Platform for Privacy Preferences (P3P)
Proposed standards developed by the World Wide Web Consortium (W3C) to implement privacy practices on Web sites.
Defines network connectivity that can be easily established, used, and then dismantled.
Connecting to UDP and TCP ports in order to determine the services and applications running on the target host.
The layer of the OSI model that negotiates data transfer syntax for the Application layer and performs translations between different data types, if necessary.
A set of instructions (for example, interrupt handling or special computer instructions) to control features such as storage protection features that are generally executable only when the automated system is operating in the executive state.
Pseudorandom number generator.
Implies sequential execution of instructions based on the von Neumann architecture of a CPU, memory, and inputoutput device. Variables are part of the sets of instructions used to solve a particular problem, and therefore, the data is not separate from the statements.
A program in execution.
The person ultimately responsible for the overall procurement, development, integration, modification, operation, and maintenance of the IT system.
Protection Profile (PP)
In the Common Criteria, an implementationindependent specification of the security requirements and protections of a product that could be built.
protectioncritical portions of the TCB
Those portions of the TCB whose normal function is to deal with access control between subjects and objects. Their correct operation is essential to the protection of the data on the system.
A set of rules and formatssemantic and syntacticthat permits entities to exchange information.
A method of determining or verifying requirements and design specifications. The prototype normally consists of network hardware and software that support a proposed solution. The approach to prototyping is typically a trialanderror experimental process.
public key infrastructure (PKI)
A PKI binds public keys to entities, enables other entities to verify public key bindings, and provides the services needed for ongoing management of keys in a distributed system. The goal of the PKI security architecture is to protect and distribute information that is needed in a widely distributed environment, where the users, resources and stakeholders, are in different places at different times.
The removal of sensitive data from an AIS, AIS storage device, or peripheral device with storage capacity at the end of a processing period. This action is performed in such a way that there is assurance proportional to the sensitivity of the data that the data cannot be reconstructed. An AIS must be disconnected from any external network before a purge. After a purge, the medium can be declassified by observing the review procedures of the respective agency.
Remote Authentication DialIn User Service.
RSA cipher algorithm 4.
A fundamental operation that results only in the flow of information from an object to a subject.
Permission to read information.
The advance planning and preparations that are necessary to minimize loss and to ensure the availability of the critical information systems of an organization.
The actions that are necessary to restore a systems computational capability and data files after a system failure or outagedisruption.
reference monitor concept
An access control concept that refers to an abstract machine that mediates all accesses to objects by subjects.
reference validation mechanism
An implementation of the reference monitor concept. A security kernel is a type of reference validation mechanism.
Testing process used to ensure that existing software functions of the product have not been accidentally damaged as an unintended byproduct of adding raw software features.
Attributes of a software component that are applicable to its attack surface.
The probability of a given system performing its mission adequately for a specified period of time under expected operating conditions.
The portion of risk that remains after security measures have been applied.
If software is compromised, damage to the software will be minimized and it will recover quickly to an acceptable level of service.
Request for comment.
Request for proposal.
(1) A combination of the likelihood that a threat will occur, the likelihood that a threat occurrence will result in an adverse impact, and the severity of the resulting impact. (2) The probability that a particular threat will exploit a particular vulnerability of the system.
The process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. Risk analysis is a part of risk management. Synonymous with risk assessment.
Process of analyzing threats to an IT system, vulnerabilities of a system, and the potential impact that the loss of information or capabilities of a system would have on security. The resulting analysis is used as a basis for identifying appropriate and effective measures.
The total process of identifying, controlling, eliminating, or minimizing uncertain events that might affect system resources. It includes risk analysis, costbenefit analysis, selection, implementation, tests, a security evaluation of safeguards, and an overall security review.
The degree to which a software component or system can function correctly in the presence of invalid or unexpected inputs and unexpected or stressful environmental conditions, including input and conditions that are intentional and malicious.
In rolebased access control, a role is a set of rights granted to a user to perform specific functions within a software application.
A network component that provides internetworking at the Network layer of a networks architecture by allowing individual networks to become part of a WAN. A router works by using logical and physical addresses to connect two or more separate networks. It determines the best path by which to send a packet of information.
Routing Information Protocol (RIP)
A common type of routing protocol. RIP bases its routing path on the distance (number of hops) to the destination. RIP maintains optimum routing paths by sending out routing update messages if the network topology changes.
Software that is part of a system that is life critical should exhibit the property of safety, i.e., it should behave as necessary even if components of the system fail.
An access control based protection mechanism. It is commonly applied to restrict the access rights of mobile code that is downloaded from a Web site as an applet. The code is set up to run in a sandbox that blocks its access to the local workstations hard disk, thus preventing the code from malicious activity. The sandbox is usually interpreted by a virtual machine such as the Java Virtual Machine (JVM).
A computer language variable or field that can hold only one value at a time.
Software development life cycle.
The use of software programming practices that reduce or eliminate software defects or programming errors so that software can be built with a higher level of security and quality assurance.
secure configuration management
The set of procedures that are appropriate for controlling changes to a systems hardware and software structure for the purpose of ensuring that changes will not lead to violations of the systems security policy.
A condition in which no subject can access any object in an unauthorized manner.
An evaluation that is performed to assess the degree of trust that can be placed in systems for the secure handling of sensitive information. One type, a product evaluation, is an evaluation performed on the hardware and software features and assurances of a computer product from a perspective that excludes the application environment. The other type, a system evaluation, is made for the purpose of assessing a systems security safeguards with respect to a specific operational mission it is a major step in the certification and accreditation process.
An event that is a violation of a particular systems explicit or implicit security policy.
security fault analysis
A security analysis, usually performed on hardware at the gate level, to determine the security properties of a device when a hardware fault is encountered.
The securityrelevant functions, mechanisms, and characteristics of system hardware and software. Security features are a subset of system security safeguards.
An error of commission or omission in a system that might enable protection mechanisms to be bypassed.
security flow analysis
A security analysis performed on a formal system specification that locates the potential flows of information within the system.
security functional requirements
Requirements, preferably from the Common Criteria, Part 2, that when taken together specify the security behavior of an IT product or system.
The hardware, firmware, and software elements of a trusted computing base (TCB) that implement the reference monitor concept. The security kernel must mediate all accesses, must be protected from modification, and must be verifiable as correct.
The combination of a hierarchical classification and a set of nonhierarchical categories that represents the sensitivity of information.
Elements of software, firmware, hardware, or procedures that are included in a system for the satisfaction of security specifications.
A statement of intent to counter specified threats andor satisfy specified organizational security policies and assumptions.
The boundary where security controls are in effect to protect assets.
The set of laws, rules, and practices that regulates how an organization manages, protects, and distributes sensitive information.
security policy model
A formal presentation of the security policy enforced by the system. It must identify the set of rules and practices that regulate how a system manages, protects, and distributes sensitive information.
The series of activities that monitor, evaluate, test, certify, accredit, and maintain the system accreditation throughout the system life cycle.
The types and levels of protection that are necessary for equipment, data, information, applications, and facilities to meet the security policy.
security requirements baseline
A description of minimum requirements necessary for a system to maintain an acceptable level of security.
The proactive protective measures and controls that are prescribed to meet the security requirements specified for a system. Those safeguards can include (but are not necessarily limited to) the following hardware and software security features, operating procedures, accountability procedures, access and distribution controls, management constraints, personnel security, and physical structures, areas, and devices. Also called safeguards.
A detailed description of the safeguards required to protect a system.
Security Target (ST)
(1) In the Common Criteria, a listing of the security claims for a particular IT security product. (2) A set of security functional and assurance requirements and specifications to be used as the basis for evaluating an identified product or system.
Security Test and Evaluation (ST&E)
Examination and analysis of the safeguards required to protect an IT system, as they have been applied in an operational environment, to determine the security posture of that system.
A process that is used to determine that the security features of a system are implemented as designed. This process includes handson functional testing, penetration testing, and verification.
A property of system requirements, design, implementation, or operation that could be accidentally triggered or intentionally exploited and result in a security failure.
Information that, if lost, misused, modified, or accessed by unauthorized individuals, could affect the national interest or the conduct of federal programs or the privacy to which individuals are entitled under Section 552a of Title 5, U.S. Code, but that has not been specifically authorized under criteria established by an executive order or an act of Congress to be kept classified in the interest of national defense or foreign policy. The concept of sensitive information can apply to privatesector entities as well.
A piece of information that represents the security level of an object. Sensitivity labels are used by the TCB as the basis for mandatory access control decisions.
The context in which a software component operates consisting of type of service, authentication mechanism, and identities.
One of the seven OSI model layers. Establishes, manages, and terminates sessions between applications.
shared key authentication
A type of authentication that assumes each station has received a secret shared key through a secure channel, independent from an 802.11 network. Stations authenticate through shared knowledge of the secret key. Use of shared key authentication requires implementation of the 802.11 Wired Equivalent Privacy (WEP) algorithm.
Simple Mail Transfer Protocol (SMTP)
The Internet email protocol.
Simple Network Management Protocol (SNMP)
The network management protocol of choice for TCPIPbased Internets. Widely implemented with 10BASET Ethernet, this network management protocol defines information transfer among management information bases (MIBs).
simple security property
A BellLaPadula security model rule enabling a subject read access to an object only if the security level of the subject dominates the security level of the object. Synonymous with simple security condition.
Software life cycle.
Attacks targeting an organizations employees through the use of social skills to obtain sensitive information.
The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner.
software development life cycle process
The process using a model to translate user needs into a software product.
The science and art of specifying, designing, implementing, and evolving programs, documentation, and operating procedures whereby computers can be made useful to humans.
A set of activities, methods, and practices that are used to develop and maintain software and associated products.
software process capability
Describes the range of expected results that can be achieved by following a software process.
software process maturity
The extent to which a software process is defined, managed, measured, controlled, and effective.
software process performance
The result achieved by following a software process.
Generalpurpose executive, utility, or software development tools and applications programs or routines that protect data that are handled by a system.
software system test and evaluation process
A process that plans, develops, and documents the quantitative demonstration of the fulfillment of all baseline functional performance and operational and interface requirements.
A portion of code that may lead to a vulnerability.
software intensive system
A system in which the majority of components and functionalities are implemented in software.
A series of statements written in a human readable computer programming language.
An attempt to gain access to a system by posing as an authorized user. Synonymous with impersonating, masquerading, or mimicking.
The process of an attacker inserting SQL statements into a query by exploiting vulnerability for the purpose of sending commands to a Web server database.
Secure Sockets Layer.
System security officer.
standalone (shared system)
A system that is physically and electrically isolated from all other systems and intended to be used by more than one person, either simultaneously (for example, a system that has multiple terminals) or serially, with data belonging to one user remaining available to the system while another user uses the system (for example, a personal computer that has nonremovable storage media, such as a hard disk).
standalone (singleuser system)
A system that is physically and electrically isolated from all other systems and is intended to be used by one person at a time, with no data belonging to other users remaining in the system (for example, a personal computer that has removable storage media, such as a floppy disk).
star property ( property)
A BellLaPadula security model rule giving a subject write access to an object only if the security level of the object dominates the security level of the subject. Also called the confinement property.
A variable that represents either the state of the system or the state of some system resource.
Structured Query Language (SQL)
An international standard for defining and accessing relational databases.
An active entity, generally in the form of a person, process, or device, that causes information to flow among objects or that changes the system state. Technically, a processdomain pair.
An intentional violation of softwares integrity or security controls in order to compromise the software or system.
The capability of software is to fulfill its objectives in the presence of attacks, failures, or accidents.
symmetric (private) key encryption
Cryptographic system in which the sender and receiver both know a secret key that is used to encrypt and decrypt a message.
synchronous optical networking (SONET)
A fiberoptic transmission system for highspeed digital traffic. SONET is part of the BISDN standard.
A type of communications data synchronization whereby frames are sent within defined time periods. It uses a clock to control the timing of bits being sent.
A set of interrelated components consisting of mission, environment, and architecture as a whole. Also, a data processing facility.
system development methodologies
Methodologies developed through software engineering to manage the complexity of system development. Development methodologies include software engineering aids and highlevel design analysis tools.
A system subject (user or process) or object.
A characteristic of a system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
The lowest security level supported by a system at a particular time or in a particular environment.
A type of testing that verifies the installation of the entire network. Testers normally complete system testing in a simulated production environment, simulating actual users in order to ensure the network meets all stated requirements.
Input data that has not been examined or sanitized prior to use by an application.
An unauthorized modification that alters the proper functioning of an equipment or system in a manner that degrades the security or functionality that it provides.
Target of Evaluation (TOE)
In the Common Criteria, TOE refers to the product to be tested.
An attack that can be perpetrated by circumventing or nullifying hardware and software protection mechanisms, rather than by subverting system personnel or other users.
A hardware, firmware, communication, or software flaw that leaves a computer processing system open for potential exploitation, either externally or internallythereby resulting in a risk to the owner, user, or manager of the system.
A virtual terminal protocol used in the Internet, enabling users to log in to a remote host. TELNET is defined as part of the TCPIP protocol suite.
Transient ElectroMagnetic Pulse Emanations Standard, the U.S. Government standard for control of spurious compromising emanations emitted by electrical equipment also used to refer to the investigation, study, and control of such emanations.
A method that is used to exploit a vulnerability in a system, operation, or facility.
The examination of all actions and events that might adversely affect a system or operation.
Any circumstance or event with the potential to cause harm to an IT system in the form of destruction, disclosure, adverse modification of data, andor denial of service.
A characterization of the threat based on a violation of confidentiality, integrity, or availability (CIA) the asset being targeted the role of the user and type of accessibility. Helps refine the application context to aid in the process of analyzing the threats.
The analysis, assessment, and review of audit trails and other data that are collected for the purpose of searching for system events that might constitute violations or attempted violations of system security.
Transport Layer Security.
A nonprocedural description of system behavior at the most abstract level typically, a functional specification that omits all implementation details.
A description of the networks geographical layout of nodes and links.
Software utility used to determine the path to a target computer.
Transmission Control Protocol (TCP)
A commonly used protocol for establishing and maintaining communications between applications on different computers. TCP provides fullduplex, acknowledged, and flowcontrolled service to upperlayer protocols and applications.
Transmission Control Protocol Internet Protocol (TCPIP)
A de facto industrystandard protocol for interconnecting disparate networks. TCPIP are standard protocols that define both the reliable fullduplex transport level and the connectionless, besteffort unit of information passed across an internetwork.
OSI model layer that provides mechanisms for the establishment, maintenance, and orderly termination of virtual circuits while shielding the higher layers from the network implementation details.
A hidden software or hardware mechanism that can be triggered to permit system protection mechanisms to be circumvented. It is activated in a manner that appears innocentfor example, a special random key sequence at a terminal. Software developers often introduce trap doors in their code to enable them to reenter the system and perform certain functions. Synonymous with back door.
A computer program that has an apparently or actually useful function but contains additional (hidden) functions that surreptitiously exploit the legitimate authorizations of the invoking process to the detriment of security or integrity.
When a security tool reports a weakness that is actually present.
In a relationship between entities, the confidence that each entity will behave as expected.
trusted computer system
A system that employs sufficient hardware and software assurance measures to enable its use for simultaneous processing of a range of sensitive or classified information.
trusted computing base (TCB)
The totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system. The ability of a TCB to correctly enforce a unified security policy depends solely on the mechanisms within the TCB and on the correct input of parameters by system administrative personnel (for example, a users clearance level) related to the security policy
A trusted method for distributing the TCB hardware, software, and firmware components, both originals and updates, that provides methods for protecting the TCB from modification during distribution and for the detection of any changes to the TCB that might occur.
A mechanism by which a person at a terminal can communicate directly with the TCB. This mechanism can be activated only by the person or by the TCB and cannot be imitated by untrusted software.
A process whose incorrect or malicious execution is capable of violating system security policy.
The software portion of the TCB.
The property of software that can be attained with justifiable confidence that the software does not contain any exploitable vulnerabilities or malicious logic.
A process that has not been evaluated or examined for adherence to the security policy. It might include incorrect or malicious code that attempts to circumvent the security mechanisms.
(1) A person or process that is accessing an AIS either by direct connections (for example, via terminals) or by indirect connections (in other words, preparing input data or receiving output that is not reviewed for content or classification by a responsible individual). (2) Person or process authorized to access an IT system.
User Datagram Protocol
UDP uses the underlying Internet Protocol (IP) to transport a message. This is an unreliable, connectionless delivery scheme. It does not use acknowledgments to ensure that messages arrive and does not provide feedback to control the rate of information flow. UDP messages can be lost, duplicated, or arrive out of order.
A unique symbol or character string that is used by a system to identify a specific user.
Validation is a process to evaluate whether software will satisfy its particular requirements (functional and nonfunctional) for its specific intended purpose.
Verification is a process to evaluate whether software conforms to the specifications, regulations, or other conditions imposed on it while it was being developed.
verification and validation (V&V)
The term V&V typically refers to all of the verification and validation activities that are undertaken to ensure that software will function according to its specification.
A self propagating Trojan horse composed of a mission component, a trigger component, and a self propagating component.
A weakness in system security procedures, system design, implementation, internal controls, and so on that could be exploited to violate system security policy.
A measurement of vulnerability that includes the susceptibility of a particular system to a specific attack and the opportunities that are available to a threat agent to mount that attack.
Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.
A bug found in software that has the potential of being exploited as a vulnerability when the software is operational.
weakness suppression system
A feature that permits the user to flag a line of code not to be reported by the tool in subsequent scans.
white box test
A test in which the ethical hacking team has full knowledge of the target information system.
white hat hacker
An individual who conducts ethical hacking to help secure and protect and organizations information systems.
wide area network (WAN)
A network that interconnects users over a wide area, usually encompassing different metropolitan areas.
Wired Equivalency Privacy (WEP)
The algorithm of the 802.11 wireless LAN standard that is used to protect transmitted information from disclosure. WEP is designed to prevent the violation of the confidentiality of data transmitted over the wireless LAN. WEP generates secret shared encryption keys that both source and destination stations use to alter frame bits to avoid disclosure to eavesdroppers.
Describes any computing device that can access a network without a wired connection.
Wireless local area network.
An estimate of the effort or time needed by a potential intruder who has specified expertise and resources to overcome a protective measure.
work function (factor)
The difficulty in recovering plaintext from ciphertext, as measured by cost andor time. The security of the system is directly proportional to the value of the work function. The work function need only be large enough to suffice for the intended application. If the message to be protected loses its value after a short period of time, the work function need only be large enough to ensure that the decryption would be highly infeasible in that period of time.
A fundamental operation that results only in the flow of information from a subject to an object.
The act of erasing sensitive parameters from a cryptographic module.
The practice of erasing sensitive parameters (especially keys) from a cryptographic module to prevent their disclosure. The keys are typically zeroized (erased) in response to an attempt to tamper with the module.