Term
|
Definition
| Subject S with Clearance (Ls, Cs) may be granted write access to object O with classification (L0, C0) only if (Ls, Cs) <= (L0, C0) |
|
|
Term
| Advanced Encryption Standard (AES) |
|
Definition
| A specification for the encryption of electronic data. It was adopted by the US government and is now used worldwide. |
|
|
Term
|
Definition
A modal logic of belief.
Wikipedia: A set of rules for defining and analyzing information exchange protocols |
|
|
Term
| Bell-LaPadula Model (BLP) |
|
Definition
| Wikipedia: State machine model for enforcing access control in government and military applications. Uses simple security Property and *-property. |
|
|
Term
| Biba's Low Water Mark Policy |
|
Definition
Where an attribute monotonically floats down when something low reads it. A subject's integrity level fails if it ever reads low integrity information.
If s reads o then i'(s) = min(i(s), i(o)), where i'(s) is the subject's new integrity level after the read. |
|
|
Term
|
Definition
| More trusting of the subject, assuming that a subject can properly filter the information it receives. |
|
|
Term
| Biba's Strict Integrity Policy |
|
Definition
| A mandatory integrity access control policy and is dual of the BLP |
|
|
Term
|
Definition
| monoalphabetic cipher in which each letter is replaced in the encryption by another letter a fixed "distance" away in the alphabet |
|
|
Term
|
Definition
| monoalphabetic cipher in which each letter is replaced in the encryption by another letter a fixed "distance" away in the alphabet |
|
|
Term
|
Definition
| A security Model where read/write access to files is governed by membership of data in conflict-of-interest classes and datasets. |
|
|
Term
|
Definition
| provides a foundation for specifying and analyzing an integrity policy for a computing system. |
|
|
Term
|
Definition
| A virus that attacks unpatched machines by generating a random list of ip addresses to DDOS certain sites. Has a fixed seed and could be removed by rebooting. |
|
|
Term
|
Definition
| A virus that is the same as the version 1 except it has a random seed. |
|
|
Term
|
Definition
| A virus that exploited the buffer-overflow vulnerability in Microsoft's IIS webservers. First it determine sif the system has been infected, if not, it sets up a backdoor. Does not deface web pages or DDOS. Installs in root level and so cannot be fixed with reboot. |
|
|
Term
|
Definition
| A set of standards recognized by 26 countries of how secure systems will be evaluated. |
|
|
Term
|
Definition
| The first practical method for establishing a shared secret over an unsecured communication channel. Both sides agree on prime number p and a base g. This algorithm involved sending g^a mod p and g^b mod p. |
|
|
Term
| Evaluation Assurance Level (EAL) |
|
Definition
| A numerical grade assigned by following the completion of a Common Criteria security evaluation. The level determines the rigor that the product is tested. |
|
|
Term
|
Definition
| An encoding that is guaranteed to find an efficient code for a given language if you know the probability of the symbols. |
|
|
Term
|
Definition
| an adaptive coding algorithm used in many commercial text compression utilities. It builds an encoding on the fly according to the strings it encounters. It is asymptotically opotimal. That is as the text length tends to infinity, the compression approaches optimal. |
|
|
Term
| Lipner's integrity matrix model |
|
Definition
| Combines BLP and BIba Integrity. |
|
|
Term
|
Definition
|
|
Term
| Needham-Schroeder Protocol |
|
Definition
| This is a shared key authentication protocol designed to generate and propagate a session key. No public key infrastructure in place. This is so the receivers knows that a message is fresh. |
|
|
Term
|
Definition
| A computer network authentication protocol designed for use on insecure networks. It allows individuals communicating over network to prove their identity to each other while preventing eavesdropping or replay attacks. Allows detection for modification. |
|
|
Term
|
Definition
|
|
Term
| Pretty Good Privacy (PGP) |
|
Definition
| It is a encryption that uses the best available cryptographic algorithms as building blocks and integrates them into a general purpose algorithm. It is packaged and has documentation including source code. |
|
|
Term
| Principle of Easiest Penetration |
|
Definition
| An intruder will use any means to subvert tthe security of a system. |
|
|
Term
| Principle of Least Privilege |
|
Definition
| Any subject should have access to the minimum amount of information needed to do its job. |
|
|
Term
| Shared Resource Matrix Methodology |
|
Definition
| The idea is to build a table describing system commands and their potential effects on shared attributes of objects. Can be used to find Covert Channels |
|
|
Term
|
Definition
| An example of a polyalphabetic cipher sometimes called a running key cipher because the key is another text |
|
|
Term
|
Definition
| Stores permissions with the objects of the system |
|
|
Term
|
Definition
| Given all subjects and objects in the system, the matrix shows explicitly what accesses are allowed for each subject/object pair |
|
|
Term
|
Definition
It is a policy that shows the subject object accesses. (May be wrong)
(constrains information flowing by subjects reading or writing objects) |
|
|
Term
|
Definition
| the attribute of a cipher that cannot be encrypted and decrypted with the same key |
|
|
Term
|
Definition
| Protection from phishing. This is to make sure that the receiver knows if the sender is really who they think it is. |
|
|
Term
|
Definition
| It is a characteristic on how reliable a system is. |
|
|
Term
|
Definition
| The amount of information that can be transmitted from one thing to another per second. |
|
|
Term
|
Definition
| allow reasoning about what principals within the protocol should be able to infer from the messages they see. Allows abstract proofs, but may miss some important flaws. |
|
|
Term
|
Definition
| Encrypt a group of plaintext symbols as one block. |
|
|
Term
|
Definition
| A mode that generates ciphertext that stores the message in encrypted but recoverable form. |
|
|
Term
|
Definition
| characteristic of an algorithm where if given enough time, an analyst can recover the plaintext |
|
|
Term
|
Definition
| Stores the permissions with subjects |
|
|
Term
|
Definition
| A combination of two or more ciphers. Also known as a product cipher |
|
|
Term
|
Definition
| An electronic equivalent of a "letter of introduction". It is constructed with digital signatures and hash functions. A public key and user's identity are bound together within this. |
|
|
Term
|
Definition
| This authority vouches for the accuracy of the binding of the certificate. |
|
|
Term
|
Definition
| a chain of trust when through certificates. |
|
|
Term
|
Definition
| An attack where the attacker can decrypt selected ciphertack. |
|
|
Term
|
Definition
| An attack where the attacker can cause messages of his choosing to be encrypted. |
|
|
Term
| Cipherblock chaining mode (CBC) |
|
Definition
| Xor each successive plaintext block with the previous ciphertext block and then encrypt. An initialization vector IV is used as a seed for the process. |
|
|
Term
|
Definition
| Each byte is XORed with the first block of the previous output and fed back into the encryption. |
|
|
Term
|
Definition
| Attack where attacker has only encrypted text. |
|
|
Term
|
Definition
| Something is this when it is hard to find two messages with the same hashcode. |
|
|
Term
|
Definition
| writing the plaintext characters in a a number of fixed length rows, then read out column by column. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Secrecy/privacy. answers the question, who can read or write information. |
|
|
Term
|
Definition
| Transforming information in plaintext so the interceptor cannot readily extract it. |
|
|
Term
|
Definition
| The attacker gets logically between the client and service and somehow disrupts the communication |
|
|
Term
|
Definition
| The attacker produces, offers or requests so many services that the server is overwhelmed. |
|
|
Term
|
Definition
| If SL ever sees varying results depending on varying actions by SH, that could be used to send a bit of information from SH to SL in violation of the metapolicy |
|
|
Term
|
Definition
| the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so |
|
|
Term
| Cryptographic hash functions |
|
Definition
| This is used to protect integrity. The qualities it has are that it is difficult to construct without changing the hash itself and it is unlikely that two different hashes have the same hash. |
|
|
Term
|
Definition
| A protocol using cryptographic mechanisms to accomplish some security-related function |
|
|
Term
|
Definition
| the practice and study of techniques for secure communication in the presence of third parties |
|
|
Term
|
Definition
| A system that includes cryptography. |
|
|
Term
|
Definition
| Spreading the information from a region of plaintext widely over the ciphtest |
|
|
Term
|
Definition
| a mathematical scheme for demonstrating the authenticity of a digital message or document |
|
|
Term
| Discretionary Access Control |
|
Definition
| Rule enforcement may be waived or modified by some users. |
|
|
Term
| Distributed Denial of Service (DDOS) |
|
Definition
| These involve co-opting the services of many other machines to participate in the attack, ex: botnet. |
|
|
Term
|
Definition
(L1, S1) dominates (L2, S2) iff
1) L1 > L2
2) S2 subset S1 |
|
|
Term
|
Definition
| PGP uses radix-64 conversion , which makes this compatibility easier. |
|
|
Term
| Electronic Code book Mode |
|
Definition
| Encrypt each block in the plaintext with the same key. |
|
|
Term
|
Definition
| changing plaintext to make it easier to transmit. |
|
|
Term
|
Definition
| to render the message less useful/meaningful to any eavesdropper. |
|
|
Term
|
Definition
| to render an encrypted message into a readable file. |
|
|
Term
|
Definition
| The measure of the information content of an average symbol in the language |
|
|
Term
|
Definition
| A genuine attack is not detected |
|
|
Term
|
Definition
| Harmless behavior is mis-classified as an attack. |
|
|
Term
|
Definition
| Assuming that all symbols are independent of one another. |
|
|
Term
|
Definition
| computing the entropy of a language when the symbols are dependent of 1 or more symbols. |
|
|
Term
|
Definition
| Characteristic of a message that is not a replay from an earlier exchange. |
|
|
Term
| Fundamental Theorem of the noiseless channel |
|
Definition
| If a language has entropy h (bits per symbol) and a channel can transmit C bits per second, then it is possible to encode the signal in such a way as to transmit at an average rate of (C/h) - e symbols per second where e can e made arbitrarily small. It is impossible to transmit t an average rate greater than C/h |
|
|
Term
|
Definition
| The different levels of a subject or object in BLP or Biba's Integrity model |
|
|
Term
|
Definition
| This attempts to turn the message sent into its intended semantics. It gets from protocol steps to logical inferences. One purpose is to omit parts of the message that do not contribute to the beliefs of the recipients. It depends on the interpretation of the meaning of some steps. |
|
|
Term
|
Definition
This is the amount of uncertainty a message resolves
(appropriate unit of measurement is bits?) |
|
|
Term
| Information Flow Policies |
|
Definition
| It specifies the security of the system by stating which flows are allowed. |
|
|
Term
|
Definition
| Sniffing incoming packets and discarding those with source IP addresses outside a given range. |
|
|
Term
|
Definition
| Subject s can write to object o only if i(o) <= i(s) |
|
|
Term
|
Definition
| who can write or modify information? |
|
|
Term
|
Definition
| an asset becomes unusable, unavailable, or lost. |
|
|
Term
|
Definition
| attacker injects spurious messages into a protocol run to disrupt or subvert it. |
|
|
Term
|
Definition
| An unauthorized party gains access to an asset |
|
|
Term
| Intrusion Detection System (IDS) |
|
Definition
| this can analyze traffic patterns and react to anomalous patterns. However, often there is nothing apparently wrong but the volume of requests. An IDS reacts after the attack has begun. |
|
|
Term
| Intrusion prevention System (IPS) |
|
Definition
| attempts to prevent intrusion by more aggressively blocking attempted attacks. This assumes that the attacking traffic can be identified. |
|
|
Term
|
Definition
| given the need to communicate securely, how do the sender and receiver agree on a secret that they can use in the algorithm. If sender and receiver already have a secure channel, do they need this secret? If they don't, how do they give it out securely. |
|
|
Term
|
Definition
| given a large number of keys, how do we preserve their safety and make them available as needed. |
|
|
Term
|
Definition
| A user may want to revoke a public key because the key is compromised, or the limit for the key is up. |
|
|
Term
|
Definition
| Once a key is agreed on, how are they keys exchanged? |
|
|
Term
| Key stream generation mode |
|
Definition
| the cipher is used more as a pseudorandom number generator. The result is a key stream that can be used as in one-time pad. Decryption uses the same key stream. |
|
|
Term
|
Definition
| A algorithm that uses a key |
|
|
Term
|
Definition
| A algorithm that has no key. |
|
|
Term
|
Definition
| set of all possible keys that can be used to initialize cryptographic algorithm. |
|
|
Term
|
Definition
| Attacker has some ciphertext/plaintext pairs |
|
|
Term
|
Definition
| A structure that is formed in an Multi-Level Security system. |
|
|
Term
|
Definition
| It must be possible to recover the entire original sequence of symbols form the transmission. |
|
|
Term
|
Definition
| An encryption algirthm is this if transformations on the ciphertext produce meaningful changes in the plaintext. Ex: C = E(P), it is possible to generate C1 = f(c) such that D(C1) = P1 = f'(P) |
|
|
Term
| Mandatory Access Controls (MAC) |
|
Definition
| Rules are enforced on every attempted access, not at the discretion of any system user. |
|
|
Term
|
Definition
| another name for hash value |
|
|
Term
|
Definition
| The overall security goals of the system |
|
|
Term
|
Definition
| A uniformly substituted cipher where each symbol of the plaintext is exchanged for another symbol. |
|
|
Term
|
Definition
| the application of a computer system to process information with different sensitivities (i.e., at different security levels), permit simultaneous access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization |
|
|
Term
|
Definition
| categories from an unordered set expressing membership within some interest group. e.g. Crypto, Nuclear, Janitorial, Personnel |
|
|
Term
|
Definition
| Can the information be transmitted without loss or distortion |
|
|
Term
|
Definition
| Something is this if it is difficult to change the message because it can be detected |
|
|
Term
|
Definition
| A very general security policy. If security demands that SH must never communicate with SL, there shouldn't be anything that SH can do that has effects visible to SL. |
|
|
Term
|
Definition
| A property of Digital Signatures where S cannot deny producing the signature |
|
|
Term
|
Definition
| short for numbers used once. These are randomly generated values included in messages |
|
|
Term
|
Definition
| The information containers protected by the system (documents, folders, files, directories, databases) |
|
|
Term
|
Definition
| A theoretically perfect cipher |
|
|
Term
|
Definition
| An easily computed function but difficult to invert without additional information. |
|
|
Term
| Output feedback mode (OFB) |
|
Definition
| Similar to CFB except that the quantity XORed with each plaintext block is generated independently of both plaintext and ciphertext. Essentially by repeating encrypting the seed. |
|
|
Term
|
Definition
| a filter that detects patterns of identifiers in the request stream and block messages in that pattern. |
|
|
Term
|
Definition
| A binary relationtion that is reflexive, antisymmetric, and transitive. |
|
|
Term
| Passphrase-based symmetric keys |
|
Definition
| This passphrase is used to protect private keys. |
|
|
Term
|
Definition
| No reduction of the search space is gained from knowing the encryption algorithm, and the ciphertext. The attacker's uncertainty of the message is exactly the same whether or not she has access to the ciphertext. |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| A set of rules for implementing specific security goals |
|
|
Term
| Polyalphabetic Substitution |
|
Definition
| A substitution cipher. If different substitutions are made depending on where in the plaintext the symbol occurs |
|
|
Term
|
Definition
| The string representing any symbol cannot be an initial prefix of the string representing any other symbol |
|
|
Term
|
Definition
| A table of rows containing timestamp, key ID, Public Key, Private key, and user ID. |
|
|
Term
|
Definition
| A combination of two or more ciphers |
|
|
Term
|
Definition
| A description of a family of products in terms of threats, environmental issues and assumptions, security objectives, and requirements of the Common Criteria. It includes overview, product description, product security environment, security objectives, IT security requirements, and rationale. |
|
|
Term
| Pseudo-random number generator |
|
Definition
| A key stream generation modes is used more as this. The result is a keystream that can be used as in one-time pad. |
|
|
Term
| Public Key infrastructure |
|
Definition
| with this infrastructure, if A knows B's public key, then A can send a message securely to B and be assured that a message from B really originated with B. |
|
|
Term
|
Definition
| A table of rows containing timestamp, Key ID, public key, and user ID. It can be indexed by User ID or Key ID. |
|
|
Term
|
Definition
| Maps groups of three octets into four ASCII characters. |
|
|
Term
|
Definition
| In BLP, if an object O exists and Ls >= Lo, then return its current value; otherwise return 0. |
|
|
Term
|
Definition
| In BLP, If object exists O and Ls <= Lo, change its value to V; otherwise do nothing. |
|
|
Term
|
Definition
| In BLP, If no object with name O exists anywhere on the system, create a new object O at level Ls; otherwise do nothing. |
|
|
Term
|
Definition
| In BLP, if nan object with name O exists and the Ls <= Lo, destroy it; otherwise do nothing. |
|
|
Term
|
Definition
| attacker records messages and replays them at a later time. |
|
|
Term
| Role-based access control (RBAC) |
|
Definition
| A widely used security framework claimed to be especially appropriate for commercial settings. It associates permissions with functions/jobs/roles within an organization. |
|
|
Term
|
Definition
| Protection of assets against threats |
|
|
Term
|
Definition
| A label that contains the security level and the category it belongs to that is usually attached to a subject and object |
|
|
Term
|
Definition
| a document that contains the security requirements of a product to be evaluated (TOE), and specifies the measures offered by the product to meet those requirements. It includes an Introduction,TOE description, TOE security environment, Security objectives, IT security requrements, TOE summary specifications, Protection Profile claims. |
|
|
Term
|
Definition
| the breaking up of long messages to be mailed separately in PGP. |
|
|
Term
|
Definition
| The person that sends a message |
|
|
Term
|
Definition
| The person that receives the message |
|
|
Term
|
Definition
| Several different subjects must be involved to complete a critical function |
|
|
Term
|
Definition
| A single subject cannot complete compelmentary roles iwthin a critical process |
|
|
Term
|
Definition
| single-use symmetric key used for encrypting all messages in one communication session. |
|
|
Term
| Shared-key authentication protocol |
|
Definition
| Needham Schroedar is this type of protocol designed to generate and propagate a session key. |
|
|
Term
| Simple Integrity Property |
|
Definition
| Subject S can read object o only if i(s) <= i(o). |
|
|
Term
|
Definition
| Subject S with clearance (Ls, Cs) may be granted access to object O with classification (Lo, Co) only if (Ls, Cs) >= (Lo, Co) |
|
|
Term
| Simple Substitution cipher |
|
Definition
| When a substitution cipher is done uniformly. |
|
|
Term
|
Definition
| A covert channel which uses resource not found or Access denied. SH is recording information within the system state. |
|
|
Term
|
Definition
| convert one symbol of plaintext directly into a symbol of ciphertext. |
|
|
Term
| Strong tranquility property |
|
Definition
| Subjects and objects do not change labels during the lifetime of the system. |
|
|
Term
|
Definition
| Entities that execute activities and request access to objects |
|
|
Term
|
Definition
| A cipher where each symbol of the plaintext is exchanged for another symbol |
|
|
Term
|
Definition
| A cipher that uses the same key to encrypt and decrypt. |
|
|
Term
|
Definition
| The attacker does not respond to the server and it ties up the server resources because it keeps waiting for a response. |
|
|
Term
|
Definition
| An attribute of the system |
|
|
Term
| Target of Evaluation (TOE) |
|
Definition
| The system submitted for evaluation |
|
|
Term
|
Definition
| act of coercion wherein an act is proposed to elicit a negative response |
|
|
Term
|
Definition
| In Public Private Keys, A time that is combined with a private or public key ring to see when the key pair was generated. |
|
|
Term
|
Definition
| A covert channel that records the ordering or duration of events on the system. |
|
|
Term
|
Definition
| A relation that is antisymmetric, transitive, and total |
|
|
Term
|
Definition
| in which the order of symbols is rearranged |
|
|
Term
|
Definition
| A characteristic of a digital signature where it is difficult to recreate the signature. |
|
|
Term
|
Definition
| For any encoded string there must be only one possible decoding |
|
|
Term
|
Definition
| a weakness which allows an attacker to reduce a system's information assurance. |
|
|
Term
|
Definition
| In Biba, it is where an attribute monotonically floats up or down because it reads something that might possibly be bad information. |
|
|
Term
| Weak Tranquility Property |
|
Definition
| Subjects and objects do not change labels in a way that violates the "spirit" of the security policy |
|
|
Term
|
Definition
| Assume that all characters are equally likely in a text. |
|
|
Term
| Words that were not use/not found |
|
Definition
addRoundKey
Capacity
Throughput
Interruption
Modes of Usage
Mix Columns
Nth order markov
Mechanism
Assurance Dinction
Principals
Protocol
Public key algorithm
Security Model
Security Policy
shiftRows
strong cryptosystem
subBytes
Symmetric Channel
Secret Key Algorithm
System High
System Low
Trusted Subject
Unwinding Theorm |
|
|
