Unit 10 Flashcards
access controller
A component used by the security manager to check permissions
belonging to classes.
action (in a policy file)
In Java, the part of an entry in a policy file that describes the
kinds of action that may be performed with respect to some target.
application domain
A domain containing less privileged (non-system domain)
classes in a protection domain.
application gateway
A kind of firewall providing a proxy service.
asymmetric cryptography
A code in which the encoding key is different from the decoding key, but is related to it in a non-trivial way (an example of this is public key
cryptography).
audit log
A record of the activity on a system that can be used to determine what users have done and to assist recovery in the case of an attack.
auditing
Capturing a secure record of security-related events for non-repudiation, recovery and proof of effectiveness.
authentication (identification)
The process of determining a user’s or software’s identity.
authorisation
The process of determining what code is allowed to do, according to how it is signed, what code base it comes from or what caller it is associated with (for example, what user invoked it).
availability
The property of a system that can be used when it is needed by an authorised user or application.
block cipher
A cipher in which encryption takes place on blocks of plaintext.
brute-force attack
An attack in which possible keys are attempted until a correct one is found.
buffer overflow
The error that occurs when a buffer is assigned more data than it should hold.
certifying authority
An organisation that issues a certificate associating a user with a cryptographic key.
challenge
A method of authorisation in which the user is presented with a question or other task whose successful completion helps to determine their identity.
checksum
A number used to check the integrity of a message.
cipher
A code, a means of encrypting plaintext.
ciphertext
The output of a cipher.
click fraud
The fraudulent generation of clicks in order to profit from cost-per-click web pages.
code base
The location of code in terms of its URL.
collision
A collision occurs in a hash function when two or more inputs generate the same output.
confidentiality
The property of a system that ensures that data is visible only to authorised users.
credentials
Security information associated with a subject, such as keys or passwords.
cryptanalysis
The science of decoding ciphers.
cryptographic hash function
A hash function with desirable properties for
applications in security.
cryptographic service
A cryptographic facility provided by implementers of services
for Java’s cryptography API, such as ciphers, message digests and digital signing.
cryptography
The science of ciphering.
deciphering (decryption)
Converting ciphertext to plaintext.
declarative security
Using an XML deployment descriptor file to delegate authorisation checks to a container.
digital certificate
An electronic means of associating a user with a key.
digital signature
An electronic means of signing a communication.
digitally signed
Having an electronic signature.
domain
A set of classes with the same permissions.
end-to-end encryption
An approach to network security in which the sending and receiving nodes of a message implement encryption and decryption using a shared key.
exponential
Growing according to an exponential relationship; that is, according to a power of a number.
fabrication
The construction of false or unauthorised information.
firewall
A technology to filter internet traffic between a local and external network.
group
A collection of authenticated users.
hacker
An unauthorised user of a system.
handshake
An exchange of information to establish parameters for communication.
hash function
A one-way function that maps an input to a small output.
hierarchy of trust
The relationship in which one or more parties place trust in other parties to perform authentication.
homograph attack
An attack using social engineering in which a name similar to another is used to try to deceive a user.
integrity
The property of information that it has not been altered by an attacker or otherwise corrupted.
interception
Access of information by an unauthorised user.
interruption
An attack preventing availability of a resource.
key
A value used to decipher ciphertext.
key space
The set of keys associated with a cipher.
key stream
The generation of changing keys for the encryption of data in a stream cipher.
linear
Growing according to a linear relationship, that is, by a constant factor for each fixed change in input.
link encryption
An approach to network security in which each node implements encryption and decryption, each communicating pair using a different shared key.
linking
The stage at which classes are incorporated into the runtime state of a virtual machine.
loading
The stage at which classes are located and checked.
memory leak
Loss of memory areas due to mismanagement of memory.
message authentication code (MAC)
A code used to check the integrity (and in
some cases identity) of a message.
message digest
A reduced size version of a message produced by a hash function.
middle person
An attacker interposed between a sender and receiver in location or time.
modification
Unauthorised alteration of information.
nonce
A value used once to defeat replay attacks.
non-repudiation
The property of a system that prevents users from denying sending or receiving some information or performing some action.
one-time pad
A cipher with perfect secrecy, invented in 1917.
one-way function
A function with the property that it is easy to obtain an output from an input, but hard to determine the input given the output.
packet
The unit of information in network communication.
packet filtering
A technique allowing only desirable packets to travel across a firewall.
perfect secrecy
The property of a code in which the ciphertext does not reveal any information about the plaintext or code.
permissions
Values that determine which actions are authorised within a system.
plaintext
Communication that has not been subjected to encryption.
pointer
A memory address that may be manipulated in a variety of ways.
policy entry
An entry in a policy file describing permissions assigned to a class according to its code base, signing or principals.
polyalphabetic substitution
A code in which ciphertext is formed from groups of more than one character at a time.
primordial loader
The trusted class loader in the JVM which bootstraps the system, loading the main class.
principal
An identity associated with a subject, such as the subject’s login ID or an organisation’s name.
private key
A cipher key that is kept secret and is used in conjunction with a public key in asymmetric cryptography.
programmatic security
Explicit authorisation checks by method invocation.
protection domain
The interaction of features enforcing security policies in Java, particularly as regards permissions allocated to classes.
provider
A supplier of cryptographic products.
public key
A key used in combination with a private key that may be publicised without compromising security of communication.
public key cryptography
Cryptography in which public and private key pairs are employed; an example of asymmetric cryptography.
public key infrastructure (PKI)
A system for the association of keys with users and the management of key-related information.
realm
A set of valid users and groups for an application.
reference
A memory value that cannot be manipulated, but merely provides access to objects.
replay
An attack in which intercepted or stored information is reused to gain advantage.
role
A collection of identities or category of identities with shared permissions.
root certificate
A certificate granted to a certifying authority.
salt
A number used to prevent collisions in hash functions and or in general to add variability to the processing of information.
secret key
A key that must be kept secret, as used in symmetric cryptography.
secure channel
A communication channel between a pair of processes providing authentication, confidentiality, integrity services and time stamping.
security manager (JVM)
A component of the JVM concerned with authorisation of what code may or may not do.
security policy (JVM)
A collection of permissions contained in a policy object, usually determined using policy files.
security through obscurity
The discredited notion that secrecy of design alone can provide security.
session key
A key that is used only while a session is in effect and then discarded.
singleton
A programming design pattern ensuring that only one of an object may exist at a time.
social engineering
A collection of techniques used to manipulate people into performing actions, or divulging confidential information. The term typically applies to trickery associated with information gathering or accessing computer systems.
stateful packet inspection
A firewall technique in which the state of a system is used to determine the legality of traffic across a firewall.
statically typed
Checking typing of variables at compile time.
statistical analysis
A cryptanalytical technique using patterns of frequency of letters in languages as an aid to deciphering messages.
stream cipher
A cipher whose key changes frequently to encrypt a stream of data.
strong typing
Checking for potentially troublesome conversions of types at compile time.
subject (for authentication)
A grouping of related information for an entity in a
security system, such as a collection of identities (principals) and credentials.
substitution
A ciphering technique in which one character in a language is substituted for another.
symmetric cryptography
Cryptography employing a private key or in which the decoding key is trivially related to the coding key.
system
In the context of security, refers to the hardware, platform, application software and users’ interactions.
system domain
The collection of classes within a protection domain that are trusted.
target
An entity to which a permission is applied in a policy file.
threat monitoring
The active consideration of dangers to a system’s security.
time stamping
The inclusion of information with a message so that its time of occurrence can be determined.
transposition
An encryption technique where the order of information in the plaintext is obscured.
trapdoor function
A one-way function which is reversible if given some secret information.
tunnelling
Wrapping one protocol in another protocol.
type safety
The ability of a language to check that types are being used correctly.
vector
A route by which an attack may occur on a computer system.
virtual private network (VPN)
A network created by a form of tunnelling in which end-to-end encryption takes place between the two ends of the tunnel, so creating a private network of sorts.
web of trust
A non-hierarchical approach to establishing trustworthiness of digital certificates.
