Shared Flashcard Set

Details

ECE 422 Midterm #1
Vocab set from reading
116
Computer Science
Undergraduate 4
02/08/2013

Additional Computer Science Flashcards

 


 

Cards

Term
Confidentiality
Definition
The concealment of information or resources.
Term
Cryptographic key
Definition
Controls access to the unscrambled data, but also requires protection
Term
Integrity
Definition
The trustworthiness of data or resources, and it's usually phrased in terms of preventing improper or unauthorized change.
Term
Authentication
Definition
The source of the data
Term
Prevention mechanisms
Definition
Seek to maintain integrity of the data by blocking any unauthorized attempts to change the data or any attempts to change the data in unauthorized ways.
Term
Detection mechanisms
Definition
Simply report that the data's integrity is no longer trustworthy.
Term
Availability
Definition
The ability to use the info or resource desired.
Term
Denial of service attacks
Definition
Attempts to block availability. Difficult to detect.
Term
Threat
Definition
A potential violation of security .
Term
Disclosure
Definition
Unauthorized access to information.
Term
Deception
Definition
Acceptance of false data
Term
Disruption
Definition
Interruption or prevention of correct operation
Term
Usurpation
Definition
Unauthorized control of some part of the system.
Term
Snooping
Definition
Unauthorized interception of information. Type of disclosure.
Term
Wiretapping/passive wiretapping
Definition
A form of snooping in which a network is monitored.
Term
Modification/alteration
Definition
Unauthorized change of information. Can be deception, disruption or usurpation.
Term
Active wiretapping(not snooping)
Definition
A form of modification in which data moving across a network is altered. Ex: man-in-the-middle attack.
Term
Masquerading/spoofing
Definition
An impersonation of one entity by another. Both deception and usurpation.
Term
Delagation(allowed)
Definition
when one entity authorizes another (2nd) entity to perform functions on its behalf.
Term
Repudiation of origin
Definition
A false denial that an entity sent(or created) something. Type of deception.
Term
Denial of receipt
Definition
A false denial that an entity received some information or message. Type of deception.
Term
Denial of service
Definition
A long-term of inhibition of service. Type of usurpation with elements of deception.
Term
Security policy
Definition
A statement of what is, and what is not, allowed.
Term
Security mechanism
Definition
A method, tool, or procedure for enforcing a security policy.
Term
Prevention
Definition
An attack will fail.
Term
Detection
Definition
Indicate the effectiveness of preventative measures, along with notifying user when preventative measures fail.
Term
Assurance
Definition
A basis for determining "how much" to trust a system.
Term
Specification
Definition
A statement of the desired functioning of the system
Term
Design
Definition
Translates a system's specifications into components that will implement them.
Term
Implementation
Definition
Creates a system that satisfies the design.
Term
Legal v. acceptable
Definition
It's legal to have passwords be social security #s, but unacceptable.
Term
Outsiders
Definition
People who have some motive to attack an organization and are not authorized to use that organization's systems.
Term
Insiders
Definition
Those that are authorized to use the computers.
Term
Security policy
Definition
A statement that partitions the states of the system into a set of authorized, or secure, states and a set of unauthorized, or non-secure, states.
Term
Secure system
Definition
A system that starts in an authorized state and cannot enter an unauthorized state.
Term
Breach of security
Definition
Occurs when a system enters an unauthorized state.
Term
Confidentiality
Definition
If X is a set of entities and I is some info, then I has the property of confidentiality with respect to X if no member of X can obtain info about I.
Term
Information flow
Definition
The illicit transmission of information without leakage of rights.
Term
Separation of duties
Definition
No one single entity alone can complete a transaction. Takes multiple persons. Included in the integrity policy.
Term
Security mechanism
Definition
An entity or procedure that enforces some part of the security policy.
Term
Security model
Definition
A model that represents a particular policy or set of policies.
Term
Military security policy/gov't security policy
Definition
A security policy developed primarily to provide confidentiality.
Term
Commercial security policy
Definition
A security policy developed primarily to provide integrity.
Term
Transaction-oriented integrity security policies
Definition
Integrity policies that use the notion of a transaction like database specifications, and require that any actions taken leave the database in a consistent state.
Term
Confidentiality policy
Definition
A security policy dealing only with confidentiality.
Term
Integrity policy
Definition
A security policy dealing only with integrity
Term
Discretionary access control(DAC)/Identity-based access control(IBAC)
Definition
The mechanism that if an individual user can set an access control mechanism to allow or deny access to an object.
Term
Mandatory access control(MAC)/Rule-based access control
Definition
The control as when a system mechanism controls access to an object and an individual user cannot alter that access.
Term
Originator controlled access control
Definition
Bases access on the creator of an object(or info it contains).
Term
Policy language
Definition
A language for representing a security policy
Term
Class
Definition
A set of objects to which a particular access constraint may be applied.
Term
Method
Definition
The set of ways in which an operation can be invoked.
Term
Instantiation
Definition
Occurs when a subject "s" creates an instance of a class "c", and is written "s-|c".
Term
Invocation
Definition
Occurs when a subject S1 executes an object S2(which becomes a subject, because it's active) and is written "S1|->S2".
Term
Login
Definition
Controls access between d_user and d_admin.
Term
Cryptography
Definition
The art and science of concealing meaning.
Term
Category
Definition
Added to each security classification to describe the kinds of information.
Term
Explicit label storage
Definition
A&A database stores explicit labels as parts of the object's attributes.
Term
Range
Definition
A set of labels expressed by a lower bound and an upper bound.
Term
Action
Definition
A request and decision that moves that system from one state to another.
Term
Security-preserving
Definition
If a rule is ssc-preserving, *-property-preserving, and ds-property-preserving.
Term
Principle of tranquility
Definition
States that subjects and objects may not change their security levels once they have been instantiated.
Term
Trusted entities
Definition
Subjects that will remove all sensitive info from the HIGH object before its classification is charged to LOW.
Term
Principle of strong tranquility
Definition
States that security levels do not change during the lifetime of the system.
Term
Principle of weak tranquility
Definition
States that security levels don't change in a way that violates that rules of a given security policy.
Term
Prime number
Definition
An integer "n">1 or 0 that has only 1 and itself as divisors.
Term
Principal
Definition
A unique entity.
Term
Identity
Definition
Specifies a principal
Term
inode
Definition
Marker that uniquely identifies a file.
Term
Absolute path names
Definition
Describe the locations of files with respect to the root of the UNIX file hierarchy.
Term
Relative path names
Definition
Describe the locations of files with respect to the director, in which the current process is executing.
Term
Uniform Resource Locator(URL)
Definition
Identifies an object by specifying its location and the protocol needed to access it.
Term
User
Definition
A identity tied to a single entity.
Term
Setuid
Definition
Programs that create processes with the effective UID being that of the owner of the program rather than that of the user executing the program.
Term
Groups
Definition
Sets of unique entities.
Term
Role
Definition
A type of group that ties membership to a group when they log in
Term
Authentication policy
Definition
Describes the unique entities required to identify the unique entity to whom the certificate is to be issued.
Term
Issuance policy
Definition
Describes the principals to whom the CA will issue certificates.
Term
Policy certification authorities(PCAs)
Definition
Declared by the Internet Policy Registration Authority(IPAA) that all other CAs are subordinate to these
Term
Virtual machine
Definition
A program that simulates the hardware of a(possibly abstract) computer system.
Term
Virtual machine monitor
Definition
A special operating system for virtual machines.
Term
Sandbox
Definition
An environment in which the actions of a process are restricted according to a security policy.
Term
Covert storage channel
Definition
Uses an attribute of the shared resource.
Term
Covert timing channel
Definition
Uses a temporal or ordering relationship among accesses to a shared resource.
Term
Noiseless covert channel
Definition
A covert channel that uses a resource available to the sender and receiver only.
Term
Nosy covert channel
Definition
A covert channel that uses a resource available to subjects other than the sender and receiver, as well as to the sender and receiver.
Term
Risk Analysis
Definition
Defines and controls threats and vulnerabilities as well as implements risk reduction.
Term
Risk assessment
Definition
Determines what the risks are
Term
Risk management
Definition
Evaluating alternative for mitigating risk
Term
Risk communication
Definition
Presenting this material in an understandable way to decision makers and/or users.
Term
Threats
Definition
Set of circumstances that has the potential to cause harm/loss. They are also attacks against key security services, and can trigger vulnerabilities.
Term
Vulnerabilities
Definition
Flaw or weakness in a system that can be exploited to violate system integrity
Term
Baseline Approach to Risk Analysis
Definition
Low overhead for analysis, but could result in practices not appropriate for your organization.
Term
Informal Approach
Definition
Bring an expert to examine, but not follow format process
Term
Detailed Risk Analysis
Definition
Follow formal process with high overhead but catches most vulnerabilities. Most often used.
Term
Plaintext
Definition
Original message p.
Term
Ciphertext
Definition
Encrypted message c.
Term
Key
Definition
Private information k.
Term
Algorithm Encryption
Definition
c=E(p,k)
Term
Decryption Algorithm
Definition
p=D(c,k)
Term
Adversary
Definition
Opponent whose goal is to break cryptosystem.
Term
Anagramming
Definition
1-gram frequencies that match English frequencies, but other n-gram frequencies do not...Rearranged to form n-grams with highest frequencies.
Term
Substitution Ciphers
Definition
Change characters in plaintext to produce ciphertext(i.e. Caesar shift).
Term
Avalanche Effect
Definition
Where a change of one input or key bit results in changing approximately half of the output bits. It is a desirable property of an encryption algorithm, and DES exhibits strong avalanche.
Term
Feistel Network
Definition
Structured to enable use of some S-box and P-box for encryption and decryption. Changes only the key schedule.
Term
AES
Definition
Created in 200 by Rijndael, it has a 20-30 year lifespan, and uses iterative rather than Feistel cipher. It also has 9, 11, or 13 rounds in which state undergoes byte substitution, shift rows, mix columns, and adding round keys.
Term
Finite Field
Definition
A finite set of elements "S", with operations + and * that satisfy certain properties: commutative and distributive laws.
Term
Galois Field
Definition
For any prime "p", there's a unique field with p^n elements. We are interested in GF(2^theta).
Term
Self-Healing Property
Definition
If one block of ciphertext is altered, the error propagates for at most two blocks.
Term
RC4
Definition
Period 10^10, variable length key from 1 to 256, byte based operations, and very efficient.
Term
Hash or Checksums
Definition
Mathematical function to generate a set of "k" bits from a set of "n" bits(where k<=n).
Term
Birthday Paradox
Definition
Probability that 2 people share the same birthday.
Term
MD5
Definition
Keyless crypto hashes. 128 bits, only good for 2^64 bit outcome.
Term
SHA
Definition
Keyless crypto hashes containing 160 bits put forth by NIST and broken by Chinese researchers.
Term
MAC
Definition
Crypto hash and proof of message integrity. Relies on keys to ensure integrity.
Term
HMAC
Definition
Make keyed cryptographic checksums from keyless cryptographic checksums.
Supporting users have an ad free experience!