Читаем CISSP Practice полностью

RAID-6: A block-level striping with double distributed parity providing fault tolerance from two drive failures and is useful for high-availability systems. Double parity gives time to rebuild the array without the data being at risk if a single additional drive fails before the rebuild is complete. RAID-6 parameters include a minimum of four disks. The space efficiency is (1- 2/N). It has two fault tolerance disks and two parity disks.

Reference monitor

(1) A security engineering term for IT functionality that (i) controls all access, (ii) is small, (iii) cannot be bypassed, (iv) is tamper-resistant, and (v) provides confidence that the other four items are true. (2) The concept of an abstract machine that enforces Target of Evaluation (TOE) access control policies. (3) Useful to any system providing multilevel secure computing facilities and controls.

Reference monitor concept

An access control concept referring to an abstract machine that mediates all access to objects (e.g., a file or program) by subjects (e.g., a user or process). It is a design concept for an operating system to assure secrecy and integrity.

Reference validation mechanism

An implementation of the reference monitor concept. A security kernel is a type of reference validation mechanism. To be effective in providing protection, the implementation of a reference monitor must be (1) tamper-proof, (2) always invoked, and (3) simple and small enough to support the analysis and tests leading to a high degree of assurance that it is correct.

Referential integrity

A database has referential integrity if all foreign keys reference existing primary keys.

Reflection attack

Occurs when authentication is based on a shared secret key and by breaking a challenge-response protocol with multiple sessions opened at the same time. A countermeasure against reflection attacks is to prove the user identity first so that protocol is not subject to the reflection attack.

Reflector attack

A host sends many requests with a spoofed source address to a service on an intermediate host. The service used is typically a user datagram protocol (UDP) based, which makes it easier to spoof the source address successfully. Attackers often use spoofed source addresses because they hide the actual source of the attack. The host generates a reply to each request and sends these replies to the spoofed address. Because the intermediate host unwittingly performs the attack, that host is known as a reflector. During a reflector attack, a DoS could occur to the host at the spoofed address, the reflector itself, or both hosts.

Registration

The process through which a party applies to become a subscriber of a credential service provider (CSP) and a registration authority (RA) validates the identity of that party on behalf of the CSP.

Registration authority (RA)

A trusted entity that establishes and vouches for the identity of a subscriber to a credential service provider (CSP). The RA’s organization is responsible for assignment of unique identifiers to registered objects. The RA may be an integral part of a CSP, or it may be independent of a CSP, but is has a relationship to the CSP(s).

Regrade

Data is regraded when information is transferred from high to low or from low to high network data and users. Automated techniques such as processing, filtering, and blocking are used during data regrading.

Regression testing

A method to ensure that changes to one part of the software system do not adversely impact other parts.

Rekey

The process used to replace a previously active cryptographic key with a new key that was created completely and independently of the old key.

Related-key cryptanalysis attack

These attacks choose a relation between a pair of keys but do not choose the keys themselves. These attacks are independent of the number of rounds of the cryptographic algorithm.

Relay station (WMAN/WiMAX)

A relay station (RS) is a subscriber station (SS) that is configured to forward traffic to other stations in a multi-hop security zone.

Release

The process of moving a baseline configuration item between organizations, such as from software vendor to customer. The process of returning all unused disk space to the system when a dataset is closed at the end of processing.

Reliability

(1)The extent to which a computer program can be expected to perform its intended function with the required precision on a consistent basis. (2) The probability of a given system performing its mission adequately for a specified period of time under the expected operating conditions.

Relying party