Terms

Synonym for "fail secure".

A mode of termination of system functions that prevents loss of secure state when a failure occurs or is detected in the system (but the failure still might cause damage to some system resource or system entity). (See: failure control. Compare: fail safe.)

Selective termination of affected, non essential system functions when a failure occurs or is detected in the system. (See: failure control.)

The inability of a system or component to perform its required functions within specified performance requirements.

A methodology used to provide fail safe, fail secure or fail soft termination and recovery of system functions. [FP039]

A property of an access protocol for a system resource whereby the resource is made equitably or impartially available to all eligible users. (RFC 3753)

A type of threat action whereby false data deceives an authorized entity. (See: active wiretapping, deception.)

A branching, hierarchical data structure that is used to represent events and to determine the various combinations of component failures and human acts that could result in a specified undesirable system event. (See: attack tree, flaw hypothesis methodology.)

The Federal Information Processing Standards Publication (FIPS PUB) series issued by NIST under the provisions of Section 111(d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Security Act of 1987 (Public Law 100 235) as technical guidelines for U.S. Government procurements of information processing system equipment and services. (See: "[FPxxx]" items in Section 7, Informative References.)

A PKI being planned to establish facilities, specifications, and policies needed by the U.S. Government to use public key certificates in systems involving unclassified but sensitive applications and interactions between Federal agencies as well as with entities of state and local governments, the business community, and the public. [FPKI]

An U.S. Government document defining emanation, anti tamper, security fault analysis, and manual key management criteria for DES encryption devices, primary for OSIRM Layer 2. Was renamed "FIPS PUB 140" when responsibility for protecting unclassified, sensitive information was transferred from NSA to NIST, and has since been superseded by newer versions of that standard [FP140].

Adversaries may enumerate files and directories or search in specific device locations for desired information within a filesystem. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow on behaviors, including deciding if the adversary should fully infect the target and/or attempt specific actions.

Adversaries may wipe a device or delete individual files in order to manipulate external outcomes or hide activity. An application must have administrator access to fully wipe the device, while individual files may not require special permissions to delete depending on their storage location.(Citation: Android DevicePolicyManager 2019)

Adversaries may store data in "fileless" formats to conceal malicious activity from defenses. Fileless storage can be broadly defined as any format other than a file. Common examples of non volatile fileless storage in Windows systems include the Windows Registry, event logs, or WMI repository.(Citation: Microsoft Fileless)(Citation: SecureList Fileless) Shared memory directories on Linux systems ( , , , and ) and volatile directories on Network Devices ( and ) may also be considered fileless storage, as files written to these directories are mapped directly to RAM and not stored on the disk.(Citation: Elastic Binary Executed from Shared Memory Directory)(Citation: Akami Frog4Shell 2024)(Citation: Aquasec Muhstik Malware 2024)(Citation: Bitsight 7777 Botnet)(Citation: CISCO Nexus 900 Config).

Adversaries may attempt to hide their file based artifacts by writing them to specific folders or file names excluded from antivirus (AV) scanning and other defensive capabilities. AV and other file based scanners often include exclusions to optimize performance as well as ease installation and legitimate use of applications. These exclusions may be contextual (e.g., scans are only initiated in response to specific triggering events/alerts), but are also often hardcoded strings referencing specific folders and/or files assumed to be trusted and legitimate.(Citation: Microsoft File Folder Exclusions)

A TCP based, Application Layer, Internet Standard protocol (RFC 959) for moving data files from one computer to another.

A device used to transfer or store keying material in electronic form or to insert keying material into cryptographic equipment.

Synonym for "guard". (Compare: content filter, filtering router.)

An internetwork router that selectively prevents the passage of data packets according to a security policy. (See: guard.)

"An establishment responsible for facilitating customer initiated transactions or transmission of funds for the extension of credit or the custody, loan, exchange, or issuance of money." [SET2]

A pattern of curves formed by the ridges on a fingertip. (See: biometric authentication. Compare: thumbprint.)

The U.S. Government standard [FP140] for security requirements to be met by a cryptographic module when the module is used to protect unclassified information in computer and communication systems. (See: Common Criteria, FIPS, Federal Standard 1027.)

A capability to limit network traffic between networks and/or information systems.

Computer programs and data stored in hardware typically in read only memory (ROM) or programmable read only memory (PROM) such that the programs and data cannot be dynamically written or modified during execution of the programs. (See: hardware, software.)

An error in the design, implementation, or operation of an information system. A flaw may result in a vulnerability. (Compare: vulnerability.)

An evaluation or attack technique in which specifications and documentation for a system are analyzed to hypothesize flaws in the system. The list of hypothetical flaws is prioritized on the basis of the estimated probability that a flaw exists and, assuming it does, on the ease of exploiting it and the extent of control or compromise it would provide. The prioritized list is used to direct a penetration test or attack against the system. [NCS04] (See: fault tree, flaw.)

An attack that attempts to cause a failure in a system by providing more input than the system can process properly. (See: denial of service, fairness. Compare: jamming.)

An analysis performed on a nonprocedural, formal, system specification that locates potential flows of information between system variables. By assigning security levels to the variables, the analysis can find some types of covert channels. [Huff]

A procedure or technique to ensure that information transfers within a system are not made from one security level to another security level, and especially not from a higher level to a lower level. [Denns] (See: covert channel, confinement property, information flow policy, simple security property.)

an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them

Adversaries may abuse Android's API method to maintain continuous sensor access. Beginning in Android 9, idle applications running in the background no longer have access to device sensors, such as the camera, microphone, and gyroscope.(Citation: Android SensorsOverview) Applications can retain sensor access by running in the foreground, using Android’s API method. This informs the system that the user is actively interacting with the application, and it should not be killed. The only requirement to start a foreground service is showing a persistent notification to the user.(Citation: Android ForegroundServices)

Expressed in a restricted syntax language with defined semantics based on well established mathematical concepts. [CCIB] (Compare: informal, semiformal.)

Documented approval by a data owner to allow access to a particular category of information in a system. (See: category.)

See: Ina Jo.

A security model that is formal. Example: Bell LaPadula model. [Land] (See: formal, security model.)

"A complete and convincing mathematical argument, presenting the full logical justification for each step in the proof, for the truth of a theorem or set of theorems." [NCSSG]

A precise description of the (intended) behavior of a system, usually written in a mathematical language, sometimes for the

"A top level specification that is written in a formal mathematical language to allow theorems showing the correspondence of the system specification to its formal requirements to be hypothesized and formally proven." [NCS04] (See: formal specification.)

A technique for enabling a decision to grant or deny access to be made dynamically at the time the access is attempted, rather than earlier when an access control list or ticket is created.

A U.S. Government designation for information that has not been given a security classification pursuant to the criteria of an Executive Order dealing with national security, but which may be withheld from the public because disclosure would cause a foreseeable harm to an interest protected by one of the exemptions stated in the Freedom of Information Act (Section 552 of title 5, United States Code). (See: security label, security marking. Compare: classified.)

A registered trademark of NSA, used for a family of interoperable security products that implement a NIST/NSA approved suite of cryptographic algorithms for digital signature, hash, encryption, and key exchange. The products include a PC card (which contains a CAPSTONE chip), and compatible serial port modems, server boards, and software implementations.

An international consortium of CSIRTs (e.g., CIAC) that work together to handle computer security incidents and promote preventive activities. (See: CSIRT, security incident.)

See: perfect forward secrecy.

A synonym for "smurf attack".

Repeated switching of frequencies during radio transmission according to a specified algorithm. [C4009] (See: spread spectrum.)

Recently generated; not replayed from some earlier interaction of the protocol.

an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities