Term
|
Definition
Preserving authorized restrictions on information access and
disclosure, including means for protecting personal privacy and proprietary information.
A loss of confidentiality is the unauthorized disclosure of information. |
|
|
Term
|
Definition
Guarding against improper information modification or destruction,
including ensuring information nonrepudiation and authenticity. A loss of
integrity is the unauthorized modification or destruction of information. |
|
|
Term
|
Definition
Ensuring timely and reliable access to and use of information.
A loss of availability is the disruption of access to or use of information or an
information system. |
|
|
Term
|
Definition
The property of being genuine and being able to be verified and
trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that
each input arriving at the system came from a trusted source. |
|
|
Term
|
Definition
The security goal that generates the requirement for actions
of an entity to be traced uniquely to that entity. This supports nonrepudiation,
deterrence, fault isolation, intrusion detection and prevention, and after-action
recovery and legal action. Because truly secure systems are not yet an achievable
goal, we must be able to trace a security breach to a responsible party.
Systems must keep records of their activities to permit later forensic analysis to
trace security breaches or to aid in transaction disputes. |
|
|
Term
|
Definition
| An entity that attacks, or is a threat to, a system. |
|
|
Term
|
Definition
An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a
deliberate
attempt (especially in the sense of a method or technique) to evade security services and violate
the security
policy of a system. |
|
|
Term
|
Definition
An action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating
or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective
action can be taken. |
|
|
Term
|
Definition
An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability
with a particular harmful result. |
|
|
Term
|
Definition
A set of rules and practices that specify or regulate how a system or organization provides security services to
protect sensitive and critical system resources. |
|
|
Term
|
Definition
Data contained in an information system; or a service provided by a system; or a system capability, such as
processing power or communication bandwidth; or an item of system equipment (i.e., a system component—
hardware, firmware, software, or documentation); or a facility that houses system operations and equipment. |
|
|
Term
|
Definition
A potential for violation of security, which exists when there is a circumstance, capability, action, or event, that
could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. |
|
|
Term
|
Definition
A flaw or weakness in a system’s design, implementation, or operation and management that could be
exploited to violate the system’s security policy. |
|
|
Term
|
Definition
Including computer systems and other data processing, data storage,
and data communications devices |
|
|
Term
|
Definition
| Including the operating system, system utilities, and applications. |
|
|
Term
|
Definition
| An attempt to alter system resources or affect their operation. |
|
|
Term
|
Definition
An attempt to learn or make use of information from the system
that does not affect system resources. |
|
|
Term
|
Definition
Initiated by an entity inside the security perimeter (an “
insider”).
The insider is authorized to access system resources but uses them in a way not
approved by those who granted the authorization. |
|
|
Term
|
Definition
Initiated from outside the perimeter, by an unauthorized or
illegitimate user of the system (an “outsider”). On the Internet, potential
outside
attackers range from amateur pranksters to organized criminals, international
terrorists, and hostile governments. |
|
|
Term
|
Definition
This can be deliberate, as when an insider intentionally releases
sensitive information, such as credit card numbers, to an outsider. It can also
be the result of a human, hardware, or software error, which results in an entity
gaining unauthorized knowledge of sensitive data. There have been numerous
instances of this, such as universities accidentally posting student confidential
information on the Web. |
|
|
Term
|
Definition
Interception is a common attack in the context of communications.
On a shared local area network (LAN), such as a wireless LAN or a
broadcast Ethernet, any device attached to the LAN can receive a copy of
packets intended for another device. On the Internet, a determined hacker
can gain access to e-mail traffic and other data transfers. All of these situations
create
the potential for unauthorized access to data. |
|
|
Term
|
Definition
An example of inference is known as traffic analysis, in which an
adversary is able to gain information from observing the pattern of traffic on
a network, such as the amount of traffic between particular pairs of hosts on
the network. Another example is the inference of detailed information from
a database by a user who has only limited access; this is accomplished by
repeated queries whose combined results enable inference. |
|
|
Term
|
Definition
An example of intrusion is an adversary gaining unauthorized
access
to sensitive data by overcoming the system’s access control protections. |
|
|
Term
|
Definition
is a threat to either system integrity or data integrity. The following
types of attacks can result in this threat consequence:
Masquerade
Falsification
Repudiation |
|
|
Term
|
Definition
One example of masquerade is an attempt by an unauthorized
user to gain access to a system by posing as an authorized user; this could
happen
if the unauthorized user has learned another user’s logon ID and password.
Another example is malicious logic, such as a Trojan horse, that appears
to perform a useful or desirable function but actually gains unauthorized access
to system resources or tricks a user into executing other malicious
logic. |
|
|
Term
|
Definition
This refers to the altering or replacing of valid data or the introduction
of false data into a file or database. For example, a student may alter
his or her grades on a school database. |
|
|
Term
|
Definition
In this case, a user either denies sending data or a user denies
receiving or possessing the data. |
|
|
Term
|
Definition
is a threat to availability or system integrity. The following types of
attacks can result in this threat consequence:
Incapacitation
Corruption
Obstruction
Usurpation
Misappropriation
Misuse |
|
|
Term
|
Definition
This is an attack on system availability. This could occur as a
result of physical destruction of or damage to system hardware. More typically,
malicious software, such as Trojan horses, viruses, or worms, could operate in
such a way as to disable a system or some of its services. |
|
|
Term
|
Definition
This is an attack on system integrity. Malicious software in this
context could operate in such a way that system resources or services function
in an unintended manner. Or a user could gain unauthorized access to a system
and modify some of its functions. An example of the latter is a user placing
backdoor logic in the system to provide subsequent access to a system and its
resources by other than the usual procedure. |
|
|
Term
|
Definition
One way to obstruct system operation is to interfere with communications
by disabling communication links or altering communication
control information. Another way is to overload the system by placing excess
burden on communication traffic or processing resources. |
|
|
Term
|
Definition
is a threat to system integrity. The following types of attacks can
result in this threat consequence: |
|
|
Term
|
Definition
This can include theft of service. An example is a distributed
denial of service attack, when malicious software is installed on a number of hosts
to be used as platforms to launch traffic at a target host. In this case, the malicious
software makes unauthorized use of processor and operating system resources. |
|
|
Term
|
Definition
Misuse can occur by means of either malicious logic or a hacker that
has gained unauthorized access to a system. In either case, security functions
can be disabled or thwarted. |
|
|
Term
|
Definition
| The protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. |
|
|
Term
| What is the difference between passive and active security threats? |
|
Definition
Passive attacks have to do with eavesdropping on, monitoring, transmissions. Electronic mail, file transfers and client/server exchanges are examples of transmissions that can be monitored.
Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems. |
|
|
Term
| List and briefly define categories of passive and active security attacks. |
|
Definition
Passive attacks: release of message contents and traffic analysis.
Active attacks: masquerade, replay, modification of messages, and denial of service. |
|
|
Term
| List the fundamental security design principles. |
|
Definition
Economy of mechanism
Fail-Safe default
Complete Mediation
Open Design
Separation of Privilege
Least Privilege
Least Common Mechanism
Psychological Acceptability
Isolation
Encapsulation
Modularity
Layering
Least Astonishment |
|
|
Term
|
Definition
| An attack surface consists of the reachable and exploitable vulnerabilities in a system |
|
|
Term
|
Definition
An attack tree is a branching, hierarchical data structure that represents a set of
potential techniques for exploiting security vulnerabilities |
|
|
