(N) Synonym for "confinement property" in the context of the Bell-
LaPadula model. Pronunciation: star property.
(N) See: Triple Data Encryption Algorithm.
$ A1 computer system
(O) /TCSEC/ See: Tutorial under "Trusted Computer System
Evaluation Criteria". (Compare: beyond A1.)
(D) See: Deprecated Usage under "attribute authority".
$ ABA Guidelines
(N) "American Bar Association (ABA) Digital Signature Guidelines"
[DSG], a framework of legal principles for using digital
signatures and digital certificates in electronic commerce.
$ Abstract Syntax Notation One (ASN.1)
(N) A standard for describing data objects. [Larm, X680] (See:
Usage: IDOCs SHOULD use the term "ASN.1" narrowly to describe the
notation or language called "Abstract Syntax Notation One". IDOCs
MAY use the term more broadly to encompass the notation, its
associated encoding rules (see: BER), and software tools that
assist in its use, when the context makes this meaning clear.
Tutorial: OSIRM defines computer network functionality in layers.
Protocols and data objects at higher layers are abstractly defined
to be implemented using protocols and data objects from lower
layers. A higher layer may define transfers of abstract objects
between computers, and a lower layer may define those transfers
concretely as strings of bits. Syntax is needed to specify data
formats of abstract objects, and encoding rules are needed to
transform abstract objects into bit strings at lower layers. OSI
standards use ASN.1 for those specifications and use various
encoding rules for those transformations. (See: BER.)
In ASN.1, formal names are written without spaces, and separate
words in a name are indicated by capitalizing the first letter of
each word except the first word. For example, the name of a CRL is
(I) See: access control center.
$ acceptable risk
(I) A risk that is understood and tolerated by a system's user,
operator, owner, or accreditor, usually because the cost or
difficulty of implementing an effective countermeasure for the
associated vulnerability exceeds the expectation of loss. (See:
adequate security, risk, "second law" under "Courtney's laws".)
1a. (I) The ability and means to communicate with or otherwise
interact with a system to use system resources either to handle
information or to gain knowledge of the information the system
contains. (Compare: handle.)
Usage: The definition is intended to include all types of
communication with a system, including one-way communication in
either direction. In actual practice, however, passive users might
be treated as not having "access" and, therefore, be exempt from
most requirements of the system's security policy. (See: "passive
user" under "user".)
1b. (O) "Opportunity to make use of an information system (IS)
2. (O) /formal model/ "A specific type of interaction between a
subject and an object that results in the flow of information from
one to the other." [NCS04]
$ Access Certificate for Electronic Services (ACES)
(O) A PKI operated by the U.S. Government's General Services
Administration in cooperation with industry partners. (See: CAM.)
$ access control
1. (I) Protection of system resources against unauthorized access.
2. (I) A process by which use of system resources is regulated
according to a security policy and is permitted only by authorized
entities (users, programs, processes, or other systems) according
to that policy. (See: access, access control service, computer
security, discretionary access control, mandatory access control,
role-based access control.)
3. (I) /formal model/ Limitations on interactions between subjects
and objects in an information system.
4. (O) "The prevention of unauthorized use of a resource,
including the prevention of use of a resource in an unauthorized
5. (O) /U.S. Government/ A system using physical, electronic, or
human controls to identify or admit personnel with properly
authorized access to a SCIF.
$ access control center (ACC)
(I) A computer that maintains a database (possibly in the form of
an access control matrix) defining the security policy for an
access control service, and that acts as a server for clients
requesting access control decisions.
Tutorial: An ACC is sometimes used in conjunction with a key
center to implement access control in a key-distribution system
for symmetric cryptography. (See: BLACKER, Kerberos.)
$ access control list (ACL)
(I) /information system/ A mechanism that implements access
control for a system resource by enumerating the system entities
that are permitted to access the resource and stating, either
implicitly or explicitly, the access modes granted to each entity.
(Compare: access control matrix, access list, access profile,
$ access control matrix
(I) A rectangular array of cells, with one row per subject and one
column per object. The entry in a cell -- that is, the entry for a
particular subject-object pair -- indicates the access mode that
the subject is permitted to exercise on the object. Each column is
equivalent to an "access control list" for the object; and each
row is equivalent to an "access profile" for the subject.
$ access control service
(I) A security service that protects against a system entity using
a system resource in a way not authorized by the system's security
policy. (See: access control, discretionary access control,
identity-based security policy, mandatory access control, rule-
based security policy.)
Tutorial: This service includes protecting against use of a
resource in an unauthorized manner by an entity (i.e., a
principal) that is authorized to use the resource in some other
manner. (See: insider.) The two basic mechanisms for implementing
this service are ACLs and tickets.
$ access level
1. (D) Synonym for the hierarchical "classification level" in a
security level. [C4009] (See: security level.)
2. (D) Synonym for "clearance level".
Deprecated Definitions: IDOCs SHOULD NOT use this term with these
definitions because they duplicate the meaning of more specific
terms. Any IDOC that uses this term SHOULD provide a specific
definition for it because access control may be based on many
attributes other than classification level and clearance level.
$ access list
(I) /physical security/ Roster of persons who are authorized to
enter a controlled area. (Compare: access control list.)
$ access mode
(I) A distinct type of data processing operation (e.g., read,
write, append, or execute, or a combination of operations) that a
subject can potentially perform on an object in an information
system. [Huff] (See: read, write.)
$ access policy
(I) A kind of "security policy". (See: access, access control.)
$ access profile
(O) Synonym for "capability list".
Usage: IDOCs that use this term SHOULD state a definition for it
because the definition is not widely known.
$ access right
(I) Synonym for "authorization"; emphasizes the possession of the
authorization by a system entity.
(I) The property of a system or system resource that ensures that
the actions of a system entity may be traced uniquely to that
entity, which can then be held responsible for its actions. [Huff]
(See: audit service.)
Tutorial: Accountability (a.k.a. individual accountability)
typically requires a system ability to positively associate the
identity of a user with the time, method, and mode of the user's
access to the system. This ability supports detection and
subsequent investigation of security breaches. Individual persons
who are system users are held accountable for their actions after
being notified of the rules of behavior for using the system and
the penalties associated with violating those rules.
$ accounting See: COMSEC accounting.
$ accounting legend code (ALC)
(O) /U.S. Government/ Numeric system used to indicate the minimum
accounting controls required for items of COMSEC material within
the CMCS. [C4009] (See: COMSEC accounting.)
(N) An administrative action by which a designated authority
declares that an information system is approved to operate in a
particular security configuration with a prescribed set of
safeguards. [FP102, SP37] (See: certification.)
Tutorial: An accreditation is usually based on a technical
certification of the system's security mechanisms. To accredit a
system, the approving authority must determine that any residual
risk is an acceptable risk. Although the terms "certification" and
"accreditation" are used more in the U.S. DoD and other U.S.
Government agencies than in commercial organizations, the concepts
apply any place where managers are required to deal with and
accept responsibility for security risks. For example, the
American Bar Association is developing accreditation criteria for
$ accreditation boundary
(O) Synonym for "security perimeter". [C4009]
(N) A management official who has been designated to have the
formal authority to "accredit" an information system, i.e., to
authorize the operation of, and the processing of sensitive data
in, the system and to accept the residual risk associated with the
system. (See: accreditation, residual risk.)
(O) See: Access Certificate for Electronic Services.
(I) See: access control list.
1. (O) /SET/ "The financial institution that establishes an
account with a merchant and processes payment card authorizations
and payments." [SET1]
2. (O) /SET/ "The institution (or its agent) that acquires from
the card acceptor the financial data relating to the transaction
and initiates that data into an interchange system." [SET2]
$ activation data
(N) Secret data, other than keys, that is required to access a
cryptographic module. (See: CIK. Compare: initialization value.)
$ active attack
(I) See: secondary definition under "attack".
$ active content
1a. (I) Executable software that is bound to a document or other
data file and that executes automatically when a user accesses the
file, without explicit initiation by the user. (Compare: mobile
Tutorial: Active content can be mobile code when its associated
file is transferred across a network.
1b. (O) "Electronic documents that can carry out or trigger
actions automatically on a computer platform without the
intervention of a user. [This technology enables] mobile code
associated with a document to execute as the document is
$ active user
(I) See: secondary definition under "system user".
$ active wiretapping
(I) A wiretapping attack that attempts to alter data being
communicated or otherwise affect data flow. (See: wiretapping.
Compare: active attack, passive wiretapping.)
$ add-on security
(N) The retrofitting of protection mechanisms, implemented by
hardware or software, in an information system after the system
has become operational. [FP039] (Compare: baked-in security.)
$ adequate security
(O) /U.S. DoD/ "Security commensurate with the risk and magnitude
of harm resulting from the loss, misuse, or unauthorized access to
or modification of information." (See: acceptable risk, residual
$ administrative security
1. (I) Management procedures and constraints to prevent
unauthorized access to a system. (See: "third law" under
"Courtney's laws", manager, operational security, procedural
security, security architecture. Compare: technical security.)
Examples: Clear delineation and separation of duties;
Usage: Administrative security is usually understood to consist of
methods and mechanisms that are implemented and executed primarily
by people, rather than by automated systems.
2. (O) "The management constraints, operational procedures,
accountability procedures, and supplemental controls established
to provide an acceptable level of protection for sensitive data."
1. (O) /Common Criteria/ A person that is responsible for
configuring, maintaining, and administering the TOE in a correct
manner for maximum security. (See: administrative security.)
2. (O) /ITSEC/ A person in contact with the TOE, who is
responsible for maintaining its operational capability.
$ Advanced Encryption Standard (AES)
(N) A U.S. Government standard [FP197] (the successor to DES) that
(a) specifies "the AES algorithm", which is a symmetric block
cipher that is based on Rijndael and uses key sizes of 128, 192,
or 256 bits to operate on a 128-bit block, and (b) states policy
for using that algorithm to protect unclassified, sensitive data.
Tutorial: Rijndael was designed to handle additional block sizes
and key lengths that were not adopted in the AES. Rijndael was
selected by NIST through a public competition that was held to
find a successor to the DEA; the other finalists were MARS, RC6,
Serpent, and Twofish.
1. (I) An entity that attacks a system. (Compare: cracker,
2. (I) An entity that is a threat to a system.
(N) See: Advanced Encryption Standard.
(O) A formal methodology, language, and integrated set of software
tools developed at the University of Southern California's
Information Sciences Institute for specifying, coding, and
verifying software to produce correct and reliable programs.
(I) A circumstance in which a collection of information items is
required to be classified at a higher security level than any of
the items is classified individually. (See: classification.)
(I) See: Authentication Header
$ air gap
(I) An interface between two systems at which (a) they are not
connected physically and (b) any logical connection is not
automated (i.e., data is transferred through the interface only
manually, under human control). (See: sneaker net. Compare:
Example: Computer A and computer B are on opposite sides of a
room. To move data from A to B, a person carries a disk across the
room. If A and B operate in different security domains, then
moving data across the air gap may involve an upgrade or downgrade
(O) See: accounting legend code.
(I) A finite set of step-by-step instructions for a problem-
solving or computation procedure, especially one that can be
implemented by a computer. (See: cryptographic algorithm.)
(I) A name that an entity uses in place of its real name, usually
for the purpose of either anonymity or masquerade.
$ Alice and Bob
(I) The parties that are most often called upon to illustrate the
operation of bipartite security protocols. These and other
dramatis personae are listed by Schneier [Schn].
$ American National Standards Institute (ANSI)
(N) A private, not-for-profit association that administers U.S.
private-sector voluntary standards.
Tutorial: ANSI has approximately 1,000 member organizations,
including equipment users, manufacturers, and others. These
include commercial firms, governmental agencies, and other
institutions and international entities.
ANSI is the sole U.S. representative to (a) ISO and (b) (via the
U.S. National Committee) the International Electrotechnical
Commission (IEC), which are the two major, non-treaty,
international standards organizations.
ANSI provides a forum for ANSI-accredited standards development
groups. Among those groups, the following are especially relevant
to Internet security:
- International Committee for Information Technology
Standardization (INCITS) (formerly X3): Primary U.S. focus of
standardization in information and communications technologies,
encompassing storage, processing, transfer, display,
management, organization, and retrieval of information.
- Accredited Standards Committee X9: Develops, establishes,
maintains, and promotes standards for the financial services
industry. Example: [A9009].
- Alliance for Telecommunications Industry Solutions (ATIS):
Develops standards, specifications, guidelines, requirements,
technical reports, industry processes, and verification tests
for interoperability and reliability of telecommunications
networks, equipment, and software. Example: [A1523].
$ American Standard Code for Information Interchange (ASCII)
(N) A scheme that encodes 128 specified characters -- the numbers
0-9, the letters a-z and A-Z, some basic punctuation symbols, some
control codes that originated with Teletype machines, and a blank
space -- into the 7-bit binary integers. Forms the basis of the
character set representations used in most computers and many
Internet standards. [FP001] (See: code.)
$ Anderson report
(O) A 1972 study of computer security that was written by James P.
Anderson for the U.S. Air Force [Ande].
Tutorial: Anderson collaborated with a panel of experts to study
Air Force requirements for multilevel security. The study
recommended research and development that was urgently needed to
provide secure information processing for command and control
systems and support systems. The report introduced the reference
monitor concept and provided development impetus for computer and
network security technology. However, many of the security
problems that the 1972 report called "current" still plague
information systems today.
$ anomaly detection
(I) An intrusion detection method that searches for activity that
is different from the normal behavior of system entities and
system resources. (See: IDS. Compare: misuse detection.)
(I) The condition of an identity being unknown or concealed. (See:
alias, anonymizer, anonymous credential, anonymous login,
identity, onion routing, persona certificate. Compare: privacy.)
Tutorial: An application may require security services that
maintain anonymity of users or other system entities, perhaps to
preserve their privacy or hide them from attack. To hide an
entity's real name, an alias may be used; for example, a financial
institution may assign account numbers. Parties to transactions
can thus remain relatively anonymous, but can also accept the
transactions as legitimate. Real names of the parties cannot be
easily determined by observers of the transactions, but an
authorized third party may be able to map an alias to a real name,
such as by presenting the institution with a court order. In other
applications, anonymous entities may be completely untraceable.
(I) An internetwork service, usually provided via a proxy server,
that provides anonymity and privacy for clients. That is, the
service enables a client to access servers (a) without allowing
anyone to gather information about which servers the client
accesses and (b) without allowing the accessed servers to gather
information about the client, such as its IP address.
$ anonymous credential
(D) /U.S. Government/ A credential that (a) can be used to
authenticate a person as having a specific attribute or being a
member of a specific group (e.g., military veterans or U.S.
citizens) but (b) does not reveal the individual identity of the
person that presents the credential. [M0404] (See: anonymity.)
Deprecated Term: IDOCs SHOULD NOT use this term; it mixes concepts
in a potentially misleading way. For example, when the credential
is an X.509 certificate, the term could be misunderstood to mean
that the certificate was signed by a CA that has a persona
certificate. Instead, use "attribute certificate", "organizational
certificate", or "persona certificate" depending on what is meant,
and provide additional explanations as needed.
$ anonymous login
(I) An access control feature (actually, an access control
vulnerability) in many Internet hosts that enables users to gain
access to general-purpose or public services and resources of a
host (such as allowing any user to transfer data using FTP)
without having a pre-established, identity-specific account (i.e.,
user name and password). (See: anonymity.)
Tutorial: This feature exposes a system to more threats than when
all the users are known, pre-registered entities that are
individually accountable for their actions. A user logs in using a
special, publicly known user name (e.g., "anonymous", "guest", or
"ftp"). To use the public login name, the user is not required to
know a secret password and may not be required to input anything
at all except the name. In other cases, to complete the normal
sequence of steps in a login protocol, the system may require the
user to input a matching, publicly known password (such as
"anonymous") or may ask the user for an e-mail address or some
other arbitrary character string.
(N) See: American National Standards Institute.
(N) "Measures ensuring that transmitted information can be
received despite deliberate jamming attempts." [C4009] (See:
electronic security, frequency hopping, jam, spread spectrum.)
$ apex trust anchor
(N) The trust anchor that is superior to all other trust anchors
in a particular system or context. (See: trust anchor, top CA.)
(I) See: application programming interface.
(I) See: POP3 APOP.
$ Application Layer
See: Internet Protocol Suite, OSIRM.
$ application program
(I) A computer program that performs a specific function directly
for a user (as opposed to a program that is part of a computer
operating system and exists to perform functions in support of
(I) See: security architecture, system architecture.
1a. (I) /noun/ A collection of data that is stored for a
relatively long period of time for historical and other purposes,
such as to support audit service, availability service, or system
integrity service. (Compare: backup, repository.)
1b. (I) /verb/ To store data in such a way as to create an
archive. (Compare: back up.)
Tutorial: A digital signature may need to be verified many years
after the signing occurs. The CA -- the one that issued the
certificate containing the public key needed to verify that
signature -- may not stay in operation that long. So every CA
needs to provide for long-term storage of the information needed
to verify the signatures of those to whom it issues certificates.
(I) Advanced Research Projects Agency (ARPA) Network, a pioneer
packet-switched network that (a) was designed, implemented,
operated, and maintained by BBN from January 1969 until July 1975
under contract to the U.S. Government; (b) led to the development
of today's Internet; and (c) was decommissioned in June 1990.
(N) See: American Standard Code for Information Interchange.
(N) See: Abstract Syntax Notation One.
(I) A system resource that is (a) required to be protected by an
information system's security policy, (b) intended to be protected
by a countermeasure, or (c) required for a system's mission.
(I) A cooperative relationship between system entities, usually
for the purpose of transferring information between them. (See:
$ assurance See: security assurance.
$ assurance level
(N) A rank on a hierarchical scale that judges the confidence
someone can have that a TOE adequately fulfills stated security
requirements. (See: assurance, certificate policy, EAL, TCSEC.)
Example: U.S. Government guidance [M0404] describes four assurance
levels for identity authentication, where each level "describes
the [U.S. Federal Government] agency's degree of certainty that
the user has presented [a credential] that refers to [the user's]
identity." In that guidance, assurance is defined as (a) "the
degree of confidence in the vetting process used to establish the
identity of the individual to whom the credential was issued" and
(b) "the degree of confidence that the individual who uses the
credential is the individual to whom the credential was issued."
The four levels are described as follows:
- Level 1: Little or no confidence in the asserted identity.
- Level 2: Some confidence in the asserted identity.
- Level 3: High confidence in the asserted identity.
- Level 4: Very high confidence in the asserted identity.
Standards for determining these levels are provided in a NIST
publication [SP12]. However, as noted there, an assurance level is
"a degree of confidence, not a true measure of how secure the
system actually is. This distinction is necessary because it is
extremely difficult -- and in many cases, virtually impossible --
to know exactly how secure a system is."
$ asymmetric cryptography
(I) A modern branch of cryptography (popularly known as "public-
key cryptography") in which the algorithms use a pair of keys (a
public key and a private key) and use a different component of the
pair for each of two counterpart cryptographic operations (e.g.,
encryption and decryption, or signature creation and signature
verification). (See: key pair, symmetric cryptography.)
Tutorial: Asymmetric algorithms have key management advantages
over equivalently strong symmetric ones. First, one key of the
pair need not be known by anyone but its owner; so it can more
easily be kept secret. Second, although the other key is shared by
all entities that use the algorithm, that key need not be kept
secret from other, non-using entities; thus, the key-distribution
part of key management can be done more easily.
Asymmetric cryptography can be used to create algorithms for
encryption, digital signature, and key agreement:
- In an asymmetric encryption algorithm (e.g., "RSA"), when Alice
wants to ensure confidentiality for data she sends to Bob, she
encrypts the data with a public key provided by Bob. Only Bob
has the matching private key that is needed to decrypt the
data. (Compare: seal.)
- In an asymmetric digital signature algorithm (e.g., "DSA"),
when Alice wants to ensure data integrity or provide
authentication for data she sends to Bob, she uses her private
key to sign the data (i.e., create a digital signature based on
the data). To verify the signature, Bob uses the matching
public key that Alice has provided.
- In an asymmetric key-agreement algorithm (e.g., "Diffie-
Hellman-Merkle"), Alice and Bob each send their own public key
to the other party. Then each uses their own private key and
the other's public key to compute the new key value.
$ asymmetric key
(I) A cryptographic key that is used in an asymmetric
cryptographic algorithm. (See: asymmetric cryptography, private
key, public key.)
(N) See: "Alliance for Telecommunications Industry Solutions"
1. (I) An intentional act by which an entity attempts to evade
security services and violate the security policy of a system.
That is, an actual assault on system security that derives from an
intelligent threat. (See: penetration, violation, vulnerability.)
2. (I) A method or technique used in an assault (e.g.,
masquerade). (See: blind attack, distributed attack.)
Tutorial: Attacks can be characterized according to intent:
- An "active attack" attempts to alter system resources or affect
- A "passive attack" attempts to learn or make use of information
from a system but does not affect system resources of that
system. (See: wiretapping.)
The object of a passive attack might be to obtain data that is
needed for an off-line attack.
- An "off-line attack" is one in which the attacker obtains data
from the target system and then analyzes the data on a
different system of the attacker's own choosing, possibly in
preparation for a second stage of attack on the target.
Attacks can be characterized according to point of initiation:
- An "inside attack" is one that is initiated by an entity inside
the security perimeter (an "insider"), i.e., an entity that is
authorized to access system resources but uses them in a way
not approved by the party that granted the authorization.
- An "outside attack" is initiated from outside the security
perimeter, by an unauthorized or illegitimate user of the
system (an "outsider"). In the Internet, potential outside
attackers range from amateur pranksters to organized criminals,
international terrorists, and hostile governments.
Attacks can be characterized according to method of delivery:
- In a "direct attack", the attacker addresses attacking packets
to the intended victim(s).
- In an "indirect attack", the attacker addresses packets to a
third party, and the packets either have the address(es) of the
intended victim(s) as their source address(es) or indicate the
intended victim(s) in some other way. The third party responds
by sending one or more attacking packets to the intended
victims. The attacker can use third parties as attack
amplifiers by providing a broadcast address as the victim
address (e.g., "smurf attack"). (See: reflector attack.
Compare: reflection attack, replay attack.)
The term "attack" relates to some other basic security terms as
shown in the following diagram:
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
| An Attack: | |Counter- | | A System Resource: |
| i.e., A Threat Action | | measure | | Target of the Attack |
| +----------+ | | | | +-----------------+ |
| | Attacker |<==================||<========= | |
| | i.e., | Passive | | | | | Vulnerability | |
| | A Threat |<=================>||<========> | |
| | Agent | or Active | | | | +-------|||-------+ |
| +----------+ Attack | | | | VVV |
| | | | | Threat Consequences |
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
$ attack potential
(I) The perceived likelihood of success should an attack be
launched, expressed in terms of the attacker's ability (i.e.,
expertise and resources) and motivation. (Compare: threat, risk.)
$ attack sensing, warning, and response
(I) A set of security services that cooperate with audit service
to detect and react to indications of threat actions, including
both inside and outside attacks. (See: indicator.)
$ attack tree
(I) A branching, hierarchical data structure that represents a set
of potential approaches to achieving an event in which system
security is penetrated or compromised in a specified way. [Moor]
Tutorial: Attack trees are special cases of fault trees. The
security incident that is the goal of the attack is represented as
the root node of the tree, and the ways that an attacker could
reach that goal are iteratively and incrementally represented as
branches and subnodes of the tree. Each subnode defines a subgoal,
and each subgoal may have its own set of further subgoals, etc.
The final nodes on the paths outward from the root, i.e., the leaf
nodes, represent different ways to initiate an attack. Each node
other than a leaf is either an AND-node or an OR-node. To achieve
the goal represented by an AND-node, the subgoals represented by
all of that node's subnodes must be achieved; and for an OR-node,
at least one of the subgoals must be achieved. Branches can be
labeled with values representing difficulty, cost, or other attack
attributes, so that alternative attacks can be compared.
(N) Information of a particular type concerning an identifiable
system entity or object. An "attribute type" is the component of
an attribute that indicates the class of information given by the
attribute; and an "attribute value" is a particular instance of
the class of information indicated by an attribute type. (See:
$ attribute authority (AA)
1. (N) A CA that issues attribute certificates.
2. (O) "An authority [that] assigns privileges by issuing
attribute certificates." [X509]
Deprecated Usage: The abbreviation "AA" SHOULD NOT be used in an
IDOC unless it is first defined in the IDOC.
$ attribute certificate
1. (I) A digital certificate that binds a set of descriptive data
items, other than a public key, either directly to a subject name
or to the identifier of another certificate that is a public-key
certificate. (See: capability token.)
2. (O) "A data structure, digitally signed by an [a]ttribute
[a]uthority, that binds some attribute values with identification
information about its holder." [X509]
Tutorial: A public-key certificate binds a subject name to a
public key value, along with information needed to perform certain
cryptographic functions using that key. Other attributes of a
subject, such as a security clearance, may be certified in a
separate kind of digital certificate, called an attribute
certificate. A subject may have multiple attribute certificates
associated with its name or with each of its public-key
An attribute certificate might be issued to a subject in the
- Different lifetimes: When the lifetime of an attribute binding
is shorter than that of the related public-key certificate, or
when it is desirable not to need to revoke a subject's public
key just to revoke an attribute.
- Different authorities: When the authority responsible for the
attributes is different than the one that issues the public-key
certificate for the subject. (There is no requirement that an
attribute certificate be issued by the same CA that issued the
associated public-key certificate.)
See: security audit.
$ audit log
(I) Synonym for "security audit trail".
$ audit service
(I) A security service that records information needed to
establish accountability for system events and for the actions of
system entities that cause them. (See: security audit.)
$ audit trail
(I) See: security audit trail.
(I) See: POP3 AUTH.
(I) Verify (i.e., establish the truth of) an attribute value
claimed by or for a system entity or system resource. (See:
authentication, validate vs. verify, "relationship between data
integrity service and authentication services" under "data
Deprecated Usage: In general English usage, this term is used with
the meaning "to prove genuine" (e.g., an art expert authenticates
a Michelangelo painting); but IDOCs should restrict usage as
- IDOCs SHOULD NOT use this term to refer to proving or checking
that data has not been changed, destroyed, or lost in an
unauthorized or accidental manner. Instead, use "verify".
- IDOCs SHOULD NOT use this term to refer to proving the truth or
accuracy of a fact or value such as a digital signature.
Instead, use "verify".
- IDOCs SHOULD NOT use this term to refer to establishing the
soundness or correctness of a construct, such as a digital
certificate. Instead, use "validate".
(I) The process of verifying a claim that a system entity or
system resource has a certain attribute value. (See: attribute,
authenticate, authentication exchange, authentication information,
credential, data origin authentication, peer entity
authentication, "relationship between data integrity service and
authentication services" under "data integrity service", simple
authentication, strong authentication, verification, X.509.)
Tutorial: Security services frequently depend on authentication of
the identity of users, but authentication may involve any type of
attribute that is recognized by a system. A claim may be made by a
subject about itself (e.g., at login, a user typically asserts its
identity) or a claim may be made on behalf of a subject or object
by some other system entity (e.g., a user may claim that a data
object originates from a specific source, or that a data object is
classified at a specific security level).
An authentication process consists of two basic steps:
- Identification step: Presenting the claimed attribute value
(e.g., a user identifier) to the authentication subsystem.
- Verification step: Presenting or generating authentication
information (e.g., a value signed with a private key) that acts
as evidence to prove the binding between the attribute and that
for which it is claimed. (See: verification.)
$ authentication code
(D) Synonym for a checksum based on cryptography. (Compare: Data
Authentication Code, Message Authentication Code.)
Deprecated Term: IDOCs SHOULD NOT use this uncapitalized term as a
synonym for any kind of checksum, regardless of whether or not the
checksum is cryptographic. Instead, use "checksum", "Data
Authentication Code", "error detection code", "hash", "keyed
hash", "Message Authentication Code", "protected checksum", or
some other recommended term, depending on what is meant.
The term mixes concepts in a potentially misleading way. The word
"authentication" is misleading because the checksum may be used to
perform a data integrity function rather than a data origin
$ authentication exchange
1. (I) A mechanism to verify the identity of an entity by means of
2. (O) "A mechanism intended to ensure the identity of an entity
by means of information exchange." [I7498-2]
$ Authentication Header (AH)
(I) An Internet protocol [R2402, R4302] designed to provide
connectionless data integrity service and connectionless data
origin authentication service for IP datagrams, and (optionally)
to provide partial sequence integrity and protection against
replay attacks. (See: IPsec. Compare: ESP.)
Tutorial: Replay protection may be selected by the receiver when a
security association is established. AH authenticates the upper-
layer PDU that is carried as an IP SDU, and also authenticates as
much of the IP PCI (i.e., the IP header) as possible. However,
some IP header fields may change in transit, and the value of
these fields, when the packet arrives at the receiver, may not be
predictable by the sender. Thus, the values of such fields cannot
be protected end-to-end by AH; protection of the IP header by AH
is only partial when such fields are present.
AH may be used alone, or in combination with the ESP, or in a
nested fashion with tunneling. Security services can be provided
between a pair of communicating hosts, between a pair of
communicating security gateways, or between a host and a gateway.
ESP can provide nearly the same security services as AH, and ESP
can also provide data confidentiality service. The main difference
between authentication services provided by ESP and AH is the
extent of the coverage; ESP does not protect IP header fields
unless they are encapsulated by AH.
$ authentication information
(I) Information used to verify an identity claimed by or for an
entity. (See: authentication, credential, user. Compare:
Tutorial: Authentication information may exist as, or be derived
from, one of the following: (a) Something the entity knows (see:
password); (b) something the entity possesses (see: token); (c)
something the entity is (see: biometric authentication).
$ authentication service
(I) A security service that verifies an identity claimed by or for
an entity. (See: authentication.)
Tutorial: In a network, there are two general forms of
authentication service: data origin authentication service and
peer entity authentication service.
(I) The property of being genuine and able to be verified and be
trusted. (See: authenticate, authentication, validate vs. verify.)
(D) /PKI/ "An entity [that is] responsible for the issuance of
Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for
attribute authority, certification authority, registration
authority, or similar terms; the shortened form may cause
confusion. Instead, use the full term at the first instance of
usage and then, if it is necessary to shorten text, use AA, CA,
RA, and other abbreviations defined in this Glossary.
$ authority certificate
(D) "A certificate issued to an authority (e.g. either to a
certification authority or to an attribute authority)." [X509]
Deprecated Term: IDOCs SHOULD NOT use this term because it is
ambiguous. Instead, use the full term "certification authority
certificate", "attribute authority certificate", "registration
authority certificate", etc. at the first instance of usage and
then, if it is necessary to shorten text, use AA, CA, RA, and
other abbreviations defined in this Glossary.
$ Authority Information Access extension
(I) The private extension defined by PKIX for X.509 certificates
to indicate "how to access CA information and services for the
issuer of the certificate in which the extension appears.
Information and services may include on-line validation services
and CA policy data." [R3280] (See: private extension.)
1a. (I) An approval that is granted to a system entity to access a
system resource. (Compare: permission, privilege.)
Usage: Some synonyms are "permission" and "privilege". Specific
terms are preferred in certain contexts:
- /PKI/ "Authorization" SHOULD be used, to align with
"certification authority" in the standard [X509].
- /role-based access control/ "Permission" SHOULD be used, to
align with the standard [ANSI].
- /computer operating systems/ "Privilege" SHOULD be used, to
align with the literature. (See: privileged process, privileged
Tutorial: The semantics and granularity of authorizations depend
on the application and implementation (see: "first law" under
"Courtney's laws"). An authorization may specify a particular
access mode -- such as read, write, or execute -- for one or more
1b. (I) A process for granting approval to a system entity to
access a system resource.
2. (O) /SET/ "The process by which a properly appointed person or
persons grants permission to perform some action on behalf of an
organization. This process assesses transaction risk, confirms
that a given transaction does not raise the account holder's debt
above the account's credit limit, and reserves the specified
amount of credit. (When a merchant obtains authorization, payment
for the authorized amount is guaranteed -- provided, of course,
that the merchant followed the rules associated with the
authorization process.)" [SET2]
$ authorization credential
(I) See: /access control/ under "credential".
(I) Grant an authorization to a system entity.
$ authorized user
(I) /access control/ A system entity that accesses a system
resource for which the entity has received an authorization.
(Compare: insider, outsider, unauthorized user.)
Deprecated Usage: IDOCs that use this term SHOULD state a
definition for it because the term is used in many ways and could
easily be misunderstood.
$ automated information system
See: information system.
1. (I) The property of a system or a system resource being
accessible, or usable or operational upon demand, by an authorized
system entity, according to performance specifications for the
system; i.e., a system is available if it provides services
according to the system design whenever users request them. (See:
critical, denial of service. Compare: precedence, reliability,
2. (O) "The property of being accessible and usable upon demand by
an authorized entity." [I7498-2]
3. (D) "Timely, reliable access to data and information services
for authorized users." [C4009]
Deprecated Definition: IDOCs SHOULD NOT use the term with
definition 3; the definition mixes "availability" with
"reliability", which is a different property. (See: reliability.)
Tutorial: Availability requirements can be specified by
quantitative metrics, but sometimes are stated qualitatively, such
as in the following:
- "Flexible tolerance for delay" may mean that brief system
outages do not endanger mission accomplishment, but extended
outages may endanger the mission.
- "Minimum tolerance for delay" may mean that mission
accomplishment requires the system to provide requested
services in a short time.
$ availability service
(I) A security service that protects a system to ensure its
Tutorial: This service addresses the security concerns raised by
denial-of-service attacks. It depends on proper management and
control of system resources, and thus depends on access control
service and other security services.
(I) See: secondary definition under "security".
$ B1, B2, or B3 computer system
(O) /TCSEC/ See: Tutorial under "Trusted Computer System
$ back door
1. (I) /COMPUSEC/ A computer system feature -- which may be (a) an
unintentional flaw, (b) a mechanism deliberately installed by the
system's creator, or (c) a mechanism surreptitiously installed by
an intruder -- that provides access to a system resource by other
than the usual procedure and usually is hidden or otherwise not
well-known. (See: maintenance hook. Compare: Trojan Horse.)
Example: A way to access a computer other than through a normal
login. Such an access path is not necessarily designed with
malicious intent; operating systems sometimes are shipped by the
manufacturer with hidden accounts intended for use by field
service technicians or the vendor's maintenance programmers.
2. (I) /cryptography/ A feature of a cryptographic system that
makes it easily possible to break or circumvent the protection
that the system is designed to provide.
Example: A feature that makes it possible to decrypt cipher text
much more quickly than by brute-force cryptanalysis, without
having prior knowledge of the decryption key.
$ back up
(I) /verb/ Create a reserve copy of data or, more generally,
provide alternate means to perform system functions despite loss
of system resources. (See: contingency plan. Compare: archive.)
(I) /noun or adjective/ Refers to alternate means of performing
system functions despite loss of system resources. (See:
Example: A reserve copy of data, preferably one that is stored
separately from the original, for use if the original becomes lost
or damaged. (Compare: archive.)
(D) /slang/ "An entity, such as a program or a computer, that
fails to work or that works in a remarkably clumsy manner. A
person who has caused some trouble, inadvertently or otherwise,
typically by failing to program the computer properly." [NCSSG]
Deprecated Term: It is likely that other cultures use different
metaphors for these concepts. Therefore, to avoid international
misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book".)
(O) /SET/ An "opaque encrypted tuple, which is included in a SET
message but appended as external data to the PKCS encapsulated
data. This avoids superencryption of the previously encrypted
tuple, but guarantees linkage with the PKCS portion of the
Deprecated Usage: IDOCs SHOULD NOT use this term to describe a
data element, except in the form "SET(trademark) baggage" with the
meaning given above.
$ baked-in security
(D) The inclusion of security mechanisms in an information system
beginning at an early point in the system's lifecycle, i.e.,
during the design phase, or at least early in the implementation
phase. (Compare: add-on security.)
Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international
misunderstanding, IDOCs SHOULD NOT use this term (unless they also
provide a definition like this one). (See: Deprecated Usage under
(I) The total width of the frequency band that is available to or
used by a communication channel; usually expressed in Hertz (Hz).
(RFC 3753) (Compare: channel capacity.)
$ bank identification number (BIN)
1. (O) The digits of a credit card number that identify the
issuing bank. (See: primary account number.)
2. (O) /SET/ The first six digits of a primary account number.
$ Basic Encoding Rules (BER)
(I) A standard for representing ASN.1 data types as strings of
octets. [X690] (See: Distinguished Encoding Rules.)
Deprecated Usage: Sometimes incorrectly treated as part of ASN.1.
However, ASN.1 properly refers only to a syntax description
language, and not to the encoding rules for the language.
$ Basic Security Option
(I) See: secondary definition under "IPSO".
$ bastion host
(I) A strongly protected computer that is in a network protected
by a firewall (or is part of a firewall) and is the only host (or
one of only a few) in the network that can be directly accessed
from networks on the other side of the firewall. (See: firewall.)
Tutorial: Filtering routers in a firewall typically restrict
traffic from the outside network to reaching just one host, the
bastion host, which usually is part of the firewall. Since only
this one host can be directly attacked, only this one host needs
to be very strongly protected, so security can be maintained more
easily and less expensively. However, to allow legitimate internal
and external users to access application resources through the
firewall, higher-layer protocols and services need to be relayed
and forwarded by the bastion host. Some services (e.g., DNS and
SMTP) have forwarding built in; other services (e.g., TELNET and
FTP) require a proxy server on the bastion host.
$ BBN Technologies Corp. (BBN)
(O) The research-and-development company (originally called Bolt
Baranek and Newman, Inc.) that built the ARPANET.
(O) See: brand certification authority.
(O) See: BLACK/Crypto/RED.
(O) See: brand CRL identifier.
$ Bell-LaPadula model
(N) A formal, mathematical, state-transition model of
confidentiality policy for multilevel-secure computer systems
[Bell]. (Compare: Biba model, Brewer-Nash model.)
Tutorial: The model, devised by David Bell and Leonard LaPadula at
The MITRE Corporation in 1973, characterizes computer system
elements as subjects and objects. To determine whether or not a
subject is authorized for a particular access mode on an object,
the clearance of the subject is compared to the classification of
the object. The model defines the notion of a "secure state", in
which the only permitted access modes of subjects to objects are
in accordance with a specified security policy. It is proven that
each state transition preserves security by moving from secure
state to secure state, thereby proving that the system is secure.
In this model, a multilevel-secure system satisfies several rules,
including the "confinement property" (a.k.a. the "*-property"),
the "simple security property", and the "tranquility property".
1. (N) /COMSEC/ "Condition of cryptographic data [such] that [the
data] cannot be compromised by human access [to the data]."
2. (O) /COMPUSEC/ See: secondary definition under "trust".
$ benign fill
(N) Process by which keying material is generated, distributed,
and placed into an ECU without exposure to any human or other
system entity, except the cryptographic module that consumes and
uses the material. (See: benign.)
(I) See: Basic Encoding Rules.
$ beyond A1
1. (O) /formal/ A level of security assurance that is beyond the
highest level (level A1) of criteria specified by the TCSEC. (See:
Tutorial under "Trusted Computer System Evaluation Criteria".)
2. (O) /informal/ A level of trust so high that it is beyond
state-of-the-art technology; i.e., it cannot be provided or
verified by currently available assurance methods, and especially
not by currently available formal methods.
$ Biba integrity
(N) Synonym for "source integrity".
$ Biba model
(N) A formal, mathematical, state-transition model of integrity
policy for multilevel-secure computer systems [Biba]. (See: source
integrity. Compare: Bell-LaPadula model.)
Tutorial: This model for integrity control is analogous to the
Bell-LaPadula model for confidentiality control. Each subject and
object is assigned an integrity level and, to determine whether or
not a subject is authorized for a particular access mode on an
object, the integrity level of the subject is compared to that of
the object. The model prohibits the changing of information in an
object by a subject with a lesser or incomparable level. The rules
of the Biba model are duals of the corresponding rules in the
(N) "A personnel position or assignment that may be filled by one
person." [JCP1] (Compare: principal, role, user.)
Tutorial: In an organization, a "billet" is a populational
position, of which there is exactly one instance; but a "role" is
functional position, of which there can be multiple instances.
System entities are in one-to-one relationships with their
billets, but may be in many-to-one and one-to-many relationships
with their roles.
(O) See: bank identification number.
(I) To inseparably associate by applying some security mechanism.
Example: A CA creates a public-key certificate by using a digital
signature to bind together (a) a subject name, (b) a public key,
and usually (c) some additional data items (e.g., "X.509 public-
$ biometric authentication
(I) A method of generating authentication information for a person
by digitizing measurements of a physical or behavioral
characteristic, such as a fingerprint, hand shape, retina pattern,
voiceprint, handwriting style, or face.
$ birthday attack
(I) A class of attacks against cryptographic functions, including
both encryption functions and hash functions. The attacks take
advantage of a statistical property: Given a cryptographic
function having an N-bit output, the probability is greater than
1/2 that for 2**(N/2) randomly chosen inputs, the function will
produce at least two outputs that are identical. (See: Tutorial
under "hash function".)
Derivation: From the somewhat surprising fact (often called the
"birthday paradox") that although there are 365 days in a year,
the probability is greater than 1/2 that two of more people share
the same birthday in any randomly chosen group of 23 people.
Birthday attacks enable an adversary to find two inputs for which
a cryptographic function produces the same cipher text (or find
two inputs for which a hash functions produces the same hash
result) much faster than a brute-force attack can; and a clever
adversary can use such a capability to create considerable
mischief. However, no birthday attack can enable an adversary to
decrypt a given cipher text (or find a hash input that results in
a given hash result) any faster than a brute-force attack can.
(I) A contraction of the term "binary digit"; the smallest unit of
information storage, which has two possible states or values. The
values usually are represented by the symbols "0" (zero) and "1"
(one). (See: block, byte, nibble, word.)
$ bit string
(I) A sequence of bits, each of which is either "0" or "1".
1. (N) Designation for data that consists only of cipher text, and
for information system equipment items or facilities that handle
only cipher text. Example: "BLACK key". (See: BCR, color change,
RED/BLACK separation. Compare: RED.)
2. (O) /U.S. Government/ "Designation applied to information
systems, and to associated areas, circuits, components, and
equipment, in which national security information is encrypted or
is not processed." [C4009]
3. (D) Any data that can be disclosed without harm.
Deprecated Definition: IDOCs SHOULD NOT use the term with
definition 3 because the definition is ambiguous with regard to
whether or not the data is protected.
$ BLACK/Crypto/RED (BCR)
(N) An experimental, end-to-end, network packet encryption system
developed in a working prototype form by BBN and the Collins Radio
division of Rockwell Corporation in the 1975-1980 time frame for
the U.S. DoD. BCR was the first network security system to support
TCP/IP traffic, and it incorporated the first DES chips that were
validated by the U.S. National Bureau of Standards (now called
NIST). BCR also was the first to use a KDC and an ACC to manage
$ BLACK key
(N) A key that is protected with a key-encrypting key and that
must be decrypted before use. (See: BLACK. Compare: RED key.)
(O) An end-to-end encryption system for computer data networks
that was developed by the U.S. DoD in the 1980s to provide host-
to-host data confidentiality service for datagrams at OSIRM Layer
3. [Weis] (Compare: CANEWARE, IPsec.)
Tutorial: Each user host connects to its own bump-in-the-wire
encryption device called a BLACKER Front End (BFE, TSEC/KI-111),
through which the host connects to the subnetwork. The system also
includes two types of centralized devices: one or more KDCs
connect to the subnetwork and communicate with assigned sets of
BFEs, and one or more ACCs connect to the subnetwork and
communicate with assigned KDCs. BLACKER uses only symmetric
encryption. A KDC distributes session keys to BFE pairs as
authorized by an ACC. Each ACC maintains a database for a set of
BFEs, and the database determines which pairs from that set (i.e.,
which pairs of user hosts behind the BFEs) are authorized to
communicate and at what security levels.
The BLACKER system is MLS in three ways: (a) The BFEs form a
security perimeter around a subnetwork, separating user hosts from
the subnetwork, so that the subnetwork can operate at a different
security level (possibly a lower, less expensive level) than the
hosts. (b) The BLACKER components are trusted to separate
datagrams of different security levels, so that each datagram of a
given security level can be received only by a host that is
authorized for that security level; and thus BLACKER can separate
host communities that operate at different security levels. (c)
The host side of a BFE is itself MLS and can recognize a security
label on each packet, so that an MLS user host can be authorized
to successively transmit datagrams that are labeled with different
$ blind attack
(I) A type of network-based attack method that does not require
the attacking entity to receive data traffic from the attacked
entity; i.e., the attacker does not need to "see" data packets
sent by the victim. Example: SYN flood.
Tutorial: If an attack method is blind, the attacker's packets can
carry (a) a false IP source address (making it difficult for the
victim to find the attacker) and (b) a different address on every
packet (making it difficult for the victim to block the attack).
If the attacker needs to receive traffic from the victim, the
attacker must either (c) reveal its own IP address to the victim
(which enables the victim to find the attacker or block the attack
by filtering) or (d) provide a false address and also subvert
network routing mechanisms to divert the returning packets to the
attacker (which makes the attack more complex, more difficult, or
more expensive). [R3552]
(I) A bit string or bit vector of finite length. (See: bit, block
cipher. Compare: byte, word.)
Usage: An "N-bit block" contains N bits, which usually are
numbered from left to right as 1, 2, 3, ..., N.
$ block cipher
(I) An encryption algorithm that breaks plain text into fixed-size
segments and uses the same key to transform each plaintext segment
into a fixed-size segment of cipher text. Examples: AES, Blowfish,
DEA, IDEA, RC2, and SKIPJACK. (See: block, mode. Compare: stream
Tutorial: A block cipher can be adapted to have a different
external interface, such as that of a stream cipher, by using a
mode of cryptographic operation to package the basic algorithm.
(See: CBC, CCM, CFB, CMAC, CTR, DEA, ECB, OFB.)
(N) A symmetric block cipher with variable-length key (32 to 448
bits) designed in 1993 by Bruce Schneier as an unpatented,
license-free, royalty-free replacement for DES or IDEA. [Schn]