The basic unit of computation. An object has a set of “operations” and a “state” that remembers the effect of operations. Classes define object types. Typically, objects are defined to represent the behavioral and structural aspects of real-world entities. Object is a state, behavior, and identity; the terms “instance” and “object” are interchangeable. A passive entity that contains or receives information. Access to an object by a subject potentially implies access to the information it contains. Examples of objects include devices, records, blocks, tables, pages, segments, files, directories, directory trees, processes, domain, and programs, as well as bits, bytes, words, fields, processors, video displays, keyboards, clocks, printers, network nodes, and so on.
(1) A source code compiled to convert to object code, a machine-level language. (2) Instructions in machine-readable language are produced by a compiler or assembler from source code.
A specialized formatted number that is registered with an internationally recognized standards organization. It is the unique alphanumeric or numeric identifier registered under the ISO registration standard to reference a specific object or object class.
The reassignment and reuse of a storage medium (e.g., page frame, disk sector, and magnetic tape) that once contained one or more objects. To be securely reused and assigned to a new subject, storage media must contain no residual data (magnetic remanence) from the object(s) previously contained in the media.
Refers to data that is not stored within the personal identity verification (PIV) card or to a computation that is not performed by the integrated circuit chip of the PIV card.
An attack where the attacker obtains some data (typically by eavesdropping on an authentication protocol run or by penetrating a system and stealing security files) that he can analyze in a system of his own choosing.
Off-line cracking occurs when a cryptographic token is exposed using analytical methods outside the electronic authentication mechanism (e.g., differential power analysis on stolen hardware cryptographic token and dictionary attacks on software PKI token). Countermeasures include using a token with a high entropy token secret and locking up the token after a number of repeated failed activation attempts. .
A cryptographic system in which encryption and decryption are performed independently of the transmission and reception functions.
Data storage on media physically removed from the computer system and stored elsewhere (e.g., a magnetic tape or a disk).
A location remote from the primary computer facility where backup programs, data files, forms, and documentation, including a contingency plan, are stored. These are used at backup computer facilities during a disaster or major interruption at the primary computer facility.
Configuring a security tool to perform real-time scans of each file for malware as the file is downloaded, opened, or executed.
Refers to data that is stored within the personal identity verification (PIV) card or to a computation that is performed by the integrated circuit chip of the PIV card.
Allowing users to launch security tool scans for malware on a computer as desired.
Password is changed after each use and is useful when the password is not adequately protected from compromise during login. (For example, the communication line is suspected of being tapped.) This is a technical and preventive control.
Hash algorithms that map arbitrarily long inputs into a fixed-size output such that it is very difficult (computationally infeasible) to find two different hash inputs that produce the same output. Such algorithms are an essential part of the process of producing fixed-size digital signatures that can both authenticate the signer and provide for data integrity checking (detection of input modification after signature).
An attack against an authentication protocol where the attacker either assumes the role of a claimant with a genuine verifier or actively alters the authentication channel. The goal of the attack may be to gain authenticated access or learn authentication secrets.