZZA PC cards | therefore, requires knowledge of the SSO PIN for FORTEZZA PC cards | |||
| issued to end users. | issued to end users. | |||
| $ Standards for Interoperable LAN/MAN Security (SILS) | $ Standards for Interoperable LAN/MAN Security (SILS) | |||
| 1. (N) The IEEE 802.10 standards committee. (See: FP191.) | 1. (N) The IEEE 802.10 standards committee. (See: [FP191].) | |||
| 2. (N) A set of IEEE standards, which has eight parts: (a) Model, | 2. (N) A set of IEEE standards, which has eight parts: (a) Model, | |||
| including security management, (b) Secure Data Exchange protocol, | including security management, (b) Secure Data Exchange protocol, | |||
| (c) Key Management, (d) [has been incorporated in (a)], (e) SDE | (c) Key Management, (d) [has been incorporated in (a)], (e) SDE | |||
| Over Ethernet 2.0, (f) SDE Sublayer Management, (g) SDE Security | Over Ethernet 2.0, (f) SDE Sublayer Management, (g) SDE Security | |||
| Labels, and (h) SDE PICS Conformance. Parts b, e, f, g, and h are | Labels, and (h) SDE PICS Conformance. Parts b, e, f, g, and h are | |||
| incorporated in IEEE Standard 802.10-1998. | incorporated in IEEE Standard 802.10-1998. | |||
| $ star property | $ star property | |||
| (N) See: *-property. | (N) See: *-property. | |||
| $ Star Trek attack | $ Star Trek attack | |||
| (D) /slang/ An attack that penetrates your system where no attack | (D) /slang/ An attack that penetrates your system where no attack | |||
| has ever gone before. | has ever gone before. | |||
| Deprecated Usage: ISDs SHOULD NOT use this term; it is a joke for | Deprecated Usage: IDOCs SHOULD NOT use this term; it is a joke for | |||
| Trekkies. (See: Deprecated Usage under "Green Book".) | Trekkies. (See: Deprecated Usage under "Green Book".) | |||
| $ static | $ static | |||
| (I) /adjective/ Refers to a cryptographic key or other parameter | (I) /adjective/ Refers to a cryptographic key or other parameter | |||
| that is relatively long-lived. (Compare: ephemeral.) | that is relatively long-lived. (Compare: ephemeral.) | |||
| $ steganography | $ steganography | |||
| (I) Methods of hiding the existence of a message or other data. | (I) Methods of hiding the existence of a message or other data. | |||
| This is different than cryptography, which hides the meaning of a | This is different than cryptography, which hides the meaning of a | |||
| message but does not hide the message itself. Examples: For | message but does not hide the message itself. Examples: For | |||
| skipping to change at page 269, line 36 ¶ | skipping to change at page 269, line 36 ¶ | |||
| - "Reordering": The destination receives packets in a different | - "Reordering": The destination receives packets in a different | |||
| order than that in which they were sent by the source. | order than that in which they were sent by the source. | |||
| - "Deletion": A packet sent by the source is not ever delivered | - "Deletion": A packet sent by the source is not ever delivered | |||
| to the intended destination. | to the intended destination. | |||
| - "Delay": A packet is detained for some period of time at a | - "Delay": A packet is detained for some period of time at a | |||
| relay, thus hampering and postponing the packet's normal timely | relay, thus hampering and postponing the packet's normal timely | |||
| delivery from source to destination. | delivery from source to destination. | |||
| $ strength | $ strength | |||
| 1. (I) /cryptography/ A cryptographic mechanism's level of | 1. (I) /cryptography/ A cryptographic mechanism's level of | |||
| resistance to attacks [R3776]. (See: entropy, strong, work | resistance to attacks [R3766]. (See: entropy, strong, work | |||
| factor.) | factor.) | |||
| 2. (N) /Common Criteria/ "Strength of function" is a | 2. (N) /Common Criteria/ "Strength of function" is a | |||
| "qualification of a TOE security function expressing the minimum | "qualification of a TOE security function expressing the minimum | |||
| efforts assumed necessary to defeat its expected security behavior | efforts assumed necessary to defeat its expected security behavior | |||
| by directly attacking its underlying security mechanisms": (See: | by directly attacking its underlying security mechanisms": (See: | |||
| strong.) | strong.) | |||
| - Basic: "A level of the TOE strength of function where analysis | - Basic: "A level of the TOE strength of function where analysis | |||
| shows that the function provides adequate protection against | shows that the function provides adequate protection against | |||
| casual breach of TOE security by attackers possessing a low | casual breach of TOE security by attackers possessing a low | |||
| skipping to change at page 270, line 35 ¶ | skipping to change at page 270, line 35 ¶ | |||
| subset of the set of objects. (See: Bell-LaPadula model, object.) | subset of the set of objects. (See: Bell-LaPadula model, object.) | |||
| 2. (I) /digital certificate/ The name (of a system entity) that is | 2. (I) /digital certificate/ The name (of a system entity) that is | |||
| bound to the data items in a digital certificate; e.g., a DN that | bound to the data items in a digital certificate; e.g., a DN that | |||
| is bound to a key in a public-key certificate. (See: X.509.) | is bound to a key in a public-key certificate. (See: X.509.) | |||
| $ subject CA | $ subject CA | |||
| (D) The CA that is the subject of a cross-certificate issued by | (D) The CA that is the subject of a cross-certificate issued by | |||
| another CA. [X509] (See: cross-certification.) | another CA. [X509] (See: cross-certification.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term because it is not | Deprecated Term: IDOCs SHOULD NOT use this term because it is not | |||
| widely known and could be misunderstood. Instead, say "the CA that | widely known and could be misunderstood. Instead, say "the CA that | |||
| is the subject of the cross-certificate". | is the subject of the cross-certificate". | |||
| $ subnetwork | $ subnetwork | |||
| (N) An OSI term for a system of packet relays and connecting links | (N) An OSI term for a system of packet relays and connecting links | |||
| that implement OSIRM layer 2 or 3 to provide a communication | that implement OSIRM layer 2 or 3 to provide a communication | |||
| service that interconnects attached end systems. Usually, the | service that interconnects attached end systems. Usually, the | |||
| relays are all of the same type (e.g., X.25 packet switches, or | relays are all of the same type (e.g., X.25 packet switches, or | |||
| interface units in an IEEE 802.3 LAN). (See: gateway, internet, | interface units in an IEEE 802.3 LAN). (See: gateway, internet, | |||
| router.) | router.) | |||
| skipping to change at page 273, line 39 ¶ | skipping to change at page 273, line 39 ¶ | |||
| $ synchronization | $ synchronization | |||
| (I) Any technique by which a receiving (decrypting) cryptographic | (I) Any technique by which a receiving (decrypting) cryptographic | |||
| process attains an internal state that matches the transmitting | process attains an internal state that matches the transmitting | |||
| (encrypting) process, i.e., has the appropriate keying material to | (encrypting) process, i.e., has the appropriate keying material to | |||
| process the cipher text and is correctly initialized to do so. | process the cipher text and is correctly initialized to do so. | |||
| $ system | $ system | |||
| (I) Synonym for "information system". | (I) Synonym for "information system". | |||
| Usage: This is a generic definition, and is the one with which the | Usage: This is a generic definition, and is the one with which the | |||
| term is used in this Glossary. However, ISDs that use the term, | term is used in this Glossary. However, IDOCs that use the term, | |||
| especially ISDs that are protocol specifications, SHOULD state a | especially IDOCs that are protocol specifications, SHOULD state a | |||
| more specific definition. Also, ISDs that specify security | more specific definition. Also, IDOCs that specify security | |||
| features, services, and assurances need to define which system | features, services, and assurances need to define which system | |||
| components and system resources are inside the applicable security | components and system resources are inside the applicable security | |||
| perimeter and which are outside. (See: security architecture.) | perimeter and which are outside. (See: security architecture.) | |||
| $ system architecture | $ system architecture | |||
| (N) The structure of system components, their relationships, and | (N) The structure of system components, their relationships, and | |||
| the principles and guidelines governing their design and evolution | the principles and guidelines governing their design and evolution | |||
| over time. [DoDAF1] (Compare: security architecture.) | over time. [DoD10] (Compare: security architecture.) | |||
| $ system component | $ system component | |||
| 1. (I) A collection of system resources that (a) forms a physical | 1. (I) A collection of system resources that (a) forms a physical | |||
| or logical part of the system, (b) has specified functions and | or logical part of the system, (b) has specified functions and | |||
| interfaces, and (c) is treated (e.g., by policies or | interfaces, and (c) is treated (e.g., by policies or | |||
| specifications) as existing independently of other parts of the | specifications) as existing independently of other parts of the | |||
| system. (See: subsystem.) | system. (See: subsystem.) | |||
| 2. (O) /ITSEC/ An identifiable and self-contained part of a TOE. | 2. (O) /ITSEC/ An identifiable and self-contained part of a TOE. | |||
| skipping to change at page 274, line 53 ¶ | skipping to change at page 274, line 53 ¶ | |||
| intended function in a unimpaired manner, free from deliberate or | intended function in a unimpaired manner, free from deliberate or | |||
| inadvertent unauthorized manipulation." [NCS04] (See: recovery, | inadvertent unauthorized manipulation." [NCS04] (See: recovery, | |||
| system integrity service.) | system integrity service.) | |||
| 2. (D) "Quality of an [information system] reflecting the logical | 2. (D) "Quality of an [information system] reflecting the logical | |||
| correctness and reliability of the operating system; the logical | correctness and reliability of the operating system; the logical | |||
| completeness of the hardware and software implementing the | completeness of the hardware and software implementing the | |||
| protection mechanisms; and the consistency of the data structures | protection mechanisms; and the consistency of the data structures | |||
| and occurrence of the stored data." [C4009] | and occurrence of the stored data." [C4009] | |||
| Deprecated Definition: ISDs SHOULD NOT use definition 2 because it | Deprecated Definition: IDOCs SHOULD NOT use definition 2 because | |||
| mixes several concepts in a potentially misleading way. Instead, | it mixes several concepts in a potentially misleading way. | |||
| ISDs should use the term with definition 1 and, depending on what | Instead, IDOCs should use the term with definition 1 and, | |||
| is meant, couple the term with additional, more specifically | depending on what is meant, couple the term with additional, more | |||
| descriptive and informative terms, such as "correctness", | specifically descriptive and informative terms, such as | |||
| "reliability", and "data integrity". | "correctness", "reliability", and "data integrity". | |||
| $ system integrity service | $ system integrity service | |||
| (I) A security service that protects system resources in a | (I) A security service that protects system resources in a | |||
| verifiable manner against unauthorized or accidental change, loss, | verifiable manner against unauthorized or accidental change, loss, | |||
| or destruction. (See: system integrity.) | or destruction. (See: system integrity.) | |||
| $ system low | $ system low | |||
| (I) The lowest security level supported by a system at a | (I) The lowest security level supported by a system at a | |||
| particular time or in a particular environment. (Compare: system | particular time or in a particular environment. (Compare: system | |||
| high.) | high.) | |||
| skipping to change at page 275, line 38 ¶ | skipping to change at page 275, line 38 ¶ | |||
| security policy that applies to a system. (Compare: manager, | security policy that applies to a system. (Compare: manager, | |||
| operator.) | operator.) | |||
| $ system user | $ system user | |||
| (I) A system entity that consumes a product or service provided by | (I) A system entity that consumes a product or service provided by | |||
| the system, or that accesses and employs system resources to | the system, or that accesses and employs system resources to | |||
| produce a product or service of the system. (See: access, [R2504]. | produce a product or service of the system. (See: access, [R2504]. | |||
| Compare: authorized user, manager, operator, principal, privileged | Compare: authorized user, manager, operator, principal, privileged | |||
| user, subject, subscriber, system entity, unauthorized user.) | user, subject, subscriber, system entity, unauthorized user.) | |||
| Usage: ISDs that use this term SHOULD state a definition for it | Usage: IDOCs that use this term SHOULD state a definition for it | |||
| because the term is used in many ways and could easily be | because the term is used in many ways and could easily be | |||
| misunderstood: | misunderstood: | |||
| - This term usually refers to an entity that has been authorized | - This term usually refers to an entity that has been authorized | |||
| to access the system, but the term sometimes is used without | to access the system, but the term sometimes is used without | |||
| regard for whether access is authorized. | regard for whether access is authorized. | |||
| - This term usually refers to a living human being acting either | - This term usually refers to a living human being acting either | |||
| personally or in an organizational role. However, the term also | personally or in an organizational role. However, the term also | |||
| may refer to an automated process in the form of hardware, | may refer to an automated process in the form of hardware, | |||
| software, or firmware; to a set of persons; or to a set of | software, or firmware; to a set of persons; or to a set of | |||
| processes. | processes. | |||
| - ISDs SHOULD NOT use the term to refer a mixed set containing | - IDOCs SHOULD NOT use the term to refer a mixed set containing | |||
| both persons and processes. This exclusion is intended to | both persons and processes. This exclusion is intended to | |||
| prevent situations that might cause a security policy to be | prevent situations that might cause a security policy to be | |||
| interpreted in two different and conflicting ways. | interpreted in two different and conflicting ways. | |||
| A user can be characterized as direct or indirect: | A system user can be characterized as direct or indirect: | |||
| - "Passive user": A system entity that is (a) outside the | - "Passive user": A system entity that is (a) outside the | |||
| system's security perimeter *and* (b) can receive output from | system's security perimeter *and* (b) can receive output from | |||
| the system but cannot provide input or otherwise interact with | the system but cannot provide input or otherwise interact with | |||
| the system. | the system. | |||
| - "Active user": A system entity that is (a) inside the system's | - "Active user": A system entity that is (a) inside the system's | |||
| security perimeter *or* (b) can provide input or otherwise | security perimeter *or* (b) can provide input or otherwise | |||
| interact with the system. | interact with the system. | |||
| $ TACACS | $ TACACS | |||
| (I) See: Terminal Access Controller (TAC) Access Control System. | (I) See: Terminal Access Controller (TAC) Access Control System. | |||
| skipping to change at page 277, line 36 ¶ | skipping to change at page 277, line 36 ¶ | |||
| TSEC.) | TSEC.) | |||
| $ TDEA | $ TDEA | |||
| (I) See: Triple Data Encryption Algorithm. | (I) See: Triple Data Encryption Algorithm. | |||
| $ teardrop attack | $ teardrop attack | |||
| (D) /slang/ An denial-of-service attack that sends improperly | (D) /slang/ An denial-of-service attack that sends improperly | |||
| formed IP packet fragments with the intent of causing the | formed IP packet fragments with the intent of causing the | |||
| destination system to fail. | destination system to fail. | |||
| Deprecated Term: ISDs that use this term SHOULD state a definition | Deprecated Term: IDOCs that use this term SHOULD state a | |||
| for it because the term is often used imprecisely and could easily | definition for it because the term is often used imprecisely and | |||
| be misunderstood. (See: Deprecated Usage under "Green Book".) | could easily be misunderstood. (See: Deprecated Usage under "Green | |||
| Book".) | ||||
| $ technical non-repudiation | $ technical non-repudiation | |||
| (I) See: (secondary definition under) non-repudiation. | (I) See: (secondary definition under) non-repudiation. | |||
| $ technical security | $ technical security | |||
| (I) Security mechanisms and procedures that are implemented in and | (I) Security mechanisms and procedures that are implemented in and | |||
| executed by computer hardware, firmware, or software to provide | executed by computer hardware, firmware, or software to provide | |||
| automated protection for a system. (See: security architecture. | automated protection for a system. (See: security architecture. | |||
| Compare: administrative security.) | Compare: administrative security.) | |||
| skipping to change at page 278, line 35 ¶ | skipping to change at page 278, line 35 ¶ | |||
| version has no letter, next version has "A" (e.g., KG-84, KG- | version has no letter, next version has "A" (e.g., KG-84, KG- | |||
| 84A), etc. | 84A), etc. | |||
| $ TELNET | $ TELNET | |||
| (I) A TCP-based, Application-Layer, Internet Standard protocol | (I) A TCP-based, Application-Layer, Internet Standard protocol | |||
| (RFC 854) for remote login from one host to another. | (RFC 854) for remote login from one host to another. | |||
| $ TEMPEST | $ TEMPEST | |||
| 1. (N) Short name for technology and methods for protecting | 1. (N) Short name for technology and methods for protecting | |||
| against data compromise due to electromagnetic emanations from | against data compromise due to electromagnetic emanations from | |||
| electrical and electronic equipment. [Russ] (See: inspectable | electrical and electronic equipment. [Army, Russ] (See: | |||
| space, soft TEMPEST, TEMPEST zone. Compare: QUADRANT) | inspectable space, soft TEMPEST, TEMPEST zone. Compare: QUADRANT) | |||
| 2. (O) /U.S. Government/ "Short name referring to investigation, | 2. (O) /U.S. Government/ "Short name referring to investigation, | |||
| study, and control of compromising emanations from IS equipment." | study, and control of compromising emanations from IS equipment." | |||
| [C4009] | [C4009] | |||
| Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for | Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for | |||
| "electromagnetic emanations security"; instead, use EMSEC. Also, | "electromagnetic emanations security"; instead, use EMSEC. Also, | |||
| the term is NOT an acronym for Transient Electromagnetic Pulse | the term is NOT an acronym for Transient Electromagnetic Pulse | |||
| Surveillance Technology. | Surveillance Technology. | |||
| Tutorial: The U.S. Federal Government issues security policies | Tutorial: The U.S. Federal Government issues security policies | |||
| that (a) state specifications and standards for techniques to | that (a) state specifications and standards for techniques to | |||
| reduce the strength of emanations from systems and reduce the | reduce the strength of emanations from systems and reduce the | |||
| ability of unauthorized parties to receive and make use of | ability of unauthorized parties to receive and make use of | |||
| emanations and (b) state rules for applying those techniques. | emanations and (b) state rules for applying those techniques. | |||
| Other nations presumably do the same. | Other nations presumably do the same. | |||
| skipping to change at page 280, line 45 ¶ | skipping to change at page 280, line 45 ¶ | |||
| demonstrated, presumed, or inferred intent of that entity to | demonstrated, presumed, or inferred intent of that entity to | |||
| conduct such activity. | conduct such activity. | |||
| Tutorial: To be likely to launch an attack, an adversary must have | Tutorial: To be likely to launch an attack, an adversary must have | |||
| (a) a motive to attack, (b) a method or technical ability to make | (a) a motive to attack, (b) a method or technical ability to make | |||
| the attack, and (c) an opportunity to appropriately access the | the attack, and (c) an opportunity to appropriately access the | |||
| targeted system. | targeted system. | |||
| 3. (D) "An indication of an impending undesirable event." [Park] | 3. (D) "An indication of an impending undesirable event." [Park] | |||
| Deprecated Definition: ISDs SHOULD NOT use this term with | Deprecated Definition: IDOCs SHOULD NOT use this term with | |||
| definition 3 because the definition is ambiguous; the definition | definition 3 because the definition is ambiguous; the definition | |||
| was intended to include the following three meanings: | was intended to include the following three meanings: | |||
| - "Potential threat": A possible security violation; i.e., the | - "Potential threat": A possible security violation; i.e., the | |||
| same as definition 1. | same as definition 1. | |||
| - "Active threat": An expression of intent to violate security. | - "Active threat": An expression of intent to violate security. | |||
| (Context usually distinguishes this meaning from the previous | (Context usually distinguishes this meaning from the previous | |||
| one.) | one.) | |||
| - "Accomplished threat" or "actualized threat": That is, a threat | - "Accomplished threat" or "actualized threat": That is, a threat | |||
| action. Deprecated Usage: ISDs SHOULD NOT use the term "threat" | action. Deprecated Usage: IDOCs SHOULD NOT use the term | |||
| with this meaning; instead, use "threat action". | "threat" with this meaning; instead, use "threat action". | |||
| $ threat action | $ threat action | |||
| (I) A realization of a threat, i.e., an occurrence in which system | (I) A realization of a threat, i.e., an occurrence in which system | |||
| security is assaulted as the result of either an accidental event | security is assaulted as the result of either an accidental event | |||
| or an intentional act. (See: attack, threat, threat consequence.) | or an intentional act. (See: attack, threat, threat consequence.) | |||
| Tutorial: A complete security architecture deals with both | Tutorial: A complete security architecture deals with both | |||
| intentional acts (i.e. attacks) and accidental events [FIPS31]. | intentional acts (i.e. attacks) and accidental events [FP031]. | |||
| (See: various kinds of threat actions defined under the four kinds | (See: various kinds of threat actions defined under the four kinds | |||
| of "threat consequence".) | of "threat consequence".) | |||
| $ threat agent | $ threat agent | |||
| (I) A system entity that performs a threat action, or an event | (I) A system entity that performs a threat action, or an event | |||
| that results in a threat action. | that results in a threat action. | |||
| $ threat analysis | $ threat analysis | |||
| (I) An analysis of the threat actions that might affect a system, | (I) An analysis of the threat actions that might affect a system, | |||
| primarily emphasizing their probability of occurrence but also | primarily emphasizing their probability of occurrence but also | |||
| skipping to change at page 281, line 41 ¶ | skipping to change at page 281, line 42 ¶ | |||
| terms for lists of the types of threat actions that can result in | terms for lists of the types of threat actions that can result in | |||
| these consequences.) | these consequences.) | |||
| $ thumbprint | $ thumbprint | |||
| 1. (I) A pattern of curves formed by the ridges on the tip of a | 1. (I) A pattern of curves formed by the ridges on the tip of a | |||
| thumb. (See: biometric authentication, fingerprint.) | thumb. (See: biometric authentication, fingerprint.) | |||
| 2. (D) Synonym for some type of "hash result". (See: biometric | 2. (D) Synonym for some type of "hash result". (See: biometric | |||
| authentication. Compare: fingerprint.) | authentication. Compare: fingerprint.) | |||
| Deprecated Usage: ISDs SHOULD NOT use this term with definition 2 | Deprecated Usage: IDOCs SHOULD NOT use this term with definition 2 | |||
| because that meaning mixes concepts in a potentially misleading | because that meaning mixes concepts in a potentially misleading | |||
| way. | way. | |||
| $ ticket | $ ticket | |||
| (I) Synonym for "capability token". | (I) Synonym for "capability token". | |||
| Tutorial: A ticket is usually granted by a centralized access | Tutorial: A ticket is usually granted by a centralized access | |||
| control server (ticket-granting agent) to authorize access to a | control server (ticket-granting agent) to authorize access to a | |||
| system resource for a limited time. Tickets can be implemented | system resource for a limited time. Tickets can be implemented | |||
| with either symmetric cryptography (see: Kerberos) or asymmetric | with either symmetric cryptography (see: Kerberos) or asymmetric | |||
| cryptography (see: attribute certificate). | cryptography (see: attribute certificate). | |||
| $ tiger team | $ tiger team | |||
| (O) A group of evaluators employed by a system's managers to | (O) A group of evaluators employed by a system's managers to | |||
| perform penetration tests on the system. | perform penetration tests on the system. | |||
| Deprecated Usage: It is likely that other cultures use different | Deprecated Usage: It is likely that other cultures use different | |||
| metaphors for this concept. Therefore, to avoid international | metaphors for this concept. Therefore, to avoid international | |||
| misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated | misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated | |||
| Usage under "Green Book".) | Usage under "Green Book".) | |||
| $ time stamp | $ time stamp | |||
| 1. (I) /noun/ With respect to a data object, a label or marking in | 1. (I) /noun/ With respect to a data object, a label or marking in | |||
| which is recorded the time (time of day or other instant of | which is recorded the time (time of day or other instant of | |||
| elapsed time) at which the label or marking was affixed to the | elapsed time) at which the label or marking was affixed to the | |||
| data object. (See: Time-Stamp Protocol.) | data object. (See: Time-Stamp Protocol.) | |||
| 2. (O) /noun/ "With respect to a recorded network event, a data | 2. (O) /noun/ "With respect to a recorded network event, a data | |||
| field in which is recorded the time (time of day or other instant | field in which is recorded the time (time of day or other instant | |||
| skipping to change at page 283, line 24 ¶ | skipping to change at page 283, line 26 ¶ | |||
| $ token | $ token | |||
| 1. (I) /cryptography/ See: cryptographic token. (Compare: dongle.) | 1. (I) /cryptography/ See: cryptographic token. (Compare: dongle.) | |||
| 2. (I) /access control/ An object that is used to control access | 2. (I) /access control/ An object that is used to control access | |||
| and is passed between cooperating entities in a protocol that | and is passed between cooperating entities in a protocol that | |||
| synchronizes use of a shared resource. Usually, the entity that | synchronizes use of a shared resource. Usually, the entity that | |||
| currently holds the token has exclusive access to the resource. | currently holds the token has exclusive access to the resource. | |||
| (See: capability token.) | (See: capability token.) | |||
| Usage: This term is heavily overloaded in the computing | Usage: This term is heavily overloaded in the computing | |||
| literature; therefore, ISDs SHOULD NOT use this term with any | literature; therefore, IDOCs SHOULD NOT use this term with any | |||
| definition other than 1 or 2. | definition other than 1 or 2. | |||
| 3a. (D) /authentication/ A data object or a physical device used | 3a. (D) /authentication/ A data object or a physical device used | |||
| to verify an identity in an authentication process. | to verify an identity in an authentication process. | |||
| 3b. (D) /U.S. Government/ Something that the claimant in an | 3b. (D) /U.S. Government/ Something that the claimant in an | |||
| authentication process (i.e., the entity that claims an identity) | authentication process (i.e., the entity that claims an identity) | |||
| possesses and controls, and uses to prove the claim during the | possesses and controls, and uses to prove the claim during the | |||
| verification step of the process. [SP63] | verification step of the process. [SP63] | |||
| Deprecated usage: ISDs SHOULD NOT use this term with definitions | Deprecated usage: IDOCs SHOULD NOT use this term with definitions | |||
| 3a and 3b; instead, use more specifically descriptive and | 3a and 3b; instead, use more specifically descriptive and | |||
| informative terms such as "authentication information" or | informative terms such as "authentication information" or | |||
| "cryptographic token", depending on what is meant. | "cryptographic token", depending on what is meant. | |||
| NIST defines four types of claimant tokens for electronic | NIST defines four types of claimant tokens for electronic | |||
| authentication in an information system [SP63]. ISDs SHOULD NOT | authentication in an information system [SP63]. IDOCs SHOULD NOT | |||
| use these four NIST terms; they mix concepts in potentially | use these four NIST terms; they mix concepts in potentially | |||
| confusing ways and duplicate the meaning of better-established | confusing ways and duplicate the meaning of better-established | |||
| terms. These four terms can be avoided by using more specifically | terms. These four terms can be avoided by using more specifically | |||
| descriptive terms as follows: | descriptive terms as follows: | |||
| - NIST "hard token": A hardware device that contains a protected | - NIST "hard token": A hardware device that contains a protected | |||
| cryptographic key. (This is a type of "cryptographic token", | cryptographic key. (This is a type of "cryptographic token", | |||
| and the key is a type of "authentication information".) | and the key is a type of "authentication information".) | |||
| - NIST "one-time password device token": A personal hardware | - NIST "one-time password device token": A personal hardware | |||
| device that generates one-time passwords. (One-time passwords | device that generates one-time passwords. (One-time passwords | |||
| are typically generated cryptographically. Therefore, this is a | are typically generated cryptographically. Therefore, this is a | |||
| skipping to change at page 290, line 6 ¶ | skipping to change at page 290, line 9 ¶ | |||
| can trust the CA to create only valid and reliable certificates." | can trust the CA to create only valid and reliable certificates." | |||
| [X509] | [X509] | |||
| $ trust anchor | $ trust anchor | |||
| (I) /PKI/ An established point of trust (usually based on the | (I) /PKI/ An established point of trust (usually based on the | |||
| authority of some person, office, or organization) from which a | authority of some person, office, or organization) from which a | |||
| certificate user begins the validation of a certification path. | certificate user begins the validation of a certification path. | |||
| (See: apex trust anchor, path validation, trust anchor CA, trust | (See: apex trust anchor, path validation, trust anchor CA, trust | |||
| anchor certificate, trust anchor key.) | anchor certificate, trust anchor key.) | |||
| Usage: ISDs that use this term SHOULD state a definition for it | Usage: IDOCs that use this term SHOULD state a definition for it | |||
| because it is used in various ways in existing ISDs and other PKI | because it is used in various ways in existing IDOCs and other PKI | |||
| literature. The literature almost always uses this term in a sense | literature. The literature almost always uses this term in a sense | |||
| that is equivalent to this definition, but usage often differs | that is equivalent to this definition, but usage often differs | |||
| with regard to what constitutes the point of trust. | with regard to what constitutes the point of trust. | |||
| Tutorial: A trust anchor may be defined as being based on a public | Tutorial: A trust anchor may be defined as being based on a public | |||
| key, a CA, a public-key certificate, or some combination or | key, a CA, a public-key certificate, or some combination or | |||
| variation of those: | variation of those: | |||
| - 1. A public key as a point of trust: Although a certification | - 1. A public key as a point of trust: Although a certification | |||
| path is defined as beginning with a "sequence of public-key | path is defined as beginning with a "sequence of public-key | |||
| skipping to change at page 291, line 49 ¶ | skipping to change at page 291, line 52 ¶ | |||
| certification path. (See: root key, trust anchor, trusted public | certification path. (See: root key, trust anchor, trusted public | |||
| key.) | key.) | |||
| $ trust anchor information | $ trust anchor information | |||
| (I) See: secondary definition under "trust anchor". | (I) See: secondary definition under "trust anchor". | |||
| $ trust chain | $ trust chain | |||
| (D) Synonym for "certification path". (See: trust anchor, trusted | (D) Synonym for "certification path". (See: trust anchor, trusted | |||
| certificate.) | certificate.) | |||
| Deprecated Term: ISDs SHOULD NOT use this term, because it | Deprecated Term: IDOCs SHOULD NOT use this term, because it | |||
| unnecessarily duplicates the meaning of the internationally | unnecessarily duplicates the meaning of the internationally | |||
| standardized term. | standardized term. | |||
| Also, the term mixes concepts in a potentially misleading way. | Also, the term mixes concepts in a potentially misleading way. | |||
| Having "trust" involves factors unrelated to simply verifying | Having "trust" involves factors unrelated to simply verifying | |||
| signatures and performing other tests as specified by a standard | signatures and performing other tests as specified by a standard | |||
| algorithm for path validation (e.g., RFC 3280). Thus, even if a | algorithm for path validation (e.g., RFC 3280). Thus, even if a | |||
| user is able to validate a certification path algorithmically, the | user is able to validate a certification path algorithmically, the | |||
| user still might distrust one of the CAs that issued certificates | user still might distrust one of the CAs that issued certificates | |||
| in that path or distrust some other aspects of the PKI. | in that path or distrust some other aspects of the PKI. | |||
| skipping to change at page 292, line 25 ¶ | skipping to change at page 292, line 29 ¶ | |||
| Example: Popular browsers are distributed with an initial file of | Example: Popular browsers are distributed with an initial file of | |||
| trust anchor certificates, which often are self-signed | trust anchor certificates, which often are self-signed | |||
| certificates. Users can add certificates to the file or delete | certificates. Users can add certificates to the file or delete | |||
| from it. The file may be directly managed by the user, or the | from it. The file may be directly managed by the user, or the | |||
| user's organization may manage it from a centralized server. | user's organization may manage it from a centralized server. | |||
| $ trust hierarchy | $ trust hierarchy | |||
| (D) Synonym for "certification hierarchy". | (D) Synonym for "certification hierarchy". | |||
| Deprecated Usage: ISDs SHOULD NOT use this term because it mixes | Deprecated Usage: IDOCs SHOULD NOT use this term because it mixes | |||
| concepts in a potentially misleading way, and because a trust | concepts in a potentially misleading way, and because a trust | |||
| hierarchy could be implemented in other ways. (See: trust, trust | hierarchy could be implemented in other ways. (See: trust, trust | |||
| chain, web of trust.) | chain, web of trust.) | |||
| $ trust level | $ trust level | |||
| (N) A characterization of a standard of security protection to be | (N) A characterization of a standard of security protection to be | |||
| met by an information system. (See: Common Criteria, TCSEC.) | met by an information system. (See: Common Criteria, TCSEC.) | |||
| Tutorial: A trust level is based not only on (a) the presence of | Tutorial: A trust level is based not only on (a) the presence of | |||
| security mechanisms, but also on the use of (b) systems | security mechanisms, but also on the use of (b) systems | |||
| skipping to change at page 293, line 23 ¶ | skipping to change at page 293, line 26 ¶ | |||
| means that cause the user to believe the certificate accurately | means that cause the user to believe the certificate accurately | |||
| binds its subject's name to the subject's public key or other | binds its subject's name to the subject's public key or other | |||
| attribute values. Many choices are possible; e.g., a trusted | attribute values. Many choices are possible; e.g., a trusted | |||
| public-key certificate might be (a) the root certificate in a | public-key certificate might be (a) the root certificate in a | |||
| hierarchical PKI, (b) the certificate of the CA that issued the | hierarchical PKI, (b) the certificate of the CA that issued the | |||
| user's own certificate in a mesh PKI, or (c) a certificate | user's own certificate in a mesh PKI, or (c) a certificate | |||
| provided with an application that uses a trust-file PKI. | provided with an application that uses a trust-file PKI. | |||
| $ Trusted Computer System Evaluation Criteria (TCSEC) | $ Trusted Computer System Evaluation Criteria (TCSEC) | |||
| (N) A standard for evaluating the security provided by operating | (N) A standard for evaluating the security provided by operating | |||
| systems [CSC001, DoD1]. Known as the "Orange Book" because of the | systems [CSC1, DoD1]. Known as the "Orange Book" because of the | |||
| color of its cover; first document in the Rainbow Series. (See: | color of its cover; first document in the Rainbow Series. (See: | |||
| Common Criteria, Deprecated Usage under "Green Book", Orange Book, | Common Criteria, Deprecated Usage under "Green Book", Orange Book, | |||
| trust level, trusted system. Compare: TSEC.) | trust level, trusted system. Compare: TSEC.) | |||
| Tutorial: The TCSEC defines classes of hierarchically ordered | Tutorial: The TCSEC defines classes of hierarchically ordered | |||
| assurance levels for rating computer systems. From highest to | assurance levels for rating computer systems. From highest to | |||
| lowest, the classes are as follows: | lowest, the classes are as follows: | |||
| - Division A: Verified protection. | - Division A: Verified protection. | |||
| Beyond A1 Beyond current technology. (See: beyond A1.) | Beyond A1 Beyond current technology. (See: beyond A1.) | |||
| Class A1 Verified design. (See: SCOMP.) | Class A1 Verified design. (See: SCOMP.) | |||
| skipping to change at page 294, line 4 ¶ | skipping to change at page 294, line 7 ¶ | |||
| system, including hardware, firmware, and software, the | system, including hardware, firmware, and software, the | |||
| combination of which is responsible for enforcing a security | combination of which is responsible for enforcing a security | |||
| policy." [NCS04] (See: "trusted" under "trust". Compare: TPM.) | policy." [NCS04] (See: "trusted" under "trust". Compare: TPM.) | |||
| $ Trusted Computing Group (TCG) | $ Trusted Computing Group (TCG) | |||
| (N) A not-for-profit, industry standards organization formed to | (N) A not-for-profit, industry standards organization formed to | |||
| develop, define, and promote open standards for hardware-enabled | develop, define, and promote open standards for hardware-enabled | |||
| trusted computing and security technologies, including hardware | trusted computing and security technologies, including hardware | |||
| building blocks and software interfaces, across multiple | building blocks and software interfaces, across multiple | |||
| platforms, peripherals, and devices. (See: TPM, trusted system. | platforms, peripherals, and devices. (See: TPM, trusted system. | |||
| Compare: TSIG.) | Compare: TSIG.) | |||
| $ trusted distribution | $ trusted distribution | |||
| (I) /COMPUSEC/ "A trusted method for distributing the TCB | (I) /COMPUSEC/ "A trusted method for distributing the TCB | |||
| hardware, software, and firmware components, both originals and | hardware, software, and firmware components, both originals and | |||
| updates, that provides methods for protecting the TCB from | updates, that provides methods for protecting the TCB from | |||
| modification during distribution and for detection of any changes | modification during distribution and for detection of any changes | |||
| to the TCB that may occur." [NCS04] (See: code signing, | to the TCB that may occur." [NCS04] (See: code signing, | |||
| configuration control.) | configuration control.) | |||
| $ trusted key | $ trusted key | |||
| (D) Abbreviation for "trusted public key" and also for other types | (D) Abbreviation for "trusted public key" and also for other types | |||
| of keys. (See: root key, trust anchor key.) | of keys. (See: root key, trust anchor key.) | |||
| Deprecated Usage: ISDs SHOULD either (a) state a definition for | Deprecated Usage: IDOCs SHOULD either (a) state a definition for | |||
| this term or (b) use a different, less ambiguous term. This term | this term or (b) use a different, less ambiguous term. This term | |||
| is ambiguous when it stands alone; e.g., it could refer to a | is ambiguous when it stands alone; e.g., it could refer to a | |||
| trusted public key or to a private key or symmetric key that is | trusted public key or to a private key or symmetric key that is | |||
| believed to be secure (i.e., not compromised). | believed to be secure (i.e., not compromised). | |||
| $ trusted path | $ trusted path | |||
| 1a. (I) /COMPUSEC/ A mechanism by which a computer system user can | 1a. (I) /COMPUSEC/ A mechanism by which a computer system user can | |||
| communicate directly and reliably with the TCB and that can only | communicate directly and reliably with the TCB and that can only | |||
| be activated by the user or the TCB and cannot be imitated by | be activated by the user or the TCB and cannot be imitated by | |||
| untrusted software within the computer. [NCS04] | untrusted software within the computer. [NCS04] | |||
| skipping to change at page 298, line 22 ¶ | skipping to change at page 298, line 25 ¶ | |||
| following types of threat actions: exposure, interception, | following types of threat actions: exposure, interception, | |||
| inference, and intrusion. Some methods of protecting against this | inference, and intrusion. Some methods of protecting against this | |||
| consequence include access control, flow control, and inference | consequence include access control, flow control, and inference | |||
| control. (See: data confidentiality.) | control. (See: data confidentiality.) | |||
| $ unauthorized user | $ unauthorized user | |||
| (I) /access control/ A system entity that accesses a system | (I) /access control/ A system entity that accesses a system | |||
| resource for which the entity has not received an authorization. | resource for which the entity has not received an authorization. | |||
| (See: user. Compare: authorized user, insider, outsider.) | (See: user. Compare: authorized user, insider, outsider.) | |||
| Usage: ISDs that use this term SHOULD state a definition for it | Usage: IDOCs that use this term SHOULD state a definition for it | |||
| because the term is used in many ways and could easily be | because the term is used in many ways and could easily be | |||
| misunderstood. | misunderstood. | |||
| $ uncertainty | $ uncertainty | |||
| (N) An information-theoretic measure (usually stated as a number | (N) An information-theoretic measure (usually stated as a number | |||
| of bits) of the minimum amount of plaintext information that needs | of bits) of the minimum amount of plaintext information that needs | |||
| to be recovered from cipher text to learn the entire plain text | to be recovered from cipher text to learn the entire plain text | |||
| that was encrypted. [SP63] (See: entropy.) | that was encrypted. [SP63] (See: entropy.) | |||
| $ unclassified | $ unclassified | |||
| skipping to change at page 299, line 15 ¶ | skipping to change at page 299, line 18 ¶ | |||
| $ uniform resource identifier (URI) | $ uniform resource identifier (URI) | |||
| (I) A type of formatted identifier (RFC 3986) that encapsulates | (I) A type of formatted identifier (RFC 3986) that encapsulates | |||
| the name of an Internet object, and labels it with an | the name of an Internet object, and labels it with an | |||
| identification of the name space, thus producing a member of the | identification of the name space, thus producing a member of the | |||
| universal set of names in registered name spaces and of addresses | universal set of names in registered name spaces and of addresses | |||
| referring to registered protocols or name spaces. | referring to registered protocols or name spaces. | |||
| Example: HTML uses URIs to identify the target of hyperlinks. | Example: HTML uses URIs to identify the target of hyperlinks. | |||
| Usage: "A URI can be classified as a locator (see: URL), a name | Usage: "A URI can be classified as a locator (see: URL), a name | |||
| (see: URN), or both. . . . Instances of URIs from any given scheme | (see: URN), or both. ... Instances of URIs from any given scheme | |||
| may have the characteristics of names or locators or both, often | may have the characteristics of names or locators or both, often | |||
| depending on the persistence and care in the assignment of | depending on the persistence and care in the assignment of | |||
| identifiers by the naming authority, rather than on any quality of | identifiers by the naming authority, rather than on any quality of | |||
| the scheme." ISDs SHOULD "use the general term 'URI' rather than | the scheme." IDOCs SHOULD "use the general term 'URI' rather than | |||
| the more restrictive terms 'URL' and 'URN'." (RFC 3986) | the more restrictive terms 'URL' and 'URN'." (RFC 3986) | |||
| $ uniform resource locator (URL) | $ uniform resource locator (URL) | |||
| (I) A URI that describes the access method and location of an | (I) A URI that describes the access method and location of an | |||
| information resource object on the Internet. (See: Usage under | information resource object on the Internet. (See: Usage under | |||
| "URI". Compare: URN.) | "URI". Compare: URN.) | |||
| Tutorial: The term URL "refers to the subset of URIs that, besides | Tutorial: The term URL "refers to the subset of URIs that, besides | |||
| identifying a resource, provide a means of locating the resource | identifying a resource, provide a means of locating the resource | |||
| by describing its primary access mechanism (e.g., its network | by describing its primary access mechanism (e.g., its network | |||
| skipping to change at page 300, line 39 ¶ | skipping to change at page 300, line 42 ¶ | |||
| $ URL | $ URL | |||
| (I) See: uniform resource locator. | (I) See: uniform resource locator. | |||
| $ URN | $ URN | |||
| (I) See: uniform resource name. | (I) See: uniform resource name. | |||
| $ user | $ user | |||
| See: system user. | See: system user. | |||
| Usage: ISDs that use this term SHOULD state a definition for it | Usage: IDOCs that use this term SHOULD state a definition for it | |||
| because the term is used in many ways and could easily be | because the term is used in many ways and could easily be | |||
| misunderstood. | misunderstood. | |||
| $ user authentication service | $ user authentication service | |||
| (I) A security service that verifies the identity claimed by an | (I) A security service that verifies the identity claimed by an | |||
| entity that attempts to access the system. (See: authentication, | entity that attempts to access the system. (See: authentication, | |||
| user.) | user.) | |||
| $ User Datagram Protocol (UDP) | $ User Datagram Protocol (UDP) | |||
| (I) An Internet Standard, Transport-Layer protocol (RFC 768) that | (I) An Internet Standard, Transport-Layer protocol (RFC 768) that | |||
| delivers a sequence of datagrams from one computer to another in a | delivers a sequence of datagrams from one computer to another in a | |||
| computer network. (See: UPD flood.) | computer network. (See: UPD flood.) | |||
| Tutorial: UDP assumes that IP is the underlying protocol. UDP | Tutorial: UDP assumes that IP is the underlying protocol. UDP | |||
| enables application programs to send transaction-oriented data to | enables application programs to send transaction-oriented data to | |||
| other programs with minimal protocol mechanism. UDP does not | other programs with minimal protocol mechanism. UDP does not | |||
| provide reliable delivery, flow control, sequencing, or other end- | provide reliable delivery, flow control, sequencing, or other end- | |||
| to-end service guarantees that TCP does. | to-end service guarantees that TCP does. | |||
| $ user identity | ||||
| (I) See: identity. | ||||
| $ user identifier | $ user identifier | |||
| (I) See: identifier. | (I) See: identifier. | |||
| $ user identity | ||||
| (I) See: identity. | ||||
| $ user PIN | $ user PIN | |||
| (O) /MISSI/ One of two PINs that control access to the functions | (O) /MISSI/ One of two PINs that control access to the functions | |||
| and stored data of a FORTEZZA PC card. Knowledge of the user PIN | and stored data of a FORTEZZA PC card. Knowledge of the user PIN | |||
| enables a card user to perform the FORTEZZA functions that are | enables a card user to perform the FORTEZZA functions that are | |||
| intended for use by an end user. (See: PIN. Compare: SSO PIN.) | intended for use by an end user. (See: PIN. Compare: SSO PIN.) | |||
| $ user-PIN ORA (UORA) | $ user-PIN ORA (UORA) | |||
| (O) /MISSI/ A MISSI organizational RA that operates in a mode in | (O) /MISSI/ A MISSI organizational RA that operates in a mode in | |||
| which the ORA performs only the subset of card management | which the ORA performs only the subset of card management | |||
| functions that are possible with knowledge of the user PIN for a | functions that are possible with knowledge of the user PIN for a | |||
| skipping to change at page 301, line 46 ¶ | skipping to change at page 301, line 49 ¶ | |||
| Coordinated Universal Time. Compare: GeneralizedTime.) | Coordinated Universal Time. Compare: GeneralizedTime.) | |||
| Usage: If you care about centuries or millennia, you probably need | Usage: If you care about centuries or millennia, you probably need | |||
| to use the GenralizedTime data type instead of UTCTime. | to use the GenralizedTime data type instead of UTCTime. | |||
| $ v1 certificate | $ v1 certificate | |||
| (N) An abbreviation that ambiguously refers to either an "X.509 | (N) An abbreviation that ambiguously refers to either an "X.509 | |||
| public-key certificate in version 1 format" or an "X.509 attribute | public-key certificate in version 1 format" or an "X.509 attribute | |||
| certificate in version 1 format". | certificate in version 1 format". | |||
| Deprecated Usage: ISDs MAY use this term as an abbreviation of | Deprecated Usage: IDOCs MAY use this term as an abbreviation of | |||
| "version 1 X.509 public-key certificate", but only after using the | "version 1 X.509 public-key certificate", but only after using the | |||
| full term at the first instance. Otherwise, the term is ambiguous, | full term at the first instance. Otherwise, the term is ambiguous, | |||
| because X.509 specifies both v1 public-key certificates and v1 | because X.509 specifies both v1 public-key certificates and v1 | |||
| attribute certificates. (See: X.509 attribute certificate, X.509 | attribute certificates. (See: X.509 attribute certificate, X.509 | |||
| public-key certificate.) | public-key certificate.) | |||
| $ v1 CRL | $ v1 CRL | |||
| (N) Abbreviation of "X.509 CRL in version 1 format". | (N) Abbreviation of "X.509 CRL in version 1 format". | |||
| Usage: ISDs MAY use this abbreviation, but SHOULD use the full | Usage: IDOCs MAY use this abbreviation, but SHOULD use the full | |||
| term at its first occurrence and define the abbreviation there. | term at its first occurrence and define the abbreviation there. | |||
| $ v2 certificate | $ v2 certificate | |||
| (N) Abbreviation of "X.509 public-key certificate in version 2 | (N) Abbreviation of "X.509 public-key certificate in version 2 | |||
| format". | format". | |||
| Usage: ISDs MAY use this abbreviation, but SHOULD use the full | Usage: IDOCs MAY use this abbreviation, but SHOULD use the full | |||
| term at its first occurrence and define the abbreviation there. | term at its first occurrence and define the abbreviation there. | |||
| $ v2 CRL | $ v2 CRL | |||
| (N) Abbreviation of "X.509 CRL in version 2 format". | (N) Abbreviation of "X.509 CRL in version 2 format". | |||
| Usage: ISDs MAY use this abbreviation, but SHOULD use the full | Usage: IDOCs MAY use this abbreviation, but SHOULD use the full | |||
| term at its first occurrence and define the abbreviation there. | term at its first occurrence and define the abbreviation there. | |||
| $ v3 certificate | $ v3 certificate | |||
| (N) Abbreviation of "X.509 public-key certificate in version 3 | (N) Abbreviation of "X.509 public-key certificate in version 3 | |||
| format". | format". | |||
| Usage: ISDs MAY use this abbreviation, but SHOULD use the full | Usage: IDOCs MAY use this abbreviation, but SHOULD use the full | |||
| term at its first occurrence and define the abbreviation there. | term at its first occurrence and define the abbreviation there. | |||
| $ valid certificate | $ valid certificate | |||
| 1. (I) A digital certificate that can be validated successfully. | 1. (I) A digital certificate that can be validated successfully. | |||
| (See: validate, verify.) | (See: validate, verify.) | |||
| 2. (I) A digital certificate for which the binding of the data | 2. (I) A digital certificate for which the binding of the data | |||
| items can be trusted. | items can be trusted. | |||
| $ valid signature | $ valid signature | |||
| (D) Synonym for "verified signature". | (D) Synonym for "verified signature". | |||
| Deprecated Term: ISDs SHOULD NOT use this synonym. This Glossary | Deprecated Term: IDOCs SHOULD NOT use this synonym. This Glossary | |||
| recommends saying "validate the certificate" and "verify the | recommends saying "validate the certificate" and "verify the | |||
| signature"; therefore, it would be inconsistent to say that a | signature"; therefore, it would be inconsistent to say that a | |||
| signature is "valid". (See: validate, verify.) | signature is "valid". (See: validate, verify.) | |||
| $ validate | $ validate | |||
| 1. (I) Establish the soundness or correctness of a construct. | 1. (I) Establish the soundness or correctness of a construct. | |||
| Example: certificate validation. (See: validate vs. verify.) | Example: certificate validation. (See: validate vs. verify.) | |||
| 2. (I) To officially approve something, sometimes in relation to a | 2. (I) To officially approve something, sometimes in relation to a | |||
| standard. Example: NIST validates cryptographic modules for | standard. Example: NIST validates cryptographic modules for | |||
| conformance with FIPS PUB 140 [FP140]. | conformance with [FP140]. | |||
| $ validate vs. verify | $ validate vs. verify | |||
| Usage: To ensure consistency and align with ordinary English | Usage: To ensure consistency and align with ordinary English | |||
| usage, ISDs SHOULD comply with the following two rules: | usage, IDOCs SHOULD comply with the following two rules: | |||
| - Rule 1: Use "validate" when referring to a process intended to | - Rule 1: Use "validate" when referring to a process intended to | |||
| establish the soundness or correctness of a construct (e.g., | establish the soundness or correctness of a construct (e.g., | |||
| "certificate validation"). (See: validate.) | "certificate validation"). (See: validate.) | |||
| - Rule 2: Use "verify" when referring to a process intended to | - Rule 2: Use "verify" when referring to a process intended to | |||
| test or prove the truth or accuracy of a fact or value (e.g., | test or prove the truth or accuracy of a fact or value (e.g., | |||
| "authenticate). (See: verify.) | "authenticate). (See: verify.) | |||
| Tutorial: The Internet security community sometimes uses these two | Tutorial: The Internet security community sometimes uses these two | |||
| terms inconsistently, especially in a PKI context. Most often, | terms inconsistently, especially in a PKI context. Most often, | |||
| however, we say "verify the signature" but say "validate the | however, we say "verify the signature" but say "validate the | |||
| certificate". That is, we "verify" atomic truths but "validate" | certificate". That is, we "verify" atomic truths but "validate" | |||
| data structures, relationships, and systems that are composed of | data structures, relationships, and systems that are composed of | |||
| or depend on verified items. This usage has a basis in Latin: | or depend on verified items. This usage has a basis in Latin: | |||
| skipping to change at page 305, line 54 ¶ | skipping to change at page 305, line 55 ¶ | |||
| $ W3C | $ W3C | |||
| (N) See: World Wide Web Consortium. | (N) See: World Wide Web Consortium. | |||
| $ war dialer | $ war dialer | |||
| (I) /slang/ A computer program that automatically dials a series | (I) /slang/ A computer program that automatically dials a series | |||
| of telephone numbers to find lines connected to computer systems, | of telephone numbers to find lines connected to computer systems, | |||
| and catalogs those numbers so that a cracker can try to break the | and catalogs those numbers so that a cracker can try to break the | |||
| systems. | systems. | |||
| Deprecated Usage: ISDs that use this term SHOULD state a | Deprecated Usage: IDOCs that use this term SHOULD state a | |||
| definition for it because the term could confuse international | definition for it because the term could confuse international | |||
| readers. | readers. | |||
| $ Wassenaar Arrangement | $ Wassenaar Arrangement | |||
| (N) The Wassenaar Arrangement on Export Controls for Conventional | (N) The Wassenaar Arrangement on Export Controls for Conventional | |||
| Arms and Dual-Use Goods and Technologies is a global, multilateral | Arms and Dual-Use Goods and Technologies is a global, multilateral | |||
| agreement approved by 33 countries in July 1996 to contribute to | agreement approved by 33 countries in July 1996 to contribute to | |||
| regional and international security and stability, by promoting | regional and international security and stability, by promoting | |||
| information exchange concerning, and greater responsibility in, | information exchange concerning, and greater responsibility in, | |||
| transfers of arms and dual-use items, thus preventing | transfers of arms and dual-use items, thus preventing | |||
| skipping to change at page 307, line 7 ¶ | skipping to change at page 307, line 9 ¶ | |||
| (I) In the context of a particular cryptographic algorithm, a key | (I) In the context of a particular cryptographic algorithm, a key | |||
| value that provides poor security. (See: strong.) | value that provides poor security. (See: strong.) | |||
| Example: The DEA has four "weak keys" [Schn] for which encryption | Example: The DEA has four "weak keys" [Schn] for which encryption | |||
| produces the same result as decryption. It also has ten pairs of | produces the same result as decryption. It also has ten pairs of | |||
| "semi-weak keys" [Schn] (a.k.a. "dual keys" [FP074]) for which | "semi-weak keys" [Schn] (a.k.a. "dual keys" [FP074]) for which | |||
| encryption with one key in the pair produces the same result as | encryption with one key in the pair produces the same result as | |||
| decryption with the other key. | decryption with the other key. | |||
| $ web, Web | $ web, Web | |||
| 1. (I) /not capitalized/ ISDs SHOULD NOT capitalize "web" when | 1. (I) /not capitalized/ IDOCs SHOULD NOT capitalize "web" when | |||
| using the term (usually as an adjective) to refer generically to | using the term (usually as an adjective) to refer generically to | |||
| technology -- such as web browsers, web servers, HTTP, and HTML -- | technology -- such as web browsers, web servers, HTTP, and HTML -- | |||
| that is used in the Web or similar networks. | that is used in the Web or similar networks. | |||
| 2. (I) /capitalized/ ISDs SHOULD capitalize "Web" when using the | 2. (I) /capitalized/ IDOCs SHOULD capitalize "Web" when using the | |||
| term (as either a noun or an adjective) to refer specifically to | term (as either a noun or an adjective) to refer specifically to | |||
| the World Wide Web. (Similarly, see: internet.) | the World Wide Web. (Similarly, see: internet.) | |||
| Usage: ISDs SHOULD NOT use "web" or "Web" in a way that might | Usage: IDOCs SHOULD NOT use "web" or "Web" in a way that might | |||
| confuse these definitions with the PGP "web of trust". When using | confuse these definitions with the PGP "web of trust". When using | |||
| Web as an abbreviation for "World Wide Web", ISDs SHOULD fully | Web as an abbreviation for "World Wide Web", IDOCs SHOULD fully | |||
| spell out the term at the first instance of usage. | spell out the term at the first instance of usage. | |||
| $ web of trust | $ web of trust | |||
| (D) /PGP/ A PKI architecture in which each certificate user | (D) /PGP/ A PKI architecture in which each certificate user | |||
| defines their own trust anchor(s) by depending on personal | defines their own trust anchor(s) by depending on personal | |||
| relationships. (See: trust anchor. Compare: hierarchical PKI, mesh | relationships. (See: trust anchor. Compare: hierarchical PKI, mesh | |||
| PKI.) | PKI.) | |||
| Deprecated Usage: ISDs SHOULD NOT use this term except with | Deprecated Usage: IDOCs SHOULD NOT use this term except with | |||
| reference to PGP. This term mixes concepts in potentially | reference to PGP. This term mixes concepts in potentially | |||
| misleading ways; e.g., this architecture does not depend on World | misleading ways; e.g., this architecture does not depend on World | |||
| Wide Web technology. Instead of this term, ISDs MAY use "trust- | Wide Web technology. Instead of this term, IDOCs MAY use "trust- | |||
| file PKI". (See: web, Web). | file PKI". (See: web, Web). | |||
| Tutorial: This type of architecture does not usually include | Tutorial: This type of architecture does not usually include | |||
| public repositories of certificates. Instead, each certificate | public repositories of certificates. Instead, each certificate | |||
| user builds their own, private repository of trusted public keys | user builds their own, private repository of trusted public keys | |||
| by making personal judgments about being able to trust certain | by making personal judgments about being able to trust certain | |||
| people to be holding properly certified keys of other people. It | people to be holding properly certified keys of other people. It | |||
| is this set of person-to-person relationships from which the | is this set of person-to-person relationships from which the | |||
| architecture gets its name. | architecture gets its name. | |||
| skipping to change at page 309, line 19 ¶ | skipping to change at page 309, line 19 ¶ | |||
| Morris Worm, virus.) | Morris Worm, virus.) | |||
| $ wrap | $ wrap | |||
| 1. (N) To use cryptography to provide data confidentiality service | 1. (N) To use cryptography to provide data confidentiality service | |||
| for keying material. (See: encrypt, wrapping algorithm, wrapping | for keying material. (See: encrypt, wrapping algorithm, wrapping | |||
| key. Compare: seal, shroud.) | key. Compare: seal, shroud.) | |||
| 2. (D) To use cryptography to provide data confidentiality service | 2. (D) To use cryptography to provide data confidentiality service | |||
| for data in general. | for data in general. | |||
| Deprecated Usage: ISDs SHOULD NOT use this term with definition 2 | Deprecated Usage: IDOCs SHOULD NOT use this term with definition 2 | |||
| because that duplicates the meaning of the more widely understood | because that duplicates the meaning of the more widely understood | |||
| "encrypt". | "encrypt". | |||
| $ wrapping algorithm | $ wrapping algorithm | |||
| (N) An encryption algorithm that is specifically intended for use | (N) An encryption algorithm that is specifically intended for use | |||
| in encrypting keys. (See: KEK, wrap.) | in encrypting keys. (See: KEK, wrap.) | |||
| $ wrapping key | $ wrapping key | |||
| (N) Synonym for "KEK". (See: encrypt. Compare: seal, shroud.) | (N) Synonym for "KEK". (See: encrypt. Compare: seal, shroud.) | |||
| skipping to change at page 311, line 4 ¶ | skipping to change at page 311, line 5 ¶ | |||
| X.509 public-key certificate. | X.509 public-key certificate. | |||
| 2b. subjectName DN of the subject. | 2b. subjectName DN of the subject. | |||
| 3. issuer DN of the issuer (the CA who signed). | 3. issuer DN of the issuer (the CA who signed). | |||
| 4. signature OID of algorithm that signed the cert. | 4. signature OID of algorithm that signed the cert. | |||
| 5. serialNumber Certificate serial number; | 5. serialNumber Certificate serial number; | |||
| an integer assigned by the issuer. | an integer assigned by the issuer. | |||
| 6. attCertValidityPeriod Validity period; a pair of UTCTime | 6. attCertValidityPeriod Validity period; a pair of UTCTime | |||
| values: "not before" and "not after". | values: "not before" and "not after". | |||
| 7. attributes Sequence of attributes describing the | 7. attributes Sequence of attributes describing the | |||
| subject. | subject. | |||
| 8. issuerUniqueId Optional, when a DN is not sufficient. | 8. issuerUniqueId Optional, when a DN is not sufficient. | |||
| 9. extensions Optional. | 9. extensions Optional. | |||
| $ X.509 certificate | $ X.509 certificate | |||
| (N) Synonym for "X.509 public-key certificate". | (N) Synonym for "X.509 public-key certificate". | |||
| Usage: ISDs MAY use this term as an abbreviation of "X.509 public- | Usage: IDOCs MAY use this term as an abbreviation of "X.509 | |||
| key certificate", but only after using the full term at the first | public-key certificate", but only after using the full term at the | |||
| instance. Otherwise, the term is ambiguous, because X.509 | first instance. Otherwise, the term is ambiguous, because X.509 | |||
| specifies both public-key certificates and attribute certificates. | specifies both public-key certificates and attribute certificates. | |||
| (See: X.509 attribute certificate, X.509 public-key certificate.) | (See: X.509 attribute certificate, X.509 public-key certificate.) | |||
| Deprecated Usage: ISDs SHOULD NOT use this term as an abbreviation | Deprecated Usage: IDOCs SHOULD NOT use this term as an | |||
| of "X.509 attribute certificate", because the term is much more | abbreviation of "X.509 attribute certificate", because the term is | |||
| commonly used to mean "X.509 public-key certificate" and, | much more commonly used to mean "X.509 public-key certificate" | |||
| therefore, is likely to be misunderstood. | and, therefore, is likely to be misunderstood. | |||
| $ X.509 certificate revocation list (CRL) | $ X.509 certificate revocation list (CRL) | |||
| (N) A CRL in one of the formats defined by X.509 -- version 1 (v1) | (N) A CRL in one of the formats defined by X.509 -- version 1 (v1) | |||
| or version 2 (v2). (The v1 and v2 designations for an X.509 CRL | or version 2 (v2). (The v1 and v2 designations for an X.509 CRL | |||
| are disjoint from the v1 and v2 designations for an X.509 public- | are disjoint from the v1 and v2 designations for an X.509 public- | |||
| key certificate, and from the v1 designation for an X.509 | key certificate, and from the v1 designation for an X.509 | |||
| attribute certificate.) (See: certificate revocation.) | attribute certificate.) (See: certificate revocation.) | |||
| Usage: ISDs SHOULD NOT refer to an X.509 CRL as a digital | Usage: IDOCs SHOULD NOT refer to an X.509 CRL as a digital | |||
| certificate; however, note that an X.509 CRL does meet this | certificate; however, note that an X.509 CRL does meet this | |||
| Glossary's definition of "digital certificate". That is, like a | Glossary's definition of "digital certificate". That is, like a | |||
| digital certificate, an X.509 CRL makes an assertion and is signed | digital certificate, an X.509 CRL makes an assertion and is signed | |||
| by a CA. But instead of binding a key or other attributes to a | by a CA. But instead of binding a key or other attributes to a | |||
| subject, an X.509 CRL asserts that certain previously issued, | subject, an X.509 CRL asserts that certain previously issued, | |||
| X.509 certificates have been revoked. | X.509 certificates have been revoked. | |||
| Tutorial: An X.509 CRL contains a sequence of data items and has a | Tutorial: An X.509 CRL contains a sequence of data items and has a | |||
| digital signature computed on that sequence. Besides the | digital signature computed on that sequence. Besides the | |||
| signature, both v1 and v2 contain items 2 through 6b listed below. | signature, both v1 and v2 contain items 2 through 6b listed below. | |||
| skipping to change at page 312, line 46 ¶ | skipping to change at page 312, line 47 ¶ | |||
| digital signatures (based on asymmetric cryptography) that can be | digital signatures (based on asymmetric cryptography) that can be | |||
| applied to any digital content (i.e., any data object) including | applied to any digital content (i.e., any data object) including | |||
| other XML material. | other XML material. | |||
| $ Yellow Book | $ Yellow Book | |||
| (D) /slang/ Synonym for "Computer Security Requirements: Guidance | (D) /slang/ Synonym for "Computer Security Requirements: Guidance | |||
| for Applying the [U.S.] Department of Defense Trusted Computer | for Applying the [U.S.] Department of Defense Trusted Computer | |||
| System Evaluation Criteria in Specific Environments" [CSC3] (See: | System Evaluation Criteria in Specific Environments" [CSC3] (See: | |||
| "first law" under "Courtney's laws".) | "first law" under "Courtney's laws".) | |||
| Deprecated Term: ISDs SHOULD NOT use this term as a synonym for | Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for | |||
| that or any other document. Instead, use the full proper name of | that or any other document. Instead, use the full proper name of | |||
| the document or, in subsequent references, a conventional | the document or, in subsequent references, a conventional | |||
| abbreviation. (See: Deprecated Usage under "Green Book", Rainbow | abbreviation. (See: Deprecated Usage under "Green Book", Rainbow | |||
| Series.) | Series.) | |||
| $ zero-knowledge proof | $ zero-knowledge proof | |||
| (I) /cryptography/ A proof-of-possession protocol whereby a system | (I) /cryptography/ A proof-of-possession protocol whereby a system | |||
| entity can prove possession of some information to another entity, | entity can prove possession of some information to another entity, | |||
| without revealing any of that information. (See: proof-of- | without revealing any of that information. (See: proof-of- | |||
| possession protocol.) | possession protocol.) | |||
| skipping to change at page 313, line 28 ¶ | skipping to change at page 313, line 29 ¶ | |||
| $ zombie | $ zombie | |||
| (I) /slang/ An Internet host computer that has been | (I) /slang/ An Internet host computer that has been | |||
| surreptitiously penetrated by an intruder that installed malicious | surreptitiously penetrated by an intruder that installed malicious | |||
| daemon software to cause the host to operate as an accomplice in | daemon software to cause the host to operate as an accomplice in | |||
| attacking other hosts, particularly in distributed attacks that | attacking other hosts, particularly in distributed attacks that | |||
| attempt denial of service through flooding. | attempt denial of service through flooding. | |||
| Deprecated Usage: Other cultures likely use different metaphorical | Deprecated Usage: Other cultures likely use different metaphorical | |||
| terms (such as "robot") for this concept, and some use this term | terms (such as "robot") for this concept, and some use this term | |||
| for different concepts. Therefore, to avoid international | for different concepts. Therefore, to avoid international | |||
| misunderstanding, ISDs SHOULD NOT use this term. Instead, use | misunderstanding, IDOCs SHOULD NOT use this term. Instead, use | |||
| "compromised, coopted computer" or other explicitly descriptive | "compromised, coopted computer" or other explicitly descriptive | |||
| terminology. (See: Deprecated Usage under "Green Book".) | terminology. (See: Deprecated Usage under "Green Book".) | |||
| $ zone of control | $ zone of control | |||
| (O) /EMSEC/ Synonym for "inspectable space". [C4009] (See: | (O) /EMSEC/ Synonym for "inspectable space". [C4009] (See: | |||
| TEMPEST.) | TEMPEST.) | |||
| 5. Informative References | 5. Informative References | |||
| This Glossary focuses on the Internet Standards Process. Therefore, | This Glossary focuses on the Internet Standards Process. Therefore, | |||
| skipping to change at page 315, line 22 ¶ | skipping to change at page 315, line 22 ¶ | |||
| December 1990. | December 1990. | |||
| [B1822] Bolt Baranek and Newman Inc., "Appendix H: Interfacing a | [B1822] Bolt Baranek and Newman Inc., "Appendix H: Interfacing a | |||
| Host to a Private Line Interface", in "Specifications for | Host to a Private Line Interface", in "Specifications for | |||
| the Interconnection of a Host and an IMP", BBN Report No. | the Interconnection of a Host and an IMP", BBN Report No. | |||
| 1822, revised, December 1983. | 1822, revised, December 1983. | |||
| [B4799] ---, "A History of the Arpanet: The First Decade", BBN | [B4799] ---, "A History of the Arpanet: The First Decade", BBN | |||
| Report No. 4799, April 1981. | Report No. 4799, April 1981. | |||
| [BS7799] British Standards Institution, "Information Security | ||||
| Management, Part 1: Code of Practice for Information | ||||
| Security Management", BS 7799-1:1999, 15 May 1999. | ||||
| ---, ---, "Part 2: Specification for Information Security | ||||
| Management Systems", BS 7799-2:1999, 15 May 1999. | ||||
| [Bell] Bell, D. and L. LaPadula, "Secure Computer Systems: | [Bell] Bell, D. and L. LaPadula, "Secure Computer Systems: | |||
| Mathematical Foundations and Model", M74-244, The MITRE | Mathematical Foundations and Model", M74-244, The MITRE | |||
| Corporation, Bedford, MA, May 1973. (Available as AD-771543, | Corporation, Bedford, MA, May 1973. (Available as AD-771543, | |||
| National Technical Information Service, Springfield, VA.) | National Technical Information Service, Springfield, VA.) | |||
| [Biba] K. Biba, "Integrity Considerations for Secure Computer | [Biba] K. Biba, "Integrity Considerations for Secure Computer | |||
| Systems", ESD-TR-76-372, USAF Electronic Systems Division, | Systems", ESD-TR-76-372, USAF Electronic Systems Division, | |||
| Bedford, MA, April 1977. | Bedford, MA, April 1977. | |||
| [BN89] Brewer, D. and M. Nash, "The Chinese wall security policy", | [BN89] Brewer, D. and M. Nash, "The Chinese wall security policy", | |||
| in "Proceedings of IEEE Symposium on Security and Privacy", | in "Proceedings of IEEE Symposium on Security and Privacy", | |||
| May 1989, pp. 205-214. | May 1989, pp. 205-214. | |||
| [BS7799] British Standards Institution, "Information Security | ||||
| Management, Part 1: Code of Practice for Information | ||||
| Security Management", BS 7799-1:1999, 15 May 1999. | ||||
| ---, ---, "Part 2: Specification for Information Security | ||||
| Management Systems", BS 7799-2:1999, 15 May 1999. | ||||
| [C4009] Committee on National Security Systems (U.S. Government), | [C4009] Committee on National Security Systems (U.S. Government), | |||
| "National Information Assurance (IA) Glossary", CNSS | "National Information Assurance (IA) Glossary", CNSS | |||
| Instruction No. 4009, revised May 2003. | Instruction No. 4009, revised May 2003. | |||
| [CCIB] Common Criteria Implementation Board, "Common Criteria for | [CCIB] Common Criteria Implementation Board, "Common Criteria for | |||
| Information Technology Security Evaluation, Part 1: | Information Technology Security Evaluation, Part 1: | |||
| Introduction and General Model", version 2.0, CCIB-98-026, | Introduction and General Model", version 2.0, CCIB-98-026, | |||
| May 1998. | May 1998. | |||
| [Chau] D. Chaum, "Untraceable Electronic Mail, Return Addresses, | [Chau] D. Chaum, "Untraceable Electronic Mail, Return Addresses, | |||
| skipping to change at page 316, line 23 ¶ | skipping to change at page 316, line 23 ¶ | |||
| [Clark] Clark, D. and D. Wilson, "A Comparison of Commercial and | [Clark] Clark, D. and D. Wilson, "A Comparison of Commercial and | |||
| Military computer Security Policies", in "Proceedings of the | Military computer Security Policies", in "Proceedings of the | |||
| IEEE Symposium on Security and Privacy", April 1987, pp. | IEEE Symposium on Security and Privacy", April 1987, pp. | |||
| 184-194. | 184-194. | |||
| [Cons] NSA, "Consistency Instruction Manual for Development of U.S. | [Cons] NSA, "Consistency Instruction Manual for Development of U.S. | |||
| Government Protection Profiles for Use in Basic Robustness | Government Protection Profiles for Use in Basic Robustness | |||
| Environments", Release 2.0, 1 March 2004 | Environments", Release 2.0, 1 March 2004 | |||
| [CORBA] Object Management Group, Inc., "CORBAservices: Common Object | ||||
| Service Specification", December 1998. | ||||
| [CSC1] U.S. DoD Computer Security Center, "Department of Defense | [CSC1] U.S. DoD Computer Security Center, "Department of Defense | |||
| Trusted Computer System Evaluation Criteria", CSC-STD-001- | Trusted Computer System Evaluation Criteria", CSC-STD-001- | |||
| 83, 15 August 1983. (Superseded by [DoD1].) | 83, 15 August 1983. (Superseded by [DoD1].) | |||
| [CSC2] ---, "Department of Defense Password Management Guideline", | [CSC2] ---, "Department of Defense Password Management Guideline", | |||
| CSC-STD-002-85, 12 April 1985. | CSC-STD-002-85, 12 April 1985. | |||
| [CSC3] ---, "Computer Security Requirements: Guidance for Applying | [CSC3] ---, "Computer Security Requirements: Guidance for Applying | |||
| the Department of Defense Trusted Computer System Evaluation | the Department of Defense Trusted Computer System Evaluation | |||
| Criteria in Specific Environments", CSC-STD-003-85, 25 June | Criteria in Specific Environments", CSC-STD-003-85, 25 June | |||
| skipping to change at page 317, line 17 ¶ | skipping to change at page 317, line 20 ¶ | |||
| [DoD1] U.S. DoD, "Department of Defense Trusted Computer System | [DoD1] U.S. DoD, "Department of Defense Trusted Computer System | |||
| Evaluation Criteria", DoD 5200.28-STD, 26 December 1985. | Evaluation Criteria", DoD 5200.28-STD, 26 December 1985. | |||
| (Supersedes [CSC1].) (Superseded by DoD Directive 8500.1.) | (Supersedes [CSC1].) (Superseded by DoD Directive 8500.1.) | |||
| [DoD4] ---, "NSA Key Recovery Assessment Criteria", 8 June 1998. | [DoD4] ---, "NSA Key Recovery Assessment Criteria", 8 June 1998. | |||
| [DoD5] ---, Directive 5200.1, "DoD Information Security Program", | [DoD5] ---, Directive 5200.1, "DoD Information Security Program", | |||
| 13 December 1996. | 13 December 1996. | |||
| [DoD6] ---, "DoD Architecture Framework", Version 1, 30 August | [DoD6] ---, "Department of Defense Technical Architecture Framework | |||
| 2003. | for Information Management, Volume 6: Department of Defense | |||
| (DoD) Goal Security Architecture", Defense Information | ||||
| Systems Agency, Center for Standards, version 3.0, 15 April | ||||
| 1996. | ||||
| [DoD7] ---, "X.509 Certificate Policy for the United States | [DoD7] ---, "X.509 Certificate Policy for the United States | |||
| Department of Defense", version 7, 18 December 2002. | Department of Defense", version 7, 18 December 2002. | |||
| (Superseded by [DoD9].) | (Superseded by [DoD9].) | |||
| [DoD9] ---, "X.509 Certificate Policy for the United States | [DoD9] ---, "X.509 Certificate Policy for the United States | |||
| Department of Defense", version 9, 9 February 2005. | Department of Defense", version 9, 9 February 2005. | |||
| [DoDGSA] ---, "Department of Defense Technical Architecture Framework | [DoD10] ---, "DoD Architecture Framework, Version 1: Deskbook", 9 | |||
| for Information Management, Volume 6: Department of Defense | February 2004. | |||
| (DoD) Goal Security Architecture", Defense Information | ||||
| Systems Agency, Center for Standards, version 3.0, 15 April | ||||
| 1996. | ||||
| [DSG] American Bar Association, "Digital Signature Guidelines: | [DSG] American Bar Association, "Digital Signature Guidelines: | |||
| Legal Infrastructure for Certification Authorities and | Legal Infrastructure for Certification Authorities and | |||
| Secure Electronic Commerce", Chicago, IL, 1 August 1996. | Secure Electronic Commerce", Chicago, IL, 1 August 1996. | |||
| (See: [PAG].) | (See: [PAG].) | |||
| [ElGa] El Gamal, T., "A Public-Key Cryptosystem and a Signature | [ElGa] El Gamal, T., "A Public-Key Cryptosystem and a Signature | |||
| Scheme Based on Discrete Logarithms", in "IEEE Transactions | Scheme Based on Discrete Logarithms", in "IEEE Transactions | |||
| on Information Theory", vol. IT-31, no. 4, 1985, pp. 469- | on Information Theory", vol. IT-31, no. 4, 1985, pp. 469- | |||
| 472. | 472. | |||
| skipping to change at page 328, line 53 ¶ | skipping to change at page 329, line 5 ¶ | |||
| [Raym] Raymond, E., ed., "The On-Line Hacker Jargon File", version | [Raym] Raymond, E., ed., "The On-Line Hacker Jargon File", version | |||
| 4.0.0, 24 July 1996. (See: http://www.catb.org/~esr/jargon | 4.0.0, 24 July 1996. (See: http://www.catb.org/~esr/jargon | |||
| for the latest version. Also, "The New Hacker's Dictionary", | for the latest version. Also, "The New Hacker's Dictionary", | |||
| 3rd edition, MIT Press, September 1996, ISBN 0-262-68092-0.) | 3rd edition, MIT Press, September 1996, ISBN 0-262-68092-0.) | |||
| [Roge] Rogers, H., "An Overview of the CANEWARE Program", in | [Roge] Rogers, H., "An Overview of the CANEWARE Program", in | |||
| "Proceedings of the 10th National Computer Security | "Proceedings of the 10th National Computer Security | |||
| Conference", NIST and NCSC, September 1987. | Conference", NIST and NCSC, September 1987. | |||
| [RSA78] Rivest, R., A. Shamir, and L. Adleman, "A Method for | ||||
| Obtaining Digital Signatures and Public-Key Cryptosystems", | ||||
| in "Communications of the ACM", vol. 21, no. 2, February | ||||
| 1978, pp. 120-126. | ||||
| [RSCG] NSA, "Router Security Configuration Guide: Principles and | [RSCG] NSA, "Router Security Configuration Guide: Principles and | |||
| Guidance for Secure Configuration of IP Routers, with | Guidance for Secure Configuration of IP Routers, with | |||
| Detailed Instructions for Cisco Systems Routers", version | Detailed Instructions for Cisco Systems Routers", version | |||
| 1.0g, C4-054R-00, 20 April 2001, available at | 1.0g, C4-054R-00, 20 April 2001, available at | |||
| http://www.nsa.gov. | http://www.nsa.gov. | |||
| [Russ] Russell, D. et al, Chapter 10 ("TEMPEST") of "Computer | [Russ] Russell, D. et al, Chapter 10 ("TEMPEST") of "Computer | |||
| Security Basics", ISBN 0-937175-71-4, 1991. | Security Basics", ISBN 0-937175-71-4, 1991. | |||
| [SAML] Organization for the Advancement of Structured Information | [SAML] Organization for the Advancement of Structured Information | |||
| skipping to change at page 333, line 33 ¶ | skipping to change at page 333, line 33 ¶ | |||
| Please address all comments to: | Please address all comments to: | |||
| Robert W. Shirey BBN Technologies Corp. | Robert W. Shirey BBN Technologies Corp. | |||
| Email addresses: Suite 400, Mail Stop 30/6C1 | Email addresses: Suite 400, Mail Stop 30/6C1 | |||
| Current - rshirey@bbn.com 1300 Seventeenth Street North | Current - rshirey@bbn.com 1300 Seventeenth Street North | |||
| Long-term - rwshirey@uwalumni.com Arlington, VA 22209-3801 USA | Long-term - rwshirey@uwalumni.com Arlington, VA 22209-3801 USA | |||
| 9. Full Copyright Statement | 9. Full Copyright Statement | |||
| Copyright (C) The Internet Society (2006). This document is subject | Copyright (C) The IETF Trust (2006). | |||
| to the rights, licenses and restrictions contained in BCP 78, and | ||||
| except as set forth therein, the authors retain all their rights. | This document is subject to the rights, licenses and restrictions | |||
| contained in BCP 78, and except as set forth therein, the authors | ||||
| retain all their rights. | ||||
| This document and the information contained herein are provided on an | This document and the information contained herein are provided on an | |||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE IS SPONSORED | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
| BY, THE INTERNET SOCIETY, AND THE INTERNET ENGINEERING TASK FORCE | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND | |||
| DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT | THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS | |||
| LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL | OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF | |||
| NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY | THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | |||
| OR FITNESS FOR A PARTICULAR PURPOSE. | WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | |||
| Expiration Date: 8 March 2007. | Expiration Date: 1 May 2007. | |||
| End of changes. 334 change blocks. | ||||
| 458 lines changed or deleted | 479 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||