measures to protect the system. (3.) The condition of system
resources being free from unauthorized access and from
unauthorized or accidental change, destruction, or loss.
$ security architecture
(I) A plan and set of principles that describe (a) the security
services that a system is required to provide to meet the needs of
its users, (b) the system elements required to implement the
services, and (c) the performance levels required in the elements
to deal with the threat environment. (See: (discussion under)
(C) A security architecture is the result of applying the system
engineering process. A complete system security architecture
includes administrative security, communication security, computer
security, emanations security, personnel security, and physical
security (e.g., see: [R2179]). A complete security architecture
needs to deal with both intentional, intelligent threats and
accidental kinds of threats.
$ security association
(I) A relationship established between two or more entities to
enable them to protect data they exchange. The relationship is
used to negotiate characteristics of protection mechanisms, but
does not include the mechanisms themselves. (See: association.)
(C) A security association describes how entities will use
security services. The relationship is represented by a set of
information that is shared between the entities and is agreed upon
and considered a contract between them.
(O) IPsec usage: A simplex (uni-directional) logical connection
created for security purposes and implemented with either AH or
ESP (but not both). The security services offered by a security
association depend on the protocol selected, the IPsec mode
(transport or tunnel), the endpoints, and the election of optional
services within the protocol. A security association is identified
by a triple consisting of (a) a destination IP address, (b) a
protocol (AH or ESP) identifier, and (c) a Security Parameter
$ security association identifier (SAID)
(I) A data field in a security protocol (such as NLSP or SDE),
used to identify the security association to which a protocol data
unit is bound. The SAID value is usually used to select a key for
decryption or authentication at the destination. (See: Security
$ security audit
(I) An independent review and examination of a system's records
and activities to determine the adequacy of system controls,
ensure compliance with established security policy and procedures,
detect breaches in security services, and recommend any changes
that are indicated for countermeasures. [I7498 Part 2, NCS01]
(C) The basic audit objective is to establish accountability for
system entities that initiate or participate in security-relevant
events and actions. Thus, means are needed to generate and record
a security audit trail and to review and analyze the audit trail
to discover and investigate attacks and security compromises.
$ security audit trail
(I) A chronological record of system activities that is sufficient
to enable the reconstruction and examination of the sequence of
environments and activities surrounding or leading to an
operation, procedure, or event in a security-relevant transaction
from inception to final results. [NCS04] (See: security audit.)
$ security class
(D) A synonym for "security level". For consistency, ISDs SHOULD
use "security level" instead of "security class".
$ security clearance
(I) A determination that a person is eligible, under the standards
of a specific security policy, for authorization to access
sensitive information or other system resources. (See: clearance
$ security compromise
(I) A security violation in which a system resource is exposed, or
is potentially exposed, to unauthorized access. (See: data
$ security domain
$ security environment
(I) The set of external entities, procedures, and conditions that
affect secure development, operation, and maintenance of a system.
$ security event
(I) A occurrence in a system that is relevant to the security of
the system. (See: security incident.)
(C) The term includes both events that are security incidents and
those that are not. In a CA workstation, for example, a list of
security events might include the following:
- Performing a cryptographic operation, e.g., signing a digital
certificate or CRL.
- Performing a cryptographic card operation: creation, insertion,
removal, or backup.
- Performing a digital certificate lifecycle operation: rekey,
renewal, revocation, or update.
- Posting information to an X.500 Directory.
- Receiving a key compromise notification.
- Receiving an improper certification request.
- Detecting an alarm condition reported by a cryptographic
- Logging the operator in or out.
- Failing a built-in hardware self-test or a software system
$ security fault analysis
(I) A security analysis, usually performed on hardware at a logic
gate level, gate-by-gate, to determine the security properties of
a device when a hardware fault is encountered.
$ security gateway
(I) A gateway that separates trusted (or relatively more trusted)
hosts on the internal network side from untrusted (or less
trusted) hosts on the external network side. (See: firewall and
(O) IPsec usage: "An intermediate system that implements IPsec
protocols." [R2401] Normally, AH or ESP is implemented to serve a
set of internal hosts, providing security services for the hosts
when they communicate with other, external hosts or gateways that
also implement IPsec.
$ security incident
(I) A security event that involves a security violation. (See:
CERT, GRIP, security event, security intrusion, security
(C) In other words, a security-relevant system event in which the
system's security policy is disobeyed or otherwise breached.
(O) "Any adverse event which compromises some aspect of computer
or network security." [R2350]
(D) ISDs SHOULD NOT use this "O" definition because (a) a security
incident may occur without actually being harmful (i.e., adverse)
and (b) this Glossary defines "compromise" more narrowly in
relation to unauthorized access.
$ security intrusion
(I) A security event, or a combination of multiple security
events, that constitutes a security incident in which an intruder
gains, or attempts to gain, access to a system (or system
resource) without having authorization to do so.
$ security kernel
(I) "The hardware, firmware, and software elements of a trusted
computing base that implement the reference monitor concept. It
must mediate all accesses, be protected from modification, and be
verifiable as correct." [NCS04] (See: reference monitor.)
(C) That is, a security kernel is an implementation of a reference
monitor for a given hardware base.
$ security label
(I) A marking that is bound to a system resource and that names or
designates the security-relevant attributes of that resource.
[I7498 Part 2, R1457]
(C) The recommended definition is usefully broad, but usually the
term is understood more narrowly as a marking that represents the
security level of an information object, i.e., a marking that
indicates how sensitive an information object is. [NCS04]
(C) System security mechanisms interpret security labels according
to applicable security policy to determine how to control access
to the associated information, otherwise constrain its handling,
and affix appropriate security markings to visible (printed and
displayed) images thereof. [FP188]
$ security level
(I) The combination of a hierarchical classification level and a
set of non-hierarchical category designations that represents how
sensitive information is. (See: (usage note under) classification
level, dominate, lattice model.)
$ security management infrastructure (SMI)
(I) System elements and activities that support security policy by
monitoring and controlling security services and mechanisms,
distributing security information, and reporting security events.
The associated functions are as follows [I7498-4]:
- Controlling (granting or restricting) access to system
resources: This includes verifying authorizations and
identities, controlling access to sensitive security data, and
modifying access priorities and procedures in the event of
- Retrieving (gathering) and archiving (storing) security
information: This includes logging security events and
analyzing the log, monitoring and profiling usage, and
reporting security violations.
- Managing and controlling the encryption process: This includes
performing the functions of key management and reporting on key
management problems. (See: public-key infrastructure.)
$ security mechanism
(I) A process (or a device incorporating such a process) that can
be used in a system to implement a security service that is
provided by or within the system. (See: (discussion under)
(C) Some examples of security mechanisms are authentication
exchange, checksum, digital signature, encryption, and traffic
$ security model
(I) A schematic description of a set of entities and relationships
by which a specified set of security services are provided by or
within a system. (See: (discussion under) security policy.)
(C) An example is the Bell-LaPadula Model.
$ security parameters index (SPI)
(I) IPsec usage: The type of security association identifier used
in IPsec protocols. A 32-bit value used to distinguish among
different security associations terminating at the same
destination (IP address) and using the same IPsec security
protocol (AH or ESP). Carried in AH and ESP to enable the
receiving system to determine under which security association to
process a received packet.
$ security perimeter
(I) The boundary of the domain in which a security policy or
security architecture applies; i.e., the boundary of the space in
which security services protect system resources.
$ security policy
(I) A set of rules and practices that specify or regulate how a
system or organization provides security services to protect
sensitive and critical system resources. (See: identity-based
security policy, rule-based security policy, security
architecture, security mechanism, security model.)
(O) "The set of rules laid down by the security authority
governing the use and provision of security services and
(C) Ravi Sandhu notes that security policy is one of four layers
of the security engineering process (as shown in the following
diagram). Each layer provides a different view of security,
ranging from what services are needed to how services are
What Security Services Should Be Provided?
| + - - - - - - - - - - - +
| | Security Policy |
| + - - - - - - - - - - - + + - - - - - - - - - - - - - - +
| | Security Model | | A "top-level specification" |
| + - - - - - - - - - - - + <- | is at a level below "model" |
| | Security Architecture | | but above "architecture". |
| + - - - - - - - - - - - + + - - - - - - - - - - - - - - +
| | Security Mechanism |
| + - - - - - - - - - - - +
How Are Security Services Implemented?
$ Security Protocol 3 (SP3)
(O) A protocol [SDNS3] developed by SDNS to provide connectionless
data security at the top of OSI layer 3. (See: NLSP.)
$ Security Protocol 4 (SP4)
(O) A protocol [SDNS4] developed by SDNS to provide either
connectionless or end-to-end connection-oriented data security at
the bottom of OSI layer 4. (See: TLSP.)
$ security-relevant event
See: security event.
$ security service
(I) A processing or communication service that is provided by a
system to give a specific kind of protection to system resources.
(See: access control service, audit service, availability service,
data confidentiality service, data integrity service, data origin
authentication service, non-repudiation service, peer entity
authentication service, system integrity service.)
(O) "A service, provided by a layer of communicating open systems,
which ensures adequate security of the systems or the data
transfers." [I7498 Part 2]
(C) Security services implement security policies, and are
implemented by security mechanisms.
$ security situation
(I) ISAKMP usage: The set of all security-relevant information--
e.g., network addresses, security classifications, manner of
operation (normal or emergency)--that is needed to decide the
security services that are required to protect the association
that is being negotiated.
$ security token
$ security violation
(I) An act or event that disobeys or otherwise breaches security
policy. (See: compromise, penetration, security incident.)
$ self-signed certificate
(I) A public-key certificate for which the public key bound by the
certificate and the private key used to sign the certificate are
components of the same key pair, which belongs to the signer.
(See: root certificate.)
(C) In a self-signed X.509 public-key certificate, the issuer's DN
is the same as the subject's DN.
$ semantic security
(I) An attribute of a encryption algorithm that is a formalization
of the notion that the algorithm not only hides the plaintext but
also reveals no partial information about the plaintext. Whatever
is efficiently computable about the plaintext when given the
ciphertext, is also efficiently computable without the ciphertext.
$ sensitive (information)
(I) Information is sensitive if disclosure, alteration,
destruction, or loss of the information would adversely affect the
interests or business of its owner or user. (See: critical.)
$ separation of duties
(I) The practice of dividing the steps in a system function among
different individuals, so as to keep a single individual from
subverting the process. (See: dual control, administrative
$ serial number
See: certificate serial number.
(I) A system entity that provides a service in response to
requests from other system entities called clients.
$ session key
(I) In the context of symmetric encryption, a key that is
temporary or is used for a relatively short period of time. (See:
ephemeral key, key distribution center, master key.)
(C) Usually, a session key is used for a defined period of
communication between two computers, such as for the duration of a
single connection or transaction set, or the key is used in an
application that protects relatively large amounts of data and,
therefore, needs to be rekeyed frequently.
See: SET Secure Electronic Transaction(trademark).
$ SET private extension
(O) One of the private extensions defined by SET for X.509
certificates. Carries information about hashed root key,
certificate type, merchant data, cardholder certificate
requirements, encryption support for tunneling, or message support
for payment instructions.
$ SET qualifier
(O) A certificate policy qualifier that provides information about
the location and content of a SET certificate policy.
(C) In addition to the policies and qualifiers inherited from its
own certificate, each CA in the SET certification hierarchy may
add one qualifying statement to the root policy when the CA issues
a certificate. The additional qualifier is a certificate policy
for that CA. Each policy in a SET certificate may have these
- A URL where a copy of the policy statement may be found.
- An electronic mail address where a copy of the policy statement
may be found.
- A hash result of the policy statement, computed using the
- A statement declaring any disclaimers associated with the
issuing of the certificate.
$ SET Secure Electronic Transaction(trademark) or SET(trademark)
(N) A protocol developed jointly by MasterCard International and
Visa International and published as an open standard to provide
confidentiality of transaction information, payment integrity, and
authentication of transaction participants for payment card
transactions over unsecured networks, such as the Internet. [SET1]
(See: acquirer, brand, cardholder, dual signature, electronic
commerce, issuer, merchant, payment gateway, third party.)
(C) This term and acronym are trademarks of SETCo. MasterCard and
Visa announced the SET standard on 1 February 1996. On 19 December
1997, MasterCard and Visa formed SET Secure Electronic Transaction
LLC (commonly referred to as "SETCo") to implement the SET 1.0
specification. A memorandum of understanding adds American Express
and JCB Credit Card Company as co-owners of SETCo.
See: (secondary definition under) SET Secure Electronic
See: Secure Hash Standard.
$ shared secret
(I) A synonym for "keying material" or "cryptographic key".
See: Secure HTTP.
(I) Create a digital signature for a data object.
See: digital signature, electronic signature.
$ signature certificate
(I) A public-key certificate that contains a public key that is
intended to be used for verifying digital signatures, rather than
for encrypting data or performing other cryptographic functions.
(C) A v3 X.509 public-key certificate may have a "keyUsage"
extension which indicates the purpose for which the certified
public key is intended.
(N) A human being or an organization entity that uses its private
key to create a digital signature for a data object. [ABA]
See: Standards for Interoperable LAN/MAN Security.
$ simple authentication
(I) An authentication process that uses a password as the
information needed to verify an identity claimed for an entity.
(See: strong authentication.)
(O) "Authentication by means of simple password arrangements."
$ Simple Authentication and Security Layer (SASL)
(I) An Internet specification [R2222] for adding authentication
service to connection-based protocols. To use SASL, a protocol
includes a command for authenticating a user to a server and for
optionally negotiating protection of subsequent protocol
interactions. The command names a registered security mechanism.
SASL mechanisms include Kerberos, GSSAPI, S/KEY, and others. Some
protocols that use SASL are IMAP4 and POP3.
$ Simple Key-management for Internet Protocols (SKIP)
(I) A key distribution protocol that uses hybrid encryption to
convey session keys that are used to encrypt data in IP packets.
[R2356] (See: IKE, IPsec.)
(C) SKIP uses the Diffie-Hellman algorithm (or could use another
key agreement algorithm) to generate a key-encrypting key for use
between two entities. A session key is used with a symmetric
algorithm to encrypt data in one or more IP packets that are to be
sent from one of the entities to the other. The KEK is used with a
symmetric algorithm to encrypt the session key, and the encrypted
session key is placed in a SKIP header that is added to each IP
packet that is encrypted with that session key.
$ Simple Mail Transfer Protocol (SMTP)
(I) A TCP-based, application-layer, Internet Standard protocol
[R0821] for moving electronic mail messages from one computer to
$ Simple Network Management Protocol (SNMP)
(I) A UDP-based, application-layer, Internet Standard protocol
[R2570, R2574] for conveying management information between
managers and agents.
(C) SNMP version 1 uses cleartext passwords for authentication and
access control. (See: community string.) Version 2 adds
cryptographic mechanisms based on DES and MD5. Version 3 provides
enhanced, integrated support for security services, including data
confidentiality, data integrity, data origin authentication, and
message timeliness and limited replay protection.
$ simple security property
See: (secondary definition under) Bell-LaPadula Model.
$ single sign-on
(I) A system that enables a user to access multiple computer
platforms (usually a set of hosts on the same network) or
application systems after being authenticated just one time. (See:
(C) Typically, a user logs in just once, and then is transparently
granted access to a variety of permitted resources with no further
login being required until after the user logs out. Such a system
has the advantages of being user friendly and enabling
authentication to be managed consistently across an entire
enterprise, and has the disadvantage of requiring all hosts and
applications to trust the same authentication mechanism.
See: security situation.
(I) A security mechanism that uses a cryptographic hash function
to generate a sequence of 64-bit, one-time passwords for remote
user login. [R1760]
(C) The client generates a one-time password by applying the MD4
cryptographic hash function multiple times to the user's secret
key. For each successive authentication of the user, the number of
hash applications is reduced by one. (Thus, an intruder using
wiretapping cannot compute a valid password from knowledge of one
previously used.) The server verifies a password by hashing the
currently presented password (or initialization value) one time
and comparing the hash result with the previously presented
See: Simple Key-management for IP.
(N) A Type II block cipher [NIST] with a block size of 64 bits and
a key size of 80 bits, that was developed by NSA and formerly
classified at the U.S. Department of Defense "Secret" level. (See:
CAPSTONE, CLIPPER, FORTEZZA, Key Exchange Algorithm.)
(C) On 23 June 1998, NSA announced that SKIPJACK had been
(O) MISSI usage: One of the FORTEZZA PC card storage areas that
are each able to hold an X.509 certificate and additional data
that is associated with the certificate, such as the matching
$ smart card
(I) A credit-card sized device containing one or more integrated
circuit chips, which perform the functions of a computer's central
processor, memory, and input/output interface. (See: PC card.)
(C) Sometimes this term is used rather strictly to mean a card
that closely conforms to the dimensions and appearance of the kind
of plastic credit card issued by banks and merchants. At other
times, the term is used loosely to include cards that are larger
than credit cards, especially cards that are thicker, such as PC
(C) A "smart token" is a device that conforms to the definition of
smart card except that rather than having standard credit card
dimensions, the token is packaged in some other form, such as a
dog tag or door key shape.
$ smart token
See: (secondary definition under) smart card.
See: security management infrastructure.
See: Simple Mail Transfer Protocol.
(I) Software that mounts a denial-of-service attack ("smurfing")
by exploiting IP broadcast addressing and ICMP ping packets to
cause flooding. (See: flood, ICMP flood.)
(D) ISDs SHOULD NOT use this term because it is not listed in most
dictionaries and could confuse international readers.
(C) A smurf program builds a network packet that appears to
originate from another address, that of the "victim", either a
host or an IP router. The packet contains an ICMP ping message
that is addressed to an IP broadcast address, i.e., to all IP
addresses in a given network. The echo responses to the ping
message return to the victim's address. The goal of smurfing may
be either to deny service at a particular host or to flood all or
part of an IP network.
(C) A synonym for "passive wiretapping". (See: password sniffing.)
(D) ISDs SHOULD NOT use this term because it unnecessarily
duplicates the meaning of a term that is better established. (See:
(usage note under) Green Book.
See: Simple Network Management Protocol.
$ social engineering
(I) A euphemism for non-technical or low-technology means--such as
lies, impersonation, tricks, bribes, blackmail, and threats--used
to attack information systems. (See: masquerade attack.)
(D) ISDs SHOULD NOT use this term because it is vague; instead,
use a term that is specific with regard to the means of attack.
(I) An Internet protocol [R1928] that provides a generalized proxy
server that enables client-server applications--such as TELNET,
FTP, and HTTP; running over either TCP or UDP--to use the services
of a firewall.
(C) SOCKS is layered under the application layer and above the
transport layer. When a client inside a firewall wishes to
establish a connection to an object that is reachable only through
the firewall, it uses TCP to connect to the SOCKS server,
negotiates with the server for the authentication method to be
used, authenticates with the chosen method, and then sends a relay
request. The SOCKS server evaluates the request, typically based
on source and destination addresses, and either establishes the
appropriate connection or denies it.
$ soft TEMPEST
(O) The use of software techniques to reduce the radio frequency
information leakage from computer displays and keyboards. [Kuhn]
(I) Computer programs (which are stored in and executed by
computer hardware) and associated data (which also is stored in
the hardware) that may be dynamically written or modified during
execution. (See: firmware, hardware.)
See: SSO-PIN ORA.
$ source authentication
(D) ISDs SHOULD NOT use this term because it is ambiguous. If the
intent is to authenticate the original creator or packager of data
received, then say "data origin authentication". If the intent is
to authenticate the identity of the sender of data, then say "peer
entity authentication". (See: data origin authentication, peer
$ source integrity
(I) The degree of confidence that can be placed in information
based on the trustworthiness of its sources. (See: integrity.)
See: Security Protocol 3.
See: Security Protocol 4.
(I) (1.) Verb: To indiscriminately send unsolicited, unwanted,
irrelevant, or inappropriate messages, especially commercial
advertising in mass quantities. (2.) Noun: electronic "junk mail".
(D) This term SHOULD NOT be written in upper-case letters, because
SPAM(trademark) is a trademark of Hormel Foods Corporation. Hormel
says, "We do not object to use of this slang term [spam] to
describe [unsolicited commercial email (UCE)], although we do
object to the use of our product image in association with that
term. Also, if the term is to be used, it should be used in all
lower-case letters to distinguish it from our trademark SPAM,
which should be used with all uppercase letters."
(C) In sufficient volume, spam can cause denial of service. (See:
flooding.) According to the SPAM Web site, the term was adopted as
a result of the Monty Python skit in which a group of Vikings sang
a chorus of 'SPAM, SPAM, SPAM . . .' in an increasing crescendo,
drowning out other conversation. Hence, the analogy applied
because UCE was drowning out normal discourse on the Internet.
See: software publisher certificate.
See: Security Parameters Index.
$ split key
(I) A cryptographic key that is divided into two or more separate
data items that individually convey no knowledge of the whole key
that results from combining the items. (See: dual control, split
$ split knowledge
(I) A security technique in which two or more entities separately
hold data items that individually convey no knowledge of the
information that results from combining the items. (See: dual
control, split key.)
(O) "A condition under which two or more entities separately have
key components which individually convey no knowledge of the
plaintext key which will be produced when the key components are
combined in the cryptographic module." [FP140]
$ spoofing attack
(I) A synonym for "masquerade attack".
(I) A protocol for secure remote login and other secure network
services over an insecure network.
(C) Consists of three major components:
- Transport layer protocol: Provides server authentication,
confidentiality, and integrity. It may optionally also provide
compression. The transport layer will typically be run over a
TCP/IP connection, but might also be used on top of any other
reliable data stream.
- User authentication protocol: Authenticates the client-side
user to the server. It runs over the transport layer protocol.
- Connection protocol: Multiplexes the encrypted tunnel into
several logical channels. It runs over the user authentication
See: Secure Sockets Layer, Standard Security Label.
See: system security officer.
$ SSO PIN
(O) MISSI usage: One of two personal identification numbers that
control access to the functions and stored data of a FORTEZZA PC
card. Knowledge of the SSO PIN enables the card user to perform
the FORTEZZA functions intended for use by an end user and also
the functions intended for use by a MISSI certification authority.
(See: user PIN.)
$ SSO-PIN ORA (SORA)
(O) MISSI usage: A MISSI organizational RA that operates in a mode
in which the ORA performs all card management functions and,
therefore, requires knowledge of the SSO PIN for an end user's
FORTEZZA PC card.
$ Standards for Interoperable LAN/MAN Security (SILS)
(N) (1.) The IEEE 802.10 standards committee. (2.) A developing
set of IEEE standards, which has eight parts: (a) Model, including
security management, (b) Secure Data Exchange protocol, (c) Key
Management, (d) [has been incorporated in (a)], (e) SDE Over
Ethernet 2.0, (f) SDE Sublayer Management, (g) SDE Security
Labels, and (h) SDE PICS Conformance. Parts b, e, f, g, and h are
incorporated in IEEE Standard 802.10-1998.
$ star property
(I) (Written "*-property".) See: "confinement property" under
$ Star Trek attack
(C) An attack that penetrates your system where no attack has ever
(I) Methods of hiding the existence of a message or other data.
This is different than cryptography, which hides the meaning of a
message but does not hide the message itself. (See: cryptology.)
(C) An example of a steganographic method is "invisible" ink.
(See: digital watermark.)
$ storage channel
See: (secondary definition under) covert channel.
$ stream cipher
(I) An encryption algorithm that breaks plaintext into a stream of
successive bits (or characters) and encrypts the n-th plaintext
bit with the n-th element of a parallel key stream, thus
converting the plaintext bit stream into a ciphertext bit stream.
[Schn] (See: block cipher.)
$ strong authentication
(I) An authentication process that uses cryptography--particularly
public-key certificates--to verify the identity claimed for an
entity. (See: X.509.)
(O) "Authentication by means of cryptographically derived
1. (I) In a computer system: A system entity that causes
information to flow among objects or changes the system state;
technically, a process-domain pair. (See: Bell-LaPadula Model.)
2. (I) Of a certificate: The entity name that is bound to the data
items in a digital certificate, and particularly a name that is
bound to a key value in a public-key certificate.
(N) An OSI term for a system of packet relays and connecting links
that implement the lower three protocol layers of the OSIRM to
provide a communication service that interconnects attached end
systems. Usually the relays operate at OSI layer 3 and are all of
the same type (e.g., all X.25 packet switches, or all interface
units in an IEEE 802.3 LAN). (See: gateway, internet, router.)
$ subordinate certification authority (SCA)
(I) A CA whose public-key certificate is issued by another
(superior) CA. (See: certification hierarchy.)
(O) MISSI usage: The fourth-highest (bottom) level of a MISSI
certification hierarchy; a MISSI CA whose public-key certificate
is signed by a MISSI CA rather than by a MISSI PCA. A MISSI SCA is
the administrative authority for a subunit of an organization,
established when it is desirable to organizationally distribute or
decentralize the CA service. The term refers both to that
authoritative office or role, and to the person who fills that
office. A MISSI SCA registers end users and issues their
certificates and may also register ORAs, but may not register
other CAs. An SCA periodically issues a CRL.
$ subordinate distinguished name
(I) An X.500 DN is subordinate to another X.500 DN if it begins
with a set of attributes that is the same as the entire second DN
except for the terminal attribute of the second DN (which is
usually the name of a CA). For example, the DN <C=FooLand, O=Gov,
OU=Treasurer, CN=DukePinchpenny> is subordinate to the DN
<C=FooLand, O=Gov, CN=KingFooCA>.
(I) An encryption operation for which the plaintext input to be
transformed is the ciphertext output of a previous encryption
(I) The ability of a system to remain in operation or existence
despite adverse conditions, including both natural occurrences,
accidental actions, and attacks on the system. (See: availability,
$ symmetric cryptography
(I) A branch of cryptography involving algorithms that use the
same key for two different steps of the algorithm (such as
encryption and decryption, or signature creation and signature
verification). (See: asymmetric cryptography.)
(C) Symmetric cryptography has been used for thousands of years
[Kahn]. A modern example of a symmetric encryption algorithm is
the U.S. Government's Data Encryption Algorithm. (See: DEA, DES.)
(C) Symmetric cryptography is sometimes called "secret-key
cryptography" (versus public-key cryptography) because the
entities that share the key, such as the originator and the
recipient of a message, need to keep the key secret. For example,
when Alice wants to ensure confidentiality for data she sends to
Bob, she encrypts the data with a secret key, and Bob uses the
same key to decrypt. Keeping the shared key secret entails both
cost and risk when the key is distributed to both Alice and Bob.
Thus, symmetric cryptography has a key management disadvantage
compared to asymmetric cryptography.
$ symmetric key
(I) A cryptographic key that is used in a symmetric cryptographic
$ SYN flood
(I) A denial of service attack that sends a host more TCP SYN
packets (request to synchronize sequence numbers, used when
opening a connection) than the protocol implementation can handle.
(C) In this Glossary, the term is mainly used as an abbreviation
for "automated information system".
$ system entity
(I) An active element of a system--e.g., an automated process, a
subsystem, a person or group of persons--that incorporates a
specific set of capabilities.
$ system high
(I) The highest security level supported by a system at a
particular time or in a particular environment. (See: system high
$ system high security mode
(I) A mode of operation of an information system, wherein all
users having access to the system possess a security clearance or
authorization, but not necessarily a need-to-know, for all data
handled by the system. (See: mode of operation.)
(C) This mode is defined formally in U.S. Department of Defense
policy regarding system accreditation [DOD2], but the term is
widely used outside the Defense Department and outside the
$ system integrity
(I) "The quality that a system has when it can perform its
intended function in a unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation." [NCS04] (See: system
$ system integrity service
(I) A security service that protects system resources in a
verifiable manner against unauthorized or accidental change, loss,
or destruction. (See: system integrity.)
$ system low
(I) The lowest security level supported by a system at a
particular time or in a particular environment. (See: system
$ system resource
(I) Data contained in an information system; or a service provided
by a system; or a system capability, such as processing power or
communication bandwidth; or an item of system equipment (i.e., a
system component--hardware, firmware, software, or documentation);
or a facility that houses system operations and equipment.
$ system security officer (SSO)
(I) A person responsible for enforcement or administration of the
security policy that applies to the system.
$ system verification
See: (secondary definition under) verification.
See: Terminal Access Controller (TAC) Access Control System.
(I) Make an unauthorized modification in a system that alters the
system's functioning in a way that degrades the security services
that the system was intended to provide.
See: trusted computing base.
See: Transmission Control Protocol.
(I) A synonym for "Internet Protocol Suite", in which the
Transmission Control Protocol (TCP) and the Internet Protocol (IP)
are important parts.
See: Trusted Computer System Evaluation Criteria.
(I) A TCP-based, application-layer, Internet Standard protocol
[R0854] for remote login from one host to another.
(O) A nickname for specifications and standards for limiting the
strength of electromagnetic emanations from electrical and
electronic equipment and thus reducing vulnerability to
eavesdropping. This term originated in the U.S. Department of
Defense. [Army, Kuhn, Russ] (See: emanation security, soft
(D) ISDs SHOULD NOT use this term as a synonym for
"electromagnetic emanations security".
$ Terminal Access Controller (TAC) Access Control System (TACACS)
(I) A UDP-based authentication and access control protocol [R1492]
in which a network access server receives an identifier and
password from a remote terminal and passes them to a separate
authentication server for verification.
(C) TACACS was developed for ARPANET and has evolved for use in
commercial equipment. TACs were a type of network access server
computer used to connect terminals to the early Internet, usually
using dial-up modem connections. TACACS used centralized
authentication servers and served not only network access servers
like TACs but also routers and other networked computing devices.
TACs are no longer in use, but TACACS+ is. [R1983]
- "XTACACS": The name of Cisco Corporation's implementation,
which enhances and extends the original TACACS.
- "TACACS+": A TCP-based protocol that improves on TACACS and
XTACACS by separating the functions of authentication,
authorization, and accounting and by encrypting all traffic
between the network access server and authentication server. It
is extensible to allow any authentication mechanism to be used
with TACACS+ clients.
See: The Exponential Encryption System.
$ The Exponential Encryption System (TESS)
(I) A system of separate but cooperating cryptographic mechanisms
and functions for the secure authenticated exchange of
cryptographic keys, the generation of digital signatures, and the
distribution of public keys. TESS employs asymmetric cryptography,
based on discrete exponentiation, and a structure of self-
certified public keys. [R1824]
(I) A potential for violation of security, which exists when there
is a circumstance, capability, action, or event that could breach
security and cause harm. (See: attack, threat action, threat
(C) That is, a threat is a possible danger that might exploit a
vulnerability. A threat can be either "intentional" (i.e.,
intelligent; e.g., an individual cracker or a criminal
organization) or "accidental" (e.g., the possibility of a computer
malfunctioning, or the possibility of an "act of God" such as an
earthquake, a fire, or a tornado).
(C) In some contexts, such as the following, the term is used
narrowly to refer only to intelligent threats:
(N) U. S. Government usage: The technical and operational
capability of a hostile entity to detect, exploit, or subvert
friendly information systems and the demonstrated, presumed, or
inferred intent of that entity to conduct such activity.
$ threat action
(I) An assault on system security. (See: attack, threat, threat
(C) A complete security architecture deals with both intentional
acts (i.e. attacks) and accidental events [FIPS31]. Various kinds
of threat actions are defined as subentries under "threat
$ threat analysis
(I) An analysis of the probability of occurrences and consequences
of damaging actions to a system.
$ threat consequence
(I) A security violation that results from a threat action.
Includes disclosure, deception, disruption, and usurpation. (See:
attack, threat, threat action.)
(C) The following subentries describe four kinds of threat
consequences, and also list and describe the kinds of threat
actions that cause each consequence. Threat actions that are
accidental events are marked by "*".
1. "(Unauthorized) Disclosure" (a threat consequence): A
circumstance or event whereby an entity gains access to data
for which the entity is not authorized. (See: data
confidentiality.) The following threat actions can cause
A. "Exposure": A threat action whereby sensitive data is
directly released to an unauthorized entity. This includes:
a. "Deliberate Exposure": Intentional release of sensitive
data to an unauthorized entity.
b. "Scavenging": Searching through data residue in a system
to gain unauthorized knowledge of sensitive data.
c* "Human error": Human action or inaction that
unintentionally results in an entity gaining unauthorized
knowledge of sensitive data.
d* "Hardware/software error". System failure that results in
an entity gaining unauthorized knowledge of sensitive
B. "Interception": A threat action whereby an unauthorized
entity directly accesses sensitive data traveling between
authorized sources and destinations. This includes:
a. "Theft": Gaining access to sensitive data by stealing a
shipment of a physical medium, such as a magnetic tape or
disk, that holds the data.
b. "Wiretapping (passive)": Monitoring and recording data
that is flowing between two points in a communication
system. (See: wiretapping.)
c. "Emanations analysis": Gaining direct knowledge of
communicated data by monitoring and resolving a signal
that is emitted by a system and that contains the data
but is not intended to communicate the data. (See:
C. "Inference": A threat action whereby an unauthorized entity
indirectly accesses sensitive data (but not necessarily the
data contained in the communication) by reasoning from
characteristics or byproducts of communications. This
a. Traffic analysis: Gaining knowledge of data by observing
the characteristics of communications that carry the
data. (See: (main Glossary entry for) traffic analysis.)
b. "Signals analysis": Gaining indirect knowledge of
communicated data by monitoring and analyzing a signal
that is emitted by a system and that contains the data
but is not intended to communicate the data. (See:
D. "Intrusion": A threat action whereby an unauthorized entity
gains access to sensitive data by circumventing a system's
security protections. This includes:
a. "Trespass": Gaining unauthorized physical access to
sensitive data by circumventing a system's protections.
b. "Penetration": Gaining unauthorized logical access to
sensitive data by circumventing a system's protections.
c. "Reverse engineering": Acquiring sensitive data by
disassembling and analyzing the design of a system
d. Cryptanalysis: Transforming encrypted data into plaintext
without having prior knowledge of encryption parameters
or processes. (See: (main Glossary entry for)
2. "Deception" (a threat consequence): A circumstance or event
that may result in an authorized entity receiving false data
and believing it to be true. The following threat actions can
A. "Masquerade": A threat action whereby an unauthorized entity
gains access to a system or performs a malicious act by
posing as an authorized entity. (See: (main Glossary entry
for) masquerade attack.)
a. "Spoof": Attempt by an unauthorized entity to gain access
to a system by posing as an authorized user.
b. "Malicious logic": In context of masquerade, any
hardware, firmware, or software (e.g., Trojan horse) that
appears to perform a useful or desirable function, but
actually gains unauthorized access to system resources or
tricks a user into executing other malicious logic. (See:
(main Glossary entry for) malicious logic.)
B. "Falsification": A threat action whereby false data deceives
an authorized entity. (See: active wiretapping.)
a. "Substitution": Altering or replacing valid data with
false data that serves to deceive an authorized entity.
b. "Insertion": Introducing false data that serves to
deceive an authorized entity.
C. "Repudiation": A threat action whereby an entity deceives
another by falsely denying responsibility for an act. (See:
non-repudiation service, (main Glossary entry for)
a. "False denial of origin": Action whereby the originator
of data denies responsibility for its generation.
b. "False denial of receipt": Action whereby the recipient
of data denies receiving and possessing the data.
3. "Disruption" (a threat consequence): A circumstance or event
that interrupts or prevents the correct operation of system
services and functions. (See: denial of service.) The following
threat actions can cause disruption:
A. "Incapacitation": A threat action that prevents or
interrupts system operation by disabling a system component.
a. "Malicious logic": In context of incapacitation, any
hardware, firmware, or software (e.g., logic bomb)
intentionally introduced into a system to destroy system
functions or resources. (See: (main Glossary entry for)
b. "Physical destruction": Deliberate destruction of a
system component to interrupt or prevent system
c* "Human error": Action or inaction that unintentionally
disables a system component.
d* "Hardware or software error": Error that causes failure
of a system component and leads to disruption of system
e* "Natural disaster": Any "act of God" (e.g., fire, flood,
earthquake, lightning, or wind) that disables a system
component. [FP031 section 2]
B. "Corruption": A threat action that undesirably alters system
operation by adversely modifying system functions or data.
a. "Tamper": In context of corruption, deliberate alteration
of a system's logic, data, or control information to
interrupt or prevent correct operation of system
b. "Malicious logic": In context of corruption, any
hardware, firmware, or software (e.g., a computer virus)
intentionally introduced into a system to modify system
functions or data. (See: (main Glossary entry for)
c* "Human error": Human action or inaction that
unintentionally results in the alteration of system
functions or data.
d* "Hardware or software error": Error that results in the
alteration of system functions or data.
e* "Natural disaster": Any "act of God" (e.g., power surge
caused by lightning) that alters system functions or
data. [FP031 section 2]
C. "Obstruction": A threat action that interrupts delivery of
system services by hindering system operations.
a. "Interference": Disruption of system operations by
blocking communications or user data or control
b. "Overload": Hindrance of system operation by placing
excess burden on the performance capabilities of a system
component. (See: flooding.)
4. "Usurpation" (a threat consequence): A circumstance or event
that results in control of system services or functions by an
unauthorized entity. The following threat actions can cause
A. "Misappropriation": A threat action whereby an entity
assumes unauthorized logical or physical control of a system
a. "Theft of service": Unauthorized use of service by an
b. "Theft of functionality": Unauthorized acquisition of
actual hardware, software, or firmware of a system
c. "Theft of data": Unauthorized acquisition and use of
B. "Misuse": A threat action that causes a system component to
perform a function or service that is detrimental to system
a. "Tamper": In context of misuse, deliberate alteration of
a system's logic, data, or control information to cause
the system to perform unauthorized functions or services.
b. "Malicious logic": In context of misuse, any hardware,
software, or firmware intentionally introduced into a
system to perform or control execution of an unauthorized
function or service.
c. "Violation of permissions": Action by an entity that
exceeds the entity's system privileges by executing an
(I) A pattern of curves formed by the ridges on the tip of a
thumb. (See: biometric authentication, fingerprint.)
(D) ISDs SHOULD NOT use this term as a synonym for "hash result"
because that meaning mixes concepts in a potentially misleading
(I) A synonym for "capability". (See: Kerberos.)
(C) A ticket is usually granted by a centralized access control
server (ticket-granting agent) to authorize access to a system
resource for a limited time. Tickets have been implemented with
symmetric cryptography, but can also be implemented as attribute
certificates using asymmetric cryptography.
$ timing channel
See: (secondary definition under) covert channel.
See: Transport Layer Security. (See: TLSP.)
See: Transport Layer Security Protocol. (See: TLS.)
1. (I) General usage: An object that is used to control access and
is passed between cooperating entities in a protocol that
synchronizes use of a shared resource. Usually, the entity that
currently holds the token has exclusive access to the resource.
2. (I) Authentication usage: A data object or a portable, user-
controlled, physical device used to verify an identity in an
authentication process. (See: authentication information, dongle.)
3. (I) Cryptographic usage: See: cryptographic token.
4. (O) SET usage: "A portable device [e.g., smart card or PCMCIA
card] specifically designed to store cryptographic information and
possibly perform cryptographic functions in a secure manner."
$ token backup
(I) A token management operation that stores sufficient
information in a database (e.g., in a CAW) to recreate or restore
a security token (e.g., a smart card) if it is lost or damaged.
$ token copy
(I) A token management operation that copies all the personality
information from one security token to another. However, unlike in
a token restore operation, the second token is initialized with
its own, different local security values such as PINs and storage
$ token management
(I) The process of initializing security tokens (e.g., see: smart
card), loading data into the tokens, and controlling the tokens
during their life cycle. May include performing key management and
certificate management functions; generating and installing PINs;
loading user personality data; performing card backup, card copy,
and card restore operations; and updating firmware.
$ token restore
(I) A token management operation that loads a security token with
data for the purpose of recreating (duplicating) the contents
previously held by that or another token.
$ token storage key
(I) A cryptography key used to protect data that is stored on a
$ top CA
(I) A CA that is the highest level (i.e., is the most trusted CA)
in a certification hierarchy. (See: root.)
$ top-level specification
(I) "A non-procedural description of system behavior at the most
abstract level; typically a functional specification that omits
all implementation details." [NCS04] (See: (discussion under)
(C) A top-level specification may be descriptive or formal:
- "Descriptive top-level specification": One that is written in a
natural language like English or an informal design notation.
- "Formal top-level specification": One that is written in a
formal mathematical language to enable theorems to be proven that
show that the specification correctly implements a set of formal
requirements or a formal security model. (See: correctness proof.)
$ traffic analysis
(I) Inference of information from observable characteristics of
data flow(s), even when the data is encrypted or otherwise not
directly available. Such characteristics include the identities
and locations of the source(s) and destination(s), and the
presence, amount, frequency, and duration of occurrence. (See:
(O) "The inference of information from observation of traffic
flows (presence, absence, amount, direction, and frequency)."
[I7498 Part 2]
$ traffic flow confidentiality
(I) A data confidentiality service to protect against traffic
(O) "A confidentiality service to protect against traffic
analysis." [I7498 Part 2]
$ traffic padding
(I) "The generation of spurious instances of communication,
spurious data units, and/or spurious data within data units."
[I7498 Part 2]
$ tranquillity property
See: (secondary definition under) Bell-LaPadula Model.
$ Transmission Control Protocol (TCP)
(I) An Internet Standard protocol [R0793] that reliably delivers a
sequence of datagrams (discrete sets of bits) from one computer to
another in a computer network. (See: TCP/IP.)
(C) TCP is designed to fit into a layered hierarchy of protocols
that support internetwork applications. TCP assumes it can obtain
a simple, potentially unreliable datagram service (such as the
Internet Protocol) from the lower-layer protocols.
$ Transport Layer Security (TLS)
(I) TLS Version 1.0 is an Internet protocol [R2246] based-on and
very similar to SSL Version 3.0. (See: TLSP.)
(C) The TLS protocol is misnamed, because it operates well above
the transport layer (OSI layer 4).
$ Transport Layer Security Protocol (TLSP)
(I) An end-to-end encryption protocol(ISO Standard 10736) that
provides security services at the bottom of OSI layer 4, i.e.,
directly above layer 3. (See: TLS.)
(C) TLSP evolved directly from the SP4 protocol of SDNS.
$ transport mode vs. tunnel mode
(I) IPsec usage: Two ways to apply IPsec protocols (AH and ESP) to
- "Transport mode": The protection applies to (i.e., the IPsec
protocol encapsulates) the packets of upper-layer protocols,
the ones that are carried above IP.
- "Tunnel mode": The protection applies to (i.e., the IPsec
protocol encapsulates) IP packets.
(C) A transport mode security association is always between two
hosts. In a tunnel mode security association, each end may be
either a host or a gateway. Whenever either end of an IPsec
security association is a security gateway, the association is
required to be in tunnel mode.
$ trap door
(I) A hidden computer flaw known to an intruder, or a hidden
computer mechanism (usually software) installed by an intruder,
who can activate the trap door to gain access to the computer
without being blocked by security services or mechanisms. (See:
back door, Trojan horse.)
$ triple DES
(I) A block cipher, based on DES, that transforms each 64-bit
plaintext block by applying the Data Encryption Algorithm three
successive times, using either two or three different keys, for an
effective key length of 112 or 168 bits. [A9052] (See: DES.)
(C) IPsec usage: The algorithm variation proposed for ESP uses a
168-bit key, consisting of three independent 56-bit quantities
used by the Data Encryption Algorithm, and a 64-bit initialization
value. Each datagram contains an IV to ensure that each received
datagram can be decrypted even when other datagrams are dropped or
a sequence of datagrams is reordered in transit. [R1851]