Click for next page ( 301


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 300
K Glossary Access generally refers to the right to enter or use a system and its re- sources; to read, write, modify, or delete data; or to use software processes or network bandwidth. Access control is the granting or denying, usually according to a particu- lar security model, of certain permissions to access a resource. Access level is either the clearance level associated with a subject or the classification level associated with an object. ACE (access control list) refers to a list of subjects permitted to access an object, and the access rights of each one. ACM is the Association for Computing Machinery. ActiveX is a set of client and server component interfaces that enables developers to build multitier applications that use an HTML renderer and HTTP and other Internet protocols. ActiveX is the technology used to integrate the Internet in Windows. Ada is a programming language that was developed, and subsequently mandated, for DOD software projects. Adjunct processors enable the operation of many enhanced telephone services, such as 800 numbers and voice-menu prompts. ADSL (asymmetric digital subscriber line) allows an upstream data flow (i.e., from user to server) that is a fraction of the downstream data flow, as is appropriate to support Internet services to the home and video on demand. ANSI is the American National Standards Institute. 300

OCR for page 300
APPENDIX K 301 API (application programming interface) is an interface provided for an application to another program. ARPA: See DARPA. ARPANET (Advanced Research Projects Agency network) was a feder- ally funded WAN that became operational in 1968 and was used for early networking research. It evolved into the central backbone of the Internet. AS (autonomous system) is an Internet routing domain under the control of one organization. Assurance is confidence that a system design meets its requirements, or that its implementation satisfies specifications, or that some specific property is satisfied. Asymmetric (or public-key) cryptography is based on algorithms that use one key (typically a public key) to encrypt a message and a differ- ent, mathematically related key (typically private) to decrypt a mes- sage. ATE (Assessment Technology Branch) is part of NASA. ATM (asynchronous transfer mode) enables voice, data, and video to be handled with a uniform transmission protocol. It breaks up the infor- mation to be transmitted into short packets of data and intersperses them with data from other sources delivered over trunk networks. Authentication is the process of confirming an asserted identity with a specified, or understood, level of confidence. The mechanism can be based on something the user knows, such as a password, something the user possesses, such as a "smart card," something intrinsic to the person, such as a fingerprint, or a combination of two or more of these. Availability is the property asserting that a resource is usable or opera- tional during a given time period, despite attacks or failures. BAA (broad area announcement) is a form of research solicitation used by DARPA and other federal agencies. BCR (black/crypto/red) was a federally funded project that achieved full end-to-end packet encryption, with full header bypass, in working prototype form in the mid to late 1970s. Bell and La Padula policy is a security policy prohibiting information flow from one object to another with a lesser or incomparable classifi- cation. BGP (Border Gateway Protocol) is the protocol used by Internet routers to communicate with other routers across administrative boundaries. Biometric authentication relies on the use of unique characteristics of individuals, such as a voiceprint or fingerprint, for authentication.

OCR for page 300
302 APPENDIX K Blacker is an integrated set of network layer cryptographic devices de- signed to secure military data networks. Blue box refers to a device used to defraud the telephone company in the 1960s and 1970s. It sent network control tones over the voice path. bps (bits per second) refers to the rate at which data are generated by a source or transmitted over a communications channel. Measurements are often stated in units of 103 bits per second (kilobits or kbps) or 106 bits per second (megabits or Mbps). C++ is a programming language. CA (certification authority) is a trusted party that creates certificates in a secure manner. Caneware is a certificate-based, military network encryption system for the Internet. CAP (complex arithmetic processor) is a digital signal processor intended for use in a secure, multimode, programmable radio. CCITT is the Consultative Committee on International Telephony and Telegraphy. CCF (central control function) is an air traffic management subsystem. CCv2 refers to Common Criteria, version 2. CDIS (central control function display information system) is a compo- nent of the CCF. CDSA (common data security architecture) is an integrated software framework consisting of APIs designed to make computer platforms more secure for applications such as electronic commerce. CERT/CC (Computer Emergency Response Team/Coordination Center) is an element of the Networked Systems Survivability Program of the Software Engineering Institute at Carnegie Mellon University. It keeps track of attacks on the Internet and issues advisories. CERT advisories are available online at . Certificate management is the overall process of issuing, storing, veri- fying, and generally accepting responsibility for the accuracy of pub- lic-key certificates and their secure delivery to appropriate consum ers. Certification is the administrative act of approving a computer system or component for use in a particular application. CGI (common gateway interface) is a script run by a World Wide Web server in response to a client request. Checksum consists of digits or bits calculated according to an algorithm and used to verify the integrity of accompanying data. Chinese Wall (or Brewer-Nash) model is a security policy concerned with separating different organizational activities to conform with legal and regulatory strictures in the financial world.

OCR for page 300
APPENDIX K 303 CIA is the Central Intelligence Agency. CIAO (Critical Infrastructure Assurance Office) is a unit of the U.S. government established by PDD 63. CIC R&D (Computing, Information, and Communications Research and Development) refers to a committee of the National Science and Technology Council that involves about 12 federal departments and agencies that coordinate computing and communications programs, budgets, and review. Ciphertext is the output of any encryption process, regardless of whether the original digitized input was text, computer files or programs, or graphical images. Cleartext (or plaintext) is the input into an encryption process or output of a decryption process. CLEF refers to a commercially licensed evaluation facility. Clipper chip is an escrowed encryption chip that implements the Skip- jack algorithm to encrypt communications conducted over the public switched network (e.g., between telephones, modems, or fax equip- ment). CMM (Capability Maturity Model) is used in judging the maturity of the software processes of an organization. It was developed under the stewardship of the Software Engineering Institute. CMW (compartmented mode workstation) is a computer workstation (rated at least B1 under the TCSEC) that implements both discretion- ary (i.e., identity-based, user-directed) and mandatory (i.e., rule- based, administratively directed) access policies. CNN is the Cable News Network. COCOMO (constructive cost model) is a method for estimating the cost of the development of a software system. COM (common object model) is an open software architecture. Confidentiality refers to the protection of communications traffic or stored data against interception or receipt by unauthorized third par- ties. Conops (concept of operations) describes the operations of a computing system, typically in the form of scenarios. COPS (computer oracle password security) is software that checks for cracks, configuration errors, and other security flaws in a computer employing the UNIX operating system. CORBA (common object request broker architecture) is an OMG speci- fication that provides the standard interface definition between OMG- compliant objects. Correctness is the property of being consistent with a specification. The specification may stipulate, for example, that proper outputs are pro- duced by a system for each input.

OCR for page 300
304 APPENDIX K COTS (commercial off-the-shelf) refers to readily available commercial technologies and systems. Countermeasure is a mechanism that reduces or eliminates a vulnerabil- ity. CPU is a central processing unit. CRISIS refers to Cryptography's Role in Securing the Information Society, a 1996 report by the CSTB. CRL (certificate revocation list) identifies unexpired certificates that are no longer valid; that is, the binding expressed by the certificates is not considered to be accurate. Cross-connect is a component of the telephone system that shunts circuits from one wire or fiber to another. Cryptanalysts is the study and practice of various methods to penetrate ciphertext and deduce the contents of the original cleartext message. Cryptographic algorithm is a mathematical procedure, often used in con- junction with a key, that transforms input into a form that is unintel- ligible without knowledge of a key and the algorithm. Cryptography is the science and technology of establishing or protecting the secrecy, authenticity, or integrity of data that might be accessed by unauthorized parties by using a code or cipher. CSP (Communicating Sequential Process) is a specification and pro- gramming notation for concurrent and distributed systems. CSTB (Computer Science and Telecommunications Board) is a unit of the National Research Council. CTCPEC refers to the Canadian Trusted Computer Product Evaluation Criteria. CUG (closed user group) is an access control concept used in X.25, frame relay, and ATM networks to establish a non-cryptographic VPN. A CUG is limited to a single network and network technology, man- aged by a single administration. DARPA is the Defense Advanced Research Projects Agency (known at times in the past as ARPA), which is part of the DOD. DCE (data communication equipment) refers to the devices and connec- tions of a communications network that connect the circuit between the data source and destination. A modem is the most common type of DCE. DCOM (distributed common object model) refers to an infrastructure for components that can be systematically reused. DON (defense data network) is a global DOD communications network composed of MILNET, other portions of the Internet, and classified networks.

OCR for page 300
APPENDIX K 305 Decryption is the process of transforming ciphertext into the original message, or cleartext. Denial of service is a form of attack that reduces the availability of a resource. DES (Data Encryption Standard) is the U.S. government standard (FIPS 46-1) describing a symmetric-key cryptographic algorithm. DGSA (DOD Goal Security Architecture) is a set of specifications or goals that support a wide range of access controls and integrity poli- cies in an object-oriented, distributed system environment. Digital signature is a digitized version of a written signature, typically produced by decrypting a digest of the message being signed. DISA is the Defense Information Systems Agency, a unit of the DOD. DMS (Defense Messaging System) relies on the SNS guard to permit electronic mail to flow in and out of highly sensitive enclaves and facilitate communication with less-sensitive DMS subscribers. DNS (Domain Name Service) is a general-purpose, distributed, repli- cated, data-query service that is used primarily on the Internet for translating host names into Internet addresses. DOD is the U.S. Department of Defense. DOE is the U.S. Department of Energy. DOS is disk operating system, developed by Microsoft Corporation and used widely on IBM-compatible personal computers. It contains no protection against errant programs and no support for partitioning the actions of one user from another. DSP (digital signal processor) is a specialized integrated circuit used to analyze or alter the characteristics of communications signals. DSP (downstream service provider) is a local or regional Internet pro- vider. DTE (domain and type enforcement) is a fine-grained access control mechanism. DVRP (distance vector routing protocol) enables routers to function with- out complete knowledge of network topology. Routers broadcast a list of destinations and costs; each recipient adds its cost for travers- ing its link back toward the sender and rebroadcasts the updated list of destinations and costs (or a lower-cost path to any of those destina- tions, if available). Encryption is any procedure used in cryptography to convert plaintext into ciphertext to prevent anyone but the intended recipient from reading the data. Escrowed Encryption Initiative is a voluntary program intended to im- prove the security of telephone communications while also meeting the stated needs of law enforcement.

OCR for page 300
306 APPENDIX K ESP (Encapsulating Security Payload) is a protocol (part of the IETF IPsec series of standards) that provides encryption and/or authenti- cation for IP packets. Fault tolerance is the capability of a system or component to continue operating despite hardware or software faults. It may be expressed in terms of the number of faults that can be tolerated before normal . . Operahon Is ~mpa~recr. FBI is the Federal Bureau of Investigation. FCC is the Federal Communications Commission. FDA is the Food and Drug Administration. FEAL is a symmetric-key cipher developed in Japan. FFRDC refers to federally funded research and development centers. FGAC (fine-grained access control) enables a user or system administra- tor to control access to small objects, methods, and procedures. FIPS (federal information processing standards) are technical standards published by NIST. U.S. government agencies are expected either to purchase computer-related products that conform to these standards or to obtain a formal waiver. Firewall is a defensive mechanism typically deployed at the boundary between a trusted and a mistrusted computer network. Formal language is language that has precisely defined syntax and se- mantics. It enables unambiguous descriptions and is often amenable to various degrees of automated analysis. Formal method is a mathematically based technique for describing and analyzing hardware, software, and computing systems. Fortezza is a PCMCIA cryptographic token for protecting data. It is a component of the MISSI architecture. Fortezza Initiative is a U.S. government initiative to promote and sup- port escrowed encryption for data storage and communications. FTP (File Transfer Protocol) is a client-server protocol that enables a user on one computer to transfer files to and from another computer over a TCP/IP network. Functionality is the functional behavior of a system. Functionality re- quirements include confidentiality, integrity, availability, authentica- tion, and safety. GSM (global system for mobile communications) is a standard for digi- tal cellular communications that is being adopted by more than 60 countries. GSSAPI (generic security services application programming interface) is an IETF-standard application-level interface to cryptographic services. GUI is a graphical user interface.

OCR for page 300
APPENDIX K 307 Hardware token refers to a small hardware device that contains a per- sonal cryptographic key as well as processing capability. It is used typically for authentication. Hash function is a form of checksum. HCS (High Confidence Systems) is the working group of the Committee on CIC R&D that deals with trustworthiness. Heisenbug refers to a transient failure that is difficult to reproduce be- cause it is triggered by circumstances beyond the control of a tester. Hijacking refers, in the computer context, to the impersonation of a pre- viously authenticated entity. HMO is a health maintenance organization. HTML (Hypertext Markup Language) is used to represent text and other data for posting and delivery to browsers on the World Wide Web. HTTP (Hypertext Transfer Protocol) is the client-server TCP/IP protocol used on the World Wide Web for the exchange of HTML documents. IAB is the Internet Architecture Board. ICMP (Internet Control Message Protocol) is a feature of IP that allows for the generation of error messages, test packets, and informational messages. IDE is a disk interface standard. Identification is an assertion about the identity of someone or something. IEEE is the Institute of Electrical and Electronics Engineers. IESG is the Internet Engineering Steering Group. IETF (Internet Engineering Task Force) is a large, international commu- nity of network designers, operators, vendors, and researchers who coordinate the evolution of the Internet and resolve protocol and ar- chitectural issues. IISP is the Information Infrastructure Standards Panel. IITF is the Information Infrastructure Task Force. IMP (interface message processor) was a switching node for the ARPANET. Infosec refers to information security. Integrity is the property of an object meeting an a priori established set of expectations. In the distributed system or communication security context, integrity is more precisely defined as assurance that data have not been undetectably modified in transit or storage. Integrity check is a quantity derived by an algorithm from the running digital stream of a message, or the entire contents of a stored data file, and appended to it. Some integrity checks are cryptographically based. IPsec (IP Security) is a suite of internetwork-layer security protocols de- veloped for the Internet by the IETF working group.

OCR for page 300
308 APPENDIX K IP (Internet Protocol) is a connectionless, packet-switching protocol that serves as the internetwork layer for the TCP/IP protocol suite. IP provides packet routing, fragmentation, and reassembly. ISAKMP (Internet Security Association and Key Management Proto- col) is a protocol developed by the NSA to negotiate keys for use with data network security protocols. ISAT (Information Science and Technology) refers to special activities held by DARPA to address long-term issues and plans. ISDN (integrated services digital network) is a set of communications standards that specify how different types of information (e.g., voice, data, video) can be transmitted in the public switched telephone net- work. ISO is the Information Systems Office of DARPA. ISO is the International Organization for Standardization. ISOC (Internet Society) is a nonprofit, professional membership organi- zation that facilitates and supports the technical evolution of the In- ternet; stimulates interest in and educates the scientific and academic communities, industry, and the public about the technology, uses, and applications of the Internet; and promotes the development of new applications. ISP (Internet service provider) is a company that provides other compa- nies or individuals with access to, or presence on, the Internet. Most ISPs also provide extra services, such as help with the design, cre- ation, and administration of World Wide Web sites. ISSR-lTO (Information Systems Security Research-loint Technology Office) involves DARPA, DISA, and NSA. ITO (Information Technology Office) is a unit of DARPA that supports research in computing and communications. ITSEC (Information Technology Security Evaluation Criteria) refers to the harmonized criteria of France, Germany, the Netherlands, and the United Kingdom. IW-D refers to defensive information warfare. Java is an object-oriented, distributed, architecture-neutral, portable, gen- eral-purpose programming language. lavaBeans is a component architecture for lava that enables the develop- ment of reusable software components that can be assembled using visual application-builder tools. fDK Qava development kit) provides an environment for developing Java programs. VIM Qava virtual machine) is a specification for software that interprets Java programs compiled into byte codes.

OCR for page 300
APPENDIX K 309 KDC (key-distribution center) is an online, automated provider of secret symmetric keys. Kernel is a small, trusted portion of a system that provides services on which the other portions of the system depend. Key is a value used in conjunction with a cryptographic algorithm. Key-escrow encryption is an encryption system that enables exceptional access to encrypted data through special data-recovery keys held ("in escrow") by a trusted party. KPA (key process area) refers to the most important aspects of software processes. LAN (local area network) is a data communications network, such as an Ethernet, that covers a small geographical area (typically no larger than a 1-kilometer radius), allowing easy interconnection of termi- nals, microprocessors, and computers within adjacent buildings. Link-State Routing Protocol enables routers to exchange information about the possibility and cost of reaching the other networks. The cost is based on number of hops, link speeds, traffic congestion, and other factors, as determined by the network designer. MD4 is a hash algorithm. MEII (minimum essential information infrastructure) is a highly trust- worthy communications subsystem originally envisioned for use by NISs that control critical infrastructures. MIB (management information base) is a database of objects accessed by the Internet management protocols (SNMP). MIC (message integrity code) is a value that is a complex function of both a set of protected data and a cryptographic key. It is computed by the sender and validated by the receiver. MILNET is the military network that is part of the DON and the Internet. MIME (multipurpose Internet mail extension) is a standard for multi- part, multimedia electronic mail messages and World Wide Web hypertext documents on the Internet. MISSI (Multilevel Information Systems Security Initiative) is an NSA initiative designed to provide a framework for the development of interoperable, complementary security products. Multics is a multiuser operating system developed in the mid-1960s by MIT, GE, and Bell Laboratories that features elaborate access controls. Multiplexing is the combining of several signals for transmission on a shared medium. MVS (multiple virtual storage) is an operating system for system 370 and its successors that supports virtual memory.

OCR for page 300
310 APPENDIX K NASA is the National Aeronautics and Space Administration. NCS (National Communications System) is a group of 23 federal depart- ments and agencies that coordinates and plans systems to support responses to crises and disasters. NCSC (National Computer Security Center) is part of the NSA. NES (Network Encryption System) is a certificate-based, packet network encryption system certified by the NSA (cf., Caneware). NIS (networked information system) integrates computing and commu- nications systems, procedures, and users and operators. NIST (National Institute of Standards and Technology) is a unit of the U.S. Department of Commerce that works with industry to develop and apply technology, measurements, and standards. NLSP (Netware Link-State Protocol) is a protocol for the exchange of routing information in some networks. NLSP (Network-Layer Security Protocol) is a protocol (roughly compa- rable to IPsec) that was developed for OSI networks but is rarely used. NMS (network management system) is a collection of software for man- aging the security of the other components in the MISSI architecture. NOC (network operations center) is a designated site that monitors and controls the elements of a network. Nonrepudiation is the affirmation, with extremely high confidence, of the identity of the signer of a digital message using a digital signature procedure. It is intended to protect against any subsequent attempt by the signer to deny authenticity. NPRG (National Partnership for Reinventing Government) is the Administration's ongoing effort to make the U.S. government work better and cost less. It was formerly known as the National Perfor- mance Review. NRC (Network Reliability Council) is the former name of the NRIC. NRC (National Research Council) is the operating arm of the National Academy of Sciences and the National Academy of Engineering. NRIC (Network Reliability and Interoperability Council) is the new name of the former Network Reliability Council. NSA is the National Security Agency, which is part of the DOD. NSF is the National Science Foundation. NSTAC (National Security Telecommunications Advisory Committee) provides industry advice to the Executive Branch of the U.S. govern- ment. Object is a hardware or software system or component (e.g., processor, file, database) that can be accessed by a subject.

OCR for page 300
APPENDIX K 311 Object code is the "executable" code of Is and us that instructs a com- puter on the steps to be performed. OC-12 (optical carrier 12) is a SONET rate communications channel of 622 megabits per second. OLE (object linking and embedding) is object-oriented software technol- ogy. OMG (Object Management Group) is a consortium of companies that supports and promotes a set of standards called CORBA. Orange Book is the common name for the DOD document that provides criteria for the evaluation of different classes of trusted systems. Supplementary documents extend and interpret the criteria. ORCON (originator controlled) is a term used with very sensitive classi- fied data to denote an access control policy in which the originator of data must approve access. OS (operating system) is a computer program (e.g., MS-DOS, Windows, UNIX, Mac OS) that provides basic services for applications. Such functions can include screen displays, file handling, and, in the fu- ture, encryption. OSI (open systems interconnection) refers to a seven-layer model of network architecture and a suite of implementing protocols devel- oped in 1978 as a framework for international standards for heteroge- neous computer networks. OSPF (open shortest-path first-interior) is a standard interior gateway routing protocol for the Internet. It is a link-state routing protocol, as distinct from a distance-vector routing protocol. OSS (operations support system) is a computer system involved in run- ning the telephone network. P5 is an Intel processor chip known as a Pentium processor. P6 is an Intel processor chip known as a Pentium Pro processor. Packet switching is a networking technology that breaks up a message into smaller packets for transmission and switches them to their re- quired destination. Unlike circuit switching, which requires a con- stant point-to-point circuit to be established, each packet in a packet- switched network contains a destination address. Thus all packets in a single message do not have to travel the same path. They can be dynamically routed over the network as circuits become available or unavailable. The destination computer reassembles the packets back into their proper sequence. Password is a sequence of characters presented to a system for purposes of authentication of the user's identity or privilege to access the system. PC is a personal computer.

OCR for page 300
312 APPENDIX K PCC (proof-carrying code) is a security enforcement approach in which formal, machine-checkable proof is used to establish that a software program will not violate a particular security policy. PCCIP is the President's Commission on Critical Infrastructure Protec- tion. PCMCIA is the Personal Computer Memory Card Interface Association, an organization that specifies standards for what are now called PC cards. POP (pretty good privacy) is a public-key encryption-based file encryp- tion implementation. POP enables users to exchange files or e-mail messages with privacy and authentication. PIN is a personal identification number and is used in much the same manner as a password. PKI (public-key infrastructure), as used in this report, refers to mecha- nisms, procedures, and policies that together provide a management framework for the deployment of public-key cryptography. Plaintext is a synonym for cleartext. PLI (private line interface) was a network-layer encryptor designed to protect classified data transmitted over the ARPANET, developed and deployed in the mid 1970s. Privacy ensures freedom from unauthorized intrusion. Private key is the decryption or signature generation key associated with a given person's public key for a public-key cryptographic system. Protocols are formal rules describing how different parties cooperate to share or exchange data, especially across a network. Pseudocode is a program written using a mixture of programming lan- guage and informal statements (e.g., plain English). PTN is the public telephone network. Public key is the publicly known key associated with a given subject in a public-key cryptographic system. Public-key certificate is a data structure, typically transmitted electroni- cally over an information network, that establishes the relationship between a named individual or organization and a specified public key. Public-key cryptography refers to algorithms that use one key to encrypt or digitally sign data and a corresponding second key to decrypt or validate the signature of that data. QOS (quality of service) refers to performance guarantees offered by a network. R2 is the NSA unit that is responsible for information security research.

OCR for page 300
APPENDIX K 313 R/3 is a software product from SAP for handling all major functions of a commercial enterprise. R&D is research and development. Red Book is the common name for the DOD document containing the trusted network interpretation of the trusted computer system evalu- ation criteria. Reliability is the capability of a computer, or information or telecommu- nications system, to perform consistently and precisely according to its specifications and design requirements, and to do so with high confidence. RFC (request for comments) refers to a series of numbered informational documents and standards widely followed in the Internet commu- nity. All Internet standards are recorded in RFCs, but not all RFCs are standards. RFCs are issued online at by the RFC Editor, Information Sciences Institute, Univer- sity of Southern California, Los Angeles. REP is a request for proposals. Risk is, in the computer context, the likelihood that a vulnerability may be exploited, or that a threat may become harmful. RPC (Remote Procedure Call) is a protocol that allows a program run- ning on one host to cause code to be executed on another host. RSML (requirements state machine language) is a specification notation that has a variety of formal methods associated with it. RSVP (Resource Reservation Protocol) is a protocol designed to provide QOS guarantees on the Internet. RTCA is now the official name of the former Radio Technical Commis- sion for Aeronautics. Safety is a characteristic of trustworthiness asserting that a system will not be the cause of physical harm to people or property. SCC is a strongly connected component. SCI (scalable coherent interface) is an IEEE standard. SCR (Software Cost Reduction) is the Naval Research Laboratory pro- gram that is developing rigorous techniques for software develop- ment. One goal is to reduce the cost of software development. SCSI (small computer standard interface) is an industry-standard disk interface. SONS (Secure Data Network System) was the NSA project that devised a network-layer encryption standard. SDSI (Secure Distributed Security Infrastructure) is an approach to cer- tificate use in which all names bound to public keys are viewed as having only local significance.

OCR for page 300
314 APPENDIX K Secrecy is the habit or practice of maintaining privacy. It is an element of security. Secret key is a key used in conjunction with a secret-key or symmetric cryptosystem. Secret-key cryptosystem is a symmetric cryptographic process in which both parties use the same secret key to encrypt and decrypt messages. Security refers to a collection of safeguards that ensure the confidentiality of information, protect the systems) or networks used to process it, and control access to it. Security typically encompasses secrecy, confidentiality, integrity, and availability and is intended to ensure that a system resists potentially correlated attacks. Security level is either the clearance level associated with a subject or a classification level associated with an object. SKI is the Software Engineering Institute. SET (secure electronic transaction) is a protocol for credit card transac- tions over the Internet. SFI (software fault isolation) is a security enforcement approach in which instructions and addresses are modified so that they cannot reference memory outside the specified regions. Shareware is software that is offered publicly, free of charge, rather than sold, but shareware authors usually do request payment for the freely distributed software. SKIPlACK is a symmetric encryption algorithm. S/MIME (secure/multipurpose Internet mail extension) is a format for secure Internet e-mail. SMTP (Simple Mail Transfer Protocol) is a protocol used to transfer e- mail over the Internet. Snefru is a one-way hash function. SNMP (Simple Network Management Protocol) is the Internet standard protocol that manages nodes on an IF network. SNS (Secure Network System) is a high-assurance guard (a component of the MISSI architecture) for separating Top Secret enclaves from less-sensitive network environments. SONET (synchronous optical network) is a broadband networking stan- dard that is generally based on ring topologies to ensure reliability. Source code is the textual form in which a high-level-language program is entered into a computer. SP3 (Security Protocol at Level 3) is a network-layer encryption standard developed in the SONS project. Specification is a precise description of the desired behavior of a system.

OCR for page 300
APPENDIX K 315 SPKI (Simple Public-Key Infrastructure) is a scheme being developed by an IETF working group attempting to codify SDSI into an Internet standard. Spoofing is the illicit, deliberate assumption of the characteristics of an- other computer system or user, for purposes of deception. SS7 (Signaling System 7) is a protocol suite used for communication with, and control of, telephone central office switches and processors. It uses out-of-band signaling. SSL (secure socket layer) is a protocol designed to provide secure com- munications for HTTP traffic on the Internet. State is retained information from one transaction that is used to deter- mine how to complete a subsequent transaction, often of a related type. STL (standard template library) is a component designed for systematic reuse. STU-III (Secure Telephone Unit III) is a standardized voice and data telephone system capable of encryption up to top-secret level for de- fense and civilian government purposes. STU-III operates over stan- dard dial-up telephone lines and has been extended to cellular appli- cations. Subject refers, in this report, to an active entity (e.g., a user, or a process or device acting on the user's behalf) that can make a request to per- form an operation on an object. Survivability is the capability to provide a level of service in adverse or hostile conditions. SWAT is a special weapons and tactics team. SwIPe is a host-based IP encryptor that led to the IETF working group on IPsec. TCL is tool command language. TCP (Transmission Control Protocol) is the most common transport- layer protocol used on the Internet. It provides reliable connection- oriented full-duplex communications, flow control, and multiplex- ~ng. TCSEC (Trusted Computer System Evaluation Criteria) refers to criteria for a graded system of protection contained in the DOD document known as the Orange Book. Telnet is a protocol that enables a user on one machine to log onto an- other machine over a network and read the remote files. Threat is an adversary that is both motivated and capable of exploiting a vulnerability.

OCR for page 300
316 APPENDIX K Tiger team refers to an organized group of people that tests security measures by attempting to penetrate them, or, more generally, to any official inspection team or special group called in to look at a com- puter or communications problem. TIU (trusted interface unit) is an Ethernet LAN data encryption prod- uct. Trojan horse refers to a program that, by exploiting the current user's authorization, provides covert access to information in an object for a user not authorized to access that object. Trustworthiness is assurance that a system deserves to be trusted that it will perform as expected despite environmental disruptions, human and operator error, hostile attacks, and design and implementation errors. Trustworthy systems reinforce the belief that they will con- tinue to produce expected behavior and will not be susceptible to subversion. UDP (User Datagram Protocol) is an Internet transport protocol that pro- vides unreliable datagram services. It adds a checksum and addi- tional process-to-process addressing information on top of the basic IP layer. UNIX is a multiuser operating system developed by Bell Laboratories in the 1970s that is widely used on the Internet and in the computer science research community. It is much smaller and simpler than Multics and has far fewer access controls and far less structure to support security. URL (uniform resource locator) specifies an Internet object, such as a file or a newsgroup. URLs are used in HTML documents to specify tar- gets of hyperlinks. URP (University Research Program) is the program within NSA's R2 that awards contracts to academic investigators for security-related re- search. VDM (Vienna definition method) is a formal method. Verity is a tool used to design processors. VGA is video graphics adapter. VLSI (very large scale integration) refers to integrated circuits composed of hundreds of thousands of logic elements, or memory cells. VPN (virtual private network) is a secure connection through an other- wise insecure network, typically the Internet. Vulnerability is an error or weakness in the design, implementation, or operation of a system. VVSL is a formal method.

OCR for page 300
APPENDIX K 317 W3C (World Wide Web Consortium) is an industry consortium stan- dards-setting body for the Web. WAN (wide area network) is a network extending over an area greater than 1 kilometer in diameter. Windows NT is Microsoft's multiprogramming, multitasking, and multi- user operating system. It has the ability to control users' access to all system objects. Windows NT is supported on several instruction set architectures. Work factor is a measure of the difficulty of undertaking a brute-force test of all possible keys against a given ciphertext and known algorithm. WWW is the World Wide Web. X.25 is a standard protocol suite for the DTE-DCE interface in a packet- switched network. It was developed to describe how data passes in and out of public data communications networks. XEU (Xerox encryption unit) is a functionally transparent cipher unit for protecting information on baseband LANs. Y2K (year 2000) refers to the widespread problem of computers that are not programmed to recognize correctly the years following 1999.

OCR for page 300