Recently updated

Adversaries may leverage manufacturer or supplier set default credentials on control system devices. These default credentials may have administrative permissions and may be necessary for initial configuration of the device. It is general best practice to change the passwords for these accounts as soon as possible, but some manufacturers may have devices that have passwords or usernames that cannot be changed. (Citation: Keith Stouffer May 2015)

Synonym for "checksum".

Refers to information (stored or conveyed, in any form) that is formally required by a security policy to receive data confidentiality service and to be marked with a security label (which, in some cases, might be implicit) to indicate its protected status. (See: classify, collateral information, SAP, security level. Compare: unclassified.)

See: European Telecommunication Standards Institute.

See: key encrypting key. (Compare: KAK.)

See: brand certification authority.

Synonym for "information system", or a component thereof. (Compare: computer platform.)

Denotes various forms of digitized images of handwritten signatures. (Compare: digital signature).

Computer to computer exchange, between trading partners, of business data in standardized document formats.

Adversaries may circumvent mechanisms designed to control elevated privileges to gain higher level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can gain on a machine. Authorization has to be granted to specific users in order to perform tasks that are designated as higher risk. An adversary can use several methods to take advantage of built in control mechanisms in order to escalate privileges on a system.

Adversaries may inject malicious code into processes via ptrace (process trace) system calls in order to evade process based defenses as well as possibly elevate privileges. Ptrace system call injection is a method of executing arbitrary code in the address space of a separate live process.

A distinct type of data processing operation (e.g., read, write, append, or execute, or a combination of operations) that a subject can potentially perform on an object in an information system. [Huff] (See: read, write.)

A malicious application can inject input to the user interface to mimic user interaction through the abuse of Android's accessibility APIs.

A process for learning, from some cipher text, the plain text that was previously encrypted to produce the cipher text. (See: recovery.)

A Government, interagency, standing committee of the President's Critical Infrastructure Protection Board. The CNSS is chaired by the Secretary of Defense and provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems. The Secretary of Defense and the Director of Central Intelligence are responsible for developing and overseeing the implementation of Government wide policies, principles, standards, and guidelines for the security of systems that handle national security information.

See: secondary definitions under "corruption" and "incapacitation".

A Standard [ITSEC] jointly developed by France, Germany, the Netherlands, and the United Kingdom for use in the European Union; accommodates a wider range of security assurance and functionality combinations than the TCSEC. Superseded by the Common Criteria.

A type of threat action that prevents or interrupts system operation by disabling a system component. (See: disruption.)

See: secondary definition under "attack". Compare: direct attack.

A computer system that (a) acts as gateway between two information systems operating under different security policies and (b) is trusted to mediate information data transfers between the two. (See: controlled interface, cross domain solution, domain, filter. Compare: firewall.)

"Secure telecommunications or information handling equipment, or associated cryptographic component, that is unclassified but governed by a special set of control requirements." [C4009] (Compare: EUCI.)

A system developed at the Massachusetts Institute of Technology that depends on passwords and symmetric cryptography (DES) to implement ticket based, peer entity authentication service and access control service distributed in a client server network environment. [R4120, Stei] (See: realm.)

Adversaries may delete, alter, or hide generated artifacts on a device, including files, jailbreak status, or the malicious application itself. These actions may interfere with event collection, reporting, or other notifications used to detect intrusion activity. This may compromise the integrity of mobile security solutions by causing notable events or information to go unreported.

See: MIME Object Security Services.

See: /authentication/ under "credential".

A place where ECU hardware is activated after being fabricated. (Compare: CLEF.)

A process to identify, control, and protect evidence of the planning and execution of sensitive activities and operations, and thereby prevent potential adversaries from gaining knowledge of capabilities and intentions. (See: communications cover. Compare: operational security.)

An electrical device that can degauss magnetic storage media.

"An entity, such as a program or a computer, that fails to work or that works in a remarkably clumsy manner. A person who has caused some trouble, inadvertently or otherwise, typically by failing to program the computer properly." [NCSSG] (See: flaw.)

See: OSIRM.

A computer's internetwork address that is assigned for use by IP and other protocols.

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built in command line interface and scripting capabilities, for example, Android is a UNIX like OS and includes a basic Unix Shell that can be accessed via the Android Debug Bridge (ADB) or Java’s package.

Stakeholder that acquires or procures a product or service.

An adversary may attempt to get detailed information about remote systems and their peripherals, such as make/model, role, and configuration. Adversaries may use information from Remote System Information Discovery to aid in targeting and shaping follow on behaviors. For example, the system's operational role and model information can dictate whether it is a relevant target for the adversary's operational objectives. In addition, the system's configuration may be used to scope subsequent technique usage.

Any mark in electronic form associated with an electronic document, applied with the intent to sign the document.

An Internet IPsec protocol [R2408] to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism.

See: secondary definition under "security".

A security service that protects against a system entity using a system resource in a way not authorized by the system's security policy. (See: access control, discretionary access control, identity based security policy, mandatory access control, rule based security policy.)

Adversaries may exploit software vulnerabilities to gain initial access to a mobile device.

A security model [Clark] to maintain data integrity in the commercial world. (Compare: Bell LaPadula model.)

The property that the information represented by data is accurate and consistent. (Compare: data integrity, source integrity.)

An action, device, procedure, or technique that meets or opposes (i.e., counters) a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.

An attack on a secure communication protocol where the attacker transmits data to the claimant, Credential Service Provider (CSP), verifier, or Relying Party (RP). Examples of active attacks include man in the middle (MitM), impersonation, and session hijacking.

See: message handling system.

Synonym for the Internet electronic mail system.

A procedure that uses two or more entities (usually persons) operating in concert to protect a system resource, such that no single entity acting alone can access that resource. (See: no lone zone, separation of duties, split knowledge.)

Least privilege means granting only the minimum access necessary to perform an authorized task.

An adversary may push an update to a previously benign application to add malicious code. This can be accomplished by pushing an initially benign, functional application to a trusted application store, such as the Google Play Store or the Apple App Store. This allows the adversary to establish a trusted userbase that may grant permissions to the application prior to the introduction of malicious code. Then, an application update could be pushed to introduce malicious code.(Citation: android app breaking bad)

Adversaries may seek to achieve a sustained loss of control or a runaway condition in which operators cannot issue any commands even if the malicious interference has subsided. (Citation: Corero) (Citation: Michael J. Assante and Robert M. Lee) (Citation: Tyson Macaulay)

Adversaries may try to access and collect application data resident on the device. Adversaries often target popular applications, such as Facebook, WeChat, and Gmail.(Citation: SWB Exodus March 2019)