University of Maryland
M.S. Program in Telecommunications
ENTS 650 - Network Security
Spring 2011
Dr. Edward A. Schneider
Glossary
Information Security Policy: The aggregate of public law, directives, regulations, rules, and practices that regulate how an organization manages, protects, and distributes information.
Security Properties:
- Confidentiality
- Integrity
- Availability
- Accountability
Security Services:
- Identification / Authentication (I&A)
- Access Control
- Subject: An active entity.
- Object: An entity that contains or receives information and that is accessed by subjects.
- Mandatory Access Control (MAC): A means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity.
- Discretionary Access Control (DAC): A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission on to any other subject.
- Role-Based Access Control (RBAC): Access control in which subjects are identified with the role that they play, rather than the identity of a user.
- Cryptography
- Audit
- Replication
- Object Reuse
- Management
Common Criteria
- Protection Profile (PP): security requirements document
- Security Target (ST): security claims about a product
- Target Of Evaluation (TOE): the product about which claims are made
- TOE Security Function (TSF): the section of the TOE that enforces security
- Evaluation Assurance Level (EAL): level between 1 and 7 representing the amount of assurance (documentation, testing, etc.) of a product
Trusted Computing Base (TCB): The totality of protection mechanisms within a computer system -- including hardware, firmware, and software -- the combination of which is responsible for enforcing a security policy.
nonce: number used once. Random number used to:
- prevent replay attacks
- link messages