rfc2828.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

3. Definitions

   Note: Each acronym or other abbreviation (except items of common
   English usage, such as "e.g.", "etc.", "i.e.", "vol.", "pp.", "U.S.")
   that is used in this Glossary, either in a definition or as a subpart
   of a defined term, is also defined in this Glossary.

   $ 3DES
      See: triple DES.

   $ *-property
      (N) (Pronounced "star property".) See: "confinement property"
      under Bell-LaPadula Model.





Shirey                       Informational                      [Page 6]

RFC 2828               Internet Security Glossary               May 2000


   $ ABA Guidelines
      (N) "American Bar Association (ABA) Digital Signature Guidelines"
      [ABA], a framework of legal principles for using digital
      signatures and digital certificates in electronic commerce.

   $ Abstract Syntax Notation One (ASN.1)
      (N) A standard for describing data objects. [X680]

      (C) OSI standards use ASN.1 to specify data formats for protocols.
      OSI defines functionality in layers. Information objects at higher
      layers are abstractly defined to be implemented with objects at
      lower layers. A higher layer may define transfers of abstract
      objects between computers, and a lower layer may define transfers
      concretely as strings of bits. Syntax is needed to define abstract
      objects, and encoding rules are needed to transform between
      abstract objects and bit strings. (See: Basic Encoding Rules.)

      (C) In ASN.1, formal names are written without spaces, and
      separate words in a name are indicated by capitalizing the first
      letter of each word except the first word. For example, the name
      of a CRL is "certificateRevocationList".

   $ ACC
      See: access control center.

   $ access
      (I) The ability and means to communicate with or otherwise
      interact with a system in order to use system resources to either
      handle information or gain knowledge of the information the system
      contains.

      (O) "A specific type of interaction between a subject and an
      object that results in the flow of information from one to the
      other." [NCS04]

      (C) In this Glossary, "access" is intended to cover any ability to
      communicate with a system, including one-way communication in
      either direction. In actual practice, however, entities outside a
      security perimeter that can receive output from the system but
      cannot provide input or otherwise directly interact with the
      system, might be treated as not having "access" and, therefore, be
      exempt from security policy requirements, such as the need for a
      security clearance.

   $ access control
      (I) Protection of system resources against unauthorized access; a
      process by which use of system resources is regulated according to
      a security policy and is permitted by only authorized entities



Shirey                       Informational                      [Page 7]

RFC 2828               Internet Security Glossary               May 2000


      (users, programs, processes, or other systems) according to that
      policy. (See: access, access control service.)

      (O) "The prevention of unauthorized use of a resource, including
      the prevention of use of a resource in an unauthorized manner."
      [I7498 Part 2]

   $ access control center (ACC)
      (I) A computer containing a database with entries that define a
      security policy for an access control service.

      (C) An ACC is sometimes used in conjunction with a key center to
      implement access control in a key distribution system for
      symmetric cryptography.

   $ access control list (ACL)
      (I) A mechanism that implements access control for a system
      resource by enumerating the identities of the system entities that
      are permitted to access the resource. (See: capability.)

   $ access control service
      (I) A security service that protects against a system entity using
      a system resource in a way not authorized by the system's security
      policy; in short, protection of system resources against
      unauthorized access. (See: access control, discretionary access
      control, identity-based security policy, mandatory access control,
      rule-based security policy.)

      (C) This service includes protecting against use of a resource in
      an unauthorized manner by an entity that is authorized to use the
      resource in some other manner. The two basic mechanisms for
      implementing this service are ACLs and tickets.

   $ access mode
      (I) A distinct type of data processing operation--e.g., read,
      write, append, or execute--that a subject can potentially perform
      on an object in a computer system.

   $ accountability
      (I) The property of a system (including all of its system
      resources) that ensures that the actions of a system entity may be
      traced uniquely to that entity, which can be held responsible for
      its actions. (See: audit service.)

      (C) Accountability permits detection and subsequent investigation
      of security breaches.





Shirey                       Informational                      [Page 8]

RFC 2828               Internet Security Glossary               May 2000


   $ accredit
   $ accreditation
      (I) An administrative declaration by a designated authority that
      an information system is approved to operate in a particular
      security configuration with a prescribed set of safeguards.
      [FP102] (See: certification.)

      (C) An accreditation is usually based on a technical certification
      of the system's security mechanisms. The terms "certification" and
      "accreditation" are used more in the U.S. Department of Defense
      and other government agencies than in commercial organizations.
      However, the concepts apply any place where managers are required
      to deal with and accept responsibility for security risks. The
      American Bar Association is developing accreditation criteria for
      CAs.

   $ ACL
      See: access control list.

   $ acquirer
      (N) SET usage: "The financial institution that establishes an
      account with a merchant and processes payment card authorizations
      and payments." [SET1]

      (O) "The institution (or its agent) that acquires from the card
      acceptor the financial data relating to the transaction and
      initiates that data into an interchange system." [SET2]

   $ active attack
      See: (secondary definition under) attack.

   $ active wiretapping
      See: (secondary definition under) wiretapping.

   $ add-on security
      (I) "The retrofitting of protection mechanisms, implemented by
      hardware or software, after the [automatic data processing] system
      has become operational." [FP039]

   $ administrative security
      (I) Management procedures and constraints to prevent unauthorized
      access to a system. (See: security architecture.)

      (O) "The management constraints, operational procedures,
      accountability procedures, and supplemental controls established
      to provide an acceptable level of protection for sensitive data."
      [FP039]




Shirey                       Informational                      [Page 9]

RFC 2828               Internet Security Glossary               May 2000


      (C) Examples include clear delineation and separation of duties,
      and configuration control.

   $ Advanced Encryption Standard (AES)
      (N) A future FIPS publication being developed by NIST to succeed
      DES. Intended to specify an unclassified, publicly-disclosed,
      symmetric encryption algorithm, available royalty-free worldwide.

   $ adversary
      (I) An entity that attacks, or is a threat to, a system.

   $ aggregation
      (I) A circumstance in which a collection of information items is
      required to be classified at a higher security level than any of
      the individual items that comprise it.

   $ AH
      See: Authentication Header

   $ algorithm
      (I) A finite set of step-by-step instructions for a problem-
      solving or computation procedure, especially one that can be
      implemented by a computer. (See: cryptographic algorithm.)

   $ alias
      (I) A name that an entity uses in place of its real name, usually
      for the purpose of either anonymity or deception.

   $ American National Standards Institute (ANSI)
      (N) A private, not-for-profit association of users, manufacturers,
      and other organizations, that administers U.S. private sector
      voluntary standards.

      (C) ANSI is the sole U.S. representative to the two major non-
      treaty international standards organizations, ISO and, via the
      U.S. National Committee (USNC), the International Electrotechnical
      Commission (IEC).

   $ anonymous
      (I) The condition of having a name that is unknown or concealed.
      (See: anonymous login.)

      (C) An application may require security services that maintain
      anonymity of users or other system entities, perhaps to preserve
      their privacy or hide them from attack. To hide an entity's real
      name, an alias may be used. For example, a financial institution
      may assign an account number. Parties to a transaction can thus
      remain relatively anonymous, but can also accept the transaction



Shirey                       Informational                     [Page 10]

RFC 2828               Internet Security Glossary               May 2000


      as legitimate. Real names of the parties cannot be easily
      determined by observers of the transaction, but an authorized
      third party may be able to map an alias to a real name, such as by
      presenting the institution with a court order. In other
      applications, anonymous entities may be completely untraceable.

   $ anonymous login
      (I) An access control feature (or, rather, an access control
      weakness) in many Internet hosts that enables users to gain access
      to general-purpose or public services and resources on a host
      (such as allowing any user to transfer data using File Transfer
      Protocol) without having a pre-established, user-specific account
      (i.e., user name and secret password).

      (C) This feature exposes a system to more threats than when all
      the users are known, pre-registered entities that are individually
      accountable for their actions. A user logs in using a special,
      publicly known user name (e.g., "anonymous", "guest", or "ftp").
      To use the public login name, the user is not required to know a
      secret password and may not be required to input anything at all
      except the name. In other cases, to complete the normal sequence
      of steps in a login protocol, the system may require the user to
      input a matching, publicly known password (such as "anonymous") or
      may ask the user for an e-mail address or some other arbitrary
      character string.

   $ APOP
      See: POP3 APOP.

   $ archive
       (I) (1.) Noun: A collection of data that is stored for a
      relatively long period of time for historical and other purposes,
      such as to support audit service, availability service, or system
      integrity service. (See: backup.) (2.) Verb: To store data in such
      a way. (See: back up.)

      (C) A digital signature may need to be verified many years after
      the signing occurs. The CA--the one that issued the certificate
      containing the public key needed to verify that signature--may not
      stay in operation that long. So every CA needs to provide for
      long-term storage of the information needed to verify the
      signatures of those to whom it issues certificates.

   $ ARPANET
      (N) Advanced Research Projects Agency Network, a pioneer packet-
      switched network that was built in the early 1970s under contract
      to the U.S. Government, led to the development of today's
      Internet, and was decommissioned in June 1990.



Shirey                       Informational                     [Page 11]

RFC 2828               Internet Security Glossary               May 2000


   $ ASN.1
      See: Abstract Syntax Notation One.

   $ association
      (I) A cooperative relationship between system entities, usually
      for the purpose of transferring information between them. (See:
      security association.)

   $ assurance
      (I) (1.) An attribute of an information system that provides
      grounds for having confidence that the system operates such that
      the system security policy is enforced. (2.) A procedure that
      ensures a system is developed and operated as intended by the
      system's security policy.

   $ assurance level