Читаем CISSP Practice полностью

The basic unit of computation. An object has a set of “operations” and a “state” that remembers the effect of operations. Classes define object types. Typically, objects are defined to represent the behavioral and structural aspects of real-world entities. Object is a state, behavior, and identity; the terms “instance” and “object” are interchangeable. A passive entity that contains or receives information. Access to an object by a subject potentially implies access to the information it contains. Examples of objects include devices, records, blocks, tables, pages, segments, files, directories, directory trees, processes, domain, and programs, as well as bits, bytes, words, fields, processors, video displays, keyboards, clocks, printers, network nodes, and so on.

Object code or module

(1) A source code compiled to convert to object code, a machine-level language. (2) Instructions in machine-readable language are produced by a compiler or assembler from source code.

Object identifier

A specialized formatted number that is registered with an internationally recognized standards organization. It is the unique alphanumeric or numeric identifier registered under the ISO registration standard to reference a specific object or object class.

Object reuse

The reassignment and reuse of a storage medium (e.g., page frame, disk sector, and magnetic tape) that once contained one or more objects. To be securely reused and assigned to a new subject, storage media must contain no residual data (magnetic remanence) from the object(s) previously contained in the media.

Off-card

Refers to data that is not stored within the personal identity verification (PIV) card or to a computation that is not performed by the integrated circuit chip of the PIV card.

Off-line attack

An attack where the attacker obtains some data (typically by eavesdropping on an authentication protocol run or by penetrating a system and stealing security files) that he can analyze in a system of his own choosing.

Off-line cracking

Off-line cracking occurs when a cryptographic token is exposed using analytical methods outside the electronic authentication mechanism (e.g., differential power analysis on stolen hardware cryptographic token and dictionary attacks on software PKI token). Countermeasures include using a token with a high entropy token secret and locking up the token after a number of repeated failed activation attempts. .

Off-line cryptosystem

A cryptographic system in which encryption and decryption are performed independently of the transmission and reception functions.

Off-line storage

Data storage on media physically removed from the computer system and stored elsewhere (e.g., a magnetic tape or a disk).

Offsite storage

A location remote from the primary computer facility where backup programs, data files, forms, and documentation, including a contingency plan, are stored. These are used at backup computer facilities during a disaster or major interruption at the primary computer facility.

On-access scanning

Configuring a security tool to perform real-time scans of each file for malware as the file is downloaded, opened, or executed.

On-card

Refers to data that is stored within the personal identity verification (PIV) card or to a computation that is performed by the integrated circuit chip of the PIV card.

On-demand scanning

Allowing users to launch security tool scans for malware on a computer as desired.

One-time password generator

Password is changed after each use and is useful when the password is not adequately protected from compromise during login. (For example, the communication line is suspected of being tapped.) This is a technical and preventive control.

One-way hash algorithm

Hash algorithms that map arbitrarily long inputs into a fixed-size output such that it is very difficult (computationally infeasible) to find two different hash inputs that produce the same output. Such algorithms are an essential part of the process of producing fixed-size digital signatures that can both authenticate the signer and provide for data integrity checking (detection of input modification after signature).

Online attack

An attack against an authentication protocol where the attacker either assumes the role of a claimant with a genuine verifier or actively alters the authentication channel. The goal of the attack may be to gain authenticated access or learn authentication secrets.

Online certificate status protocol (OCSP)