Robust programming, also called defensive programming, makes a system more reliable with various programming techniques.
A characterization of the strength of a security function, mechanism, service, or solution, and the assurance (or confidence) that it is implemented and functioning correctly.
(1) A distinct set of operations required to perform some particular function. (2) A collection of permissions in role-based access control (RBAC), usually associated with a role or position within an organization.
(1) Access control based on user roles (e.g., a collection of access authorizations a user receives based on an explicit or implicit assumption of a given role). Role permissions may be inherited through a role hierarchy and typically reflect the permissions needed to perform defined functions within an organization. A given role may apply to a single individual or to several individuals. (2) A model for controlling access to resources where permitted actions on resources are identified with roles rather than with individual subject identities. It is an access control based on specific job titles, functions, roles, and responsibilities.
A cryptographic module authenticates the authorization of an operator to assume a specific role and perform a corresponding set of services.
Access rights are grouped by role names and the use of resources is restricted to individuals authorized to assume the associated roles.
Restores the database from one point in time to an earlier point.
Restores the database from a point in time when it is known to be correct to a later time.
A problem-solving tool that uses a cause-and-effect (C&E) diagram. This diagram analyzes when a series of events or steps in a process creates a problem and it is not clear which event or step is the major cause of the problems. After examination, significant root causes of the problem are discovered, verified, and corrected. The C&E diagram is also called a fishbone or Ishikawa diagram and is a good application in managing a computer security incident response as a remediation step.
(1) A set of tools used by an attacker after gaining root-level access to a host to conceal the attacker’s activities on the host and permit the attacker to maintain root-level access to the host through covert means. (2) A collection of files that is installed on a system to alter the standard functionality of the system in a malicious and stealthy way.
A generic attack against algorithms that rely on three operations: modular addition, rotation, and XOR (exclusive OR). Algorithms relying on these operations are popular because they are relatively inexpensive in both hardware and software and operate in constant time, making them safe from timing attacks in common implementations (Wikipedia).
A method of reducing the risk associated with a subject performing a (sensitive) task by limiting the amount of time the subject is assigned to perform the task before being moved to a different task.
Round keys are values derived by the cipher key using the key expansion routine; they are applied to the state in the cipher and inverse cipher.
A technique of load distribution, load balancing, or fault-tolerance provisions with multiple, redundant Internet Protocol (IP) service hosts (for example, Web servers and FTP servers). It manages the domain name system (DNS) response to address requests from client computers according to a statistical model. It works by responding to DNS requests not only with a single IP address, but also a list of IP addresses of several servers that host identical services. The order in which IP addresses from the list are returned is the basis for the term round robin. With each DNS response, the IP addresses sequence in the list is permuted. This is unlike the usual basic IP address handling methods based on network priority and connection timeout (Wikipedia).
A situation in which Border Gateway Protocol (BGP) sessions are repeatedly dropped and restarted, normally as a result of router problems or communication line problems. Route flapping causes changes to the BGP routing tables.