2<- 目次 A B C D E F G H I K L M N O P R S T U V W X Y Z ->4
3. 定義 English
- $ 3DES
- triple DES 参照。
- $ *-property
- (N) (「スタープロパティ」と発音される。)Bell-LaPadula モデルにおける 「監禁属性(confinement property)」参照。
- $ ABA gudelines
$ Abstract Syntax Notation One (ASN.1)
$ ACC
$ access
$ access control
$ access control center (ACC)
$ access control list (ACL)
$ access control service
$ access mode
$ accountability
$ accredit
$ accreditation
$ ACL
$ acquirer
$ active attack
$ active wiretapping
$ add-on security
$ administrative security
$ Advanced Encryption Standard (AES)
$ adversary
$ aggregation
$ AH
$ algorithm
$ alias
$ American National Standards Institute (ANSI)
$ anonymous
$ anonymous login
$ APOP
$ archive
$ ARPANET
$ ASN.1
$ association
$ assurance
$ assurance level
$ asymmetric cryptography
$ attack
$ attribute authority
$ attribute certificate
$ audit service
$ audit trail
$ AUTH
$ authentic signature
$ authenticate
$ authentication
$ authentication code
$ authentication exchange
$ Authentication Header (AH)
$ authentication information
$ authentication service
$ authenticity
$ authority
$ authority certificate
$ authority revocation list (ARL)
$ authorization
$ authorize
$ automated information system
$ availability
$ availability service
- $ back door
$ back up vs. backup
$ baggage
$ bandwidth
$ bank identification number (BIN)
$ Basic Encoding Rules (BER)
$ bastion host
$ BCA
$ BCI
$ Bell-LaPadula model
$ BER
$ beyond A1
$ BIN
$ bind
$ biometric authentication
$ bit
$ BLACK
$ block cipher
$ Blowfish
$ brand
$ brand certification authority (BCA)
$ brand CRL identifier (BCI)
$ break
$ bridge
$ British Standard 7799
$ browser
$ brute force
$ BS7799
$ byte
- $ CA
$ CA certificate
$ call back
$ capability
$ CAPI
$ CAPSTONE chip
$ card
$ card backup
$ card copy
$ card restore
$ cardholder
$ cardholder certificate
$ cardholder certification authority (CCA)
$ CAST
$ category
$ CAW
$ CBC
$ CCA
$ CCITT
$ CERT
$ certificate
$ certificate authority
$ certificate chain
$ certificate chain validation
$ certificate creation
$ certificate expiration
$ certificate extension
$ certificate holder
$ certificate management
$ certificate owner
$ certificate policy
$ certificate policy qualifier
$ certificate reactivation
$ certificate rekey
$ certificate renewal
$ certificate request
$ certificate revocation
$ certificate revocation list (CRL)
$ certificate revocation tree
$ certificate serial number
$ certificate status responder
$ certificate update
$ certificate user
$ certificate validation
$ certification
$ certification authority (CA)
$ certification authority workstation (CAW)
$ certification hierarchy
$ certification path
$ certification policy
$ certification practice statement (CPS)
$ certification request
$ certify
$ CFB
$ Challenge Handshake Authentication Protocol (CHAP)
$ challenge-response
$ Challenge-Response Authentication Mechanism (CRAM)
$ channel
$ CHAP
$ checksum
$ chosen-ciphertext attack
$ chosen-plaintext attack
$ CIAC
$ CIK
$ cipher
$ cipher block chaining (CBC)
$ cipher feedback (CFB)
$ ciphertext
$ ciphertext-only attack
$ CIPSO
$ CKL
$ class 2, 3, 4, or 5
$ classification
$ classification level
$ classified
$ clean system
$ clearance
$ clearance level
$ cleartext
$ client
$ CLIPPER chip
$ closed security environment
$ code
$ color change
$ Common Criteria
$ Common Criteria for Information Technology Security
$ Common IP Security Option (CIPSO)
$ common name
$ communication security (COMSEC)
$ community string
$ compartment
$ compromise
$ compromised key list (CKL)
$ COMPUSEC
$ computer emergency response team (CERT)
$ Computer Incident Advisory Capability (CIAC)
$ computer network
$ computer security (COMPUSEC)
$ computer security incident response team (CSIRT)
$ computer security object
$ Computer Security Objects Register (CSOR)
$ COMSEC
$ confidentiality
$ configuration control
$ confinement property
$ connectionless data integrity service
$ contingency plan
$ controlled security mode
$ cookie
$ Coordinated Universal Time (UTC)
$ copy
$ correctness integrity
$ correctness proof
$ countermeasure
$ country code
$ covert channel
$ CPS
$ cracker
$ CRAM
$ CRC
$ credential(s)
$ critical
$ CRL
$ CRL distribution point
$ CRL extension
$ cross-certificate
$ cross-certification
$ cryptanalysis
$ crypto
$ cryptographic algorithm
$ cryptographic application programming interface (CAPI)
$ cryptographic card
$ cryptographic component
$ cryptographic hash
$ cryptographic ignition key (CIK)
$ cryptographic key
$ Cryptographic Message Syntax (CMS)
$ cryptographic module
$ cryptographic system
$ cryptographic token
$ cryptography
$ Cryptoki
$ cryptology
$ cryptonet
$ cryptoperiod
$ cryptosystem
$ CSIRT
$ CSOR
$ cut-and-paste attack
$ cyclic redundancy check (CRC)
- $ DAC
$ DASS
$ data
$ Data Authentication Algorithm
$ data authentication code vs. Data Authentication Code (DAC)
$ data compromise
$ data confidentiality
$ data confidentiality service
$ Data Encryption Algorithm (DEA)
$ data encryption key (DEK)
$ Data Encryption Standard (DES)
$ data integrity
$ data integrity service
$ data origin authentication
$ data origin authentication service
$ data privacy
$ data security
$ datagram
$ DEA
$ deception
$ decipher
$ decipherment
$ decode
$ decrypt
$ decryption
$ dedicated security mode
$ default account
$ degauss
$ degausser
$ DEK
$ delta CRL
$ denial of service
$ DES
$ dictionary attack
$ Diffie-Hellman
$ digest
$ digital certificate
$ digital certification
$ digital document
$ digital envelope
$ Digital ID(service mark)
$ digital key
$ digital notary
$ digital signature
$ Digital Signature Algorithm (DSA)
$ Digital Signature Standard (DSS)
$ digital watermarking
$ digitized signature
$ directory
$ Directory
$ Directory Access Protocol (DAP)
$ directory vs. Directory
$ disaster plan
$ disclosure (i.e., unauthorized disclosure)
$ discretionary access control (DAC)
$ disruption
$ Distinguished Encoding Rules (DER)
$ distinguished name (DN)
$ Distributed Authentication Security Service (DASS)
$ distribution point
$ DN
$ DNS
$ DOI
$ domain
$ domain name
$ Domain Name System (DNS)
$ domain of interpretation (DOI)
$ dominate
$ dongle
$ downgrade
$ draft RFC
$ DSA
$ DSS
$ dual control
$ dual signature
- $ EAP
$ eavesdropping
$ ECB
$ ECDSA
$ economy of mechanism
$ EDI
$ EDIFACT
$ EE
$ EES
$ El Gamal algorithm
$ electronic codebook (ECB)
$ electronic commerce
$ electronic data interchange (EDI)
$ electronic signature
$ elliptic curve cryptography (ECC)
$ Elliptic Curve Digital Signature Algorithm (ECDSA)
$ emanation
$ emanations security (EMSEC)
$ emergency plan
$ EMSEC
$ EMV
$ Encapsulating Security Payload (ESP)
$ encipher
$ encipherment
$ encode
$ encrypt
$ encryption
$ encryption certificate
$ end entity
$ end system
$ end-to-end encryption
$ end user
$ entity
$ entrapment
$ ephemeral key
$ error detection code
$ Escrowed Encryption Standard (EES)
$ ESP
$ Estelle
$ evaluated products list
$ evaluated system
$ expire
$ exposure
$ Extensible Authentication Protocol
$ extension
$ extranet
- $ fail safe
$ fail soft
$ failure control
$ Federal Information Processing Standards (FIPS)
$ Federal Public-key Infrastructure (FPKI)
$ Federal Standard 1027
$ File Transfer Protocol (FTP)
$ filtering router
$ financial institution
$ fingerprint
$ FIPS
$ FIPS PUB 140-1
$ firewall
$ firmware
$ FIRST
$ flaw hypothesis methodology
$ flooding
$ flow analysis
$ flow control
$ formal specification
$ formulary
$ FORTEZZA (trademark)
$ Forum of Incident Response and Security Teams (FIRST)
$ forward secrecy
$ FPKI
$ FTP
- $ gateway
$ GCA
$ GeneralizedTime
$ Generic Security Service Application Program Interface (GSS-API)
$ geopolitical certificate authority (GCA)
$ Green Book
$ GRIP
$ GSS-API
$ guard
$ guest login
$ GULS
- $ hacker
$ handle
$ hardware
$ hardware token
$ hash code
$ hash function
$ hash result
$ hash value
$ hierarchical PKI
$ hierarchy management
$ hierarchy of trust
$ hijack attack
$ HMAC
$ honey pot
$ host
$ HTML
$ HTTP
$ https
$ hybrid encryption
$ hyperlink
$ hypermedia
$ hypertext
$ Hypertext Markup Language (HTML)
$ Hypertext Transfer Protocol (HTTP)
- $ IAB
$ IANA
$ ICANN
$ ICMP
$ ICMP flood
$ ICRL
$ IDEA
$ identification
$ Identification Protocol
$ identity-based security policy
$ IEEE
$ IEEE 802.10
$ IEEE P1363
$ IESG
$ IETF
$ IKE
$ IMAP4
$ IMAP4 AUTHENTICATE
$ in the clear
$ indirect certificate revocation list (ICRL)
$ indistinguishability
$ information
$ Information Technology Security Evaluation Criteria (ITSEC)
$ INFOSEC
$ initialization value (IV)
$ initialization vector
$ insider attack
$ Institute of Electrical and Electronics Engineers, Inc. (IEEE)
$ integrity
$ integrity check
$ intelligent threat
$ International Data Encryption Algorithm (IDEA)
$ International Standard
$ International Traffic in Arms Regulations (ITAR)
$ internet
$ Internet
$ Internet Architecture Board (IAB)
$ Internet Assigned Numbers Authority (IANA)
$ Internet Control Message Protocol (ICMP)
$ Internet Corporation for Assigned Names and Numbers (ICANN)
$ Internet Draft
$ Internet Engineering Steering Group (IESG)
$ Internet Engineering Task Force (IETF)
$ Internet Message Access Protocol, version 4 (IMAP4)
$ Internet Policy Registration Authority (IPRA)
$ Internet Protocol (IP)
$ Internet Protocol security (IPsec)
$ Internet Protocol Security Option (IPSO)
$ Internet Protocol Suite
$ Internet Security Association and Key Management Protocol (ISAKMP)
$ Internet Society (ISOC)
$ Internet Standard
$ Internet Standards document (ISD)
$ internet vs. Internet
$ internetwork
$ intranet
$ intruder
$ intrusion
$ intrusion detection
$ invalidity date
$ IP
$ IP address
$ IP Security Option
$ IPRA
$ IPsec
$ IPsec Key Exchange (IKE)
$ IPSO
$ ISAKMP
$ ISD
$ ISO
$ ISOC
$ issue (a digital certificate or CRL)
$ issuer
$ ITAR
$ ITSEC
$ ITU-T
$ IV
- $ KDC
$ KEA
$ KEK
$ Kerberos
$ key
$ key agreement (algorithm or protocol)
$ key authentication
$ key center
$ key confirmation
$ key distribution
$ key distribution center (KDC)
$ key encapsulation
$ key-encrypting key (KEK)
$ key escrow
$ key establishment (algorithm or protocol)
$ Key Exchange Algorithm (KEA)
$ key generation
$ key generator
$ key length
$ key lifetime
$ key management
$ Key Management Protocol (KMP)
$ key material identifier (KMID)
$ key pair
$ key recovery
$ key space
$ key translation center
$ key transport (algorithm or protocol)
$ key update
$ key validation
$ keyed hash
$ keying material
$ KMID
$ known-plaintext attack
- $ L2F
$ L2TP
$ label
$ Language of Temporal Ordering Specification (LOTOS)
$ lattice model
$ Law Enforcement Access Field (LEAF)
$ Layer 2 Forwarding Protocol (L2F)
$ Layer 2 Tunneling Protocol (L2TP)
$ LDAP
$ least privilege
$ Lightweight Directory Access Protocol (LDAP)
$ link
$ link-by-link encryption
$ link encryption
$ logic bomb
$ login
$ LOTOS
- $ MAC
$ malicious logic
$ malware
$ man-in-the-middle
$ mandatory access control (MAC)
$ manipulation detection code
$ masquerade attack
$ MCA
$ MD2
$ MD4
$ MD5
$ merchant
$ merchant certificate
$ merchant certification authority (MCA)
$ mesh PKI
$ message authentication code vs. Message Authentication Code (MAC)
$ message digest
$ Message Handling Systems
$ message indicator
$ message integrity check
$ message integrity code
$ Message Security Protocol (MSP)
$ MHS
$ MIME
$ MIME Object Security Services (MOSS)
$ Minimum Interoperability Specification for PKI Components (MISPC)
$ MISPC
$ MISSI
$ MISSI user
$ mode
$ mode of operation
$ modulus
$ Morris Worm
$ MOSS
$ MSP
$ multilevel secure (MLS)
$ multilevel security mode
$ Multipurpose Internet Mail Extensions (MIME)
$ mutual suspicion
- $ National Computer Security Center (NCSC)
$ National Information Assurance Partnership (NIAP)
$ National Institute of Standards and Technology (NIST)
$ National Security Agency (NSA)
$ need-to-know
$ network
$ NIAP
$ NIST
$ NLSP
$ no-lone zone
$ nonce
$ non-critical
$ non-repudiation service
$ no-PIN ORA (NORA)
$ NORA
$ notarization
$ NULL encryption algorithm
- $ OAKLEY
$ object
$ object identifier (OID)
$ object reuse
$ OCSP
$ octet
$ OFB
$ ohnosecond
$ OID
$ On-line Certificate Status Protocol (OCSP)
$ one-time pad
$ one-time password
$ One-Time Password (OTP)
$ one-way encryption
$ one-way function
$ open security environment
$ Open Systems Interconnection (OSI) Reference Model (OSIRM)
$ operational integrity
$ operations security (OPSEC)
$ OPSEC
$ ORA
$ Orange Book
$ organizational certificate
$ organizational registration authority (ORA)
$ origin authentication
$ origin authenticity
$ OSI
$ OSIRM
$ OTP
$ out of band
$ output feedback (OFB)
$ outside attack
$ outsider attack
- $ P1363
$ PAA
$ packet filter
$ pagejacking
$ PAN
$ PAP
$ partitioned security mode
$ passive attack
$ passive wiretapping
$ password
$ Password Authentication Protocol (PAP)
$ password sniffing
$ path discovery
$ path validation
$ payment card
$ payment gateway
$ payment gateway certification authority (SET PCA)
$ PC card
$ PCA
$ PCMCIA
$ peer entity authentication
$ peer entity authentication service
$ PEM
$ penetration
$ penetration test
$ perfect forward secrecy
$ perimeter
$ periods processing
$ permission
$ personal identification number (PIN)
$ personality
$ personality label
$ personnel security
$ PGP (trademark)
$ Photuris
$ phreaking
$ physical security
$ piggyback attack
$ PIN
$ ping of death
$ ping sweep
$ PKCS
$ PKCS #7
$ PKCS #10
$ PKCS #11
$ PKI
$ PKIX
$ PKIX private extension
$ plaintext
$ Point-to-Point Protocol (PPP)
$ Point-to-Point Tunneling Protocol (PPTP)
$ policy
$ policy approving authority (PAA)
$ policy certification authority (Internet PCA)
$ policy creation authority (MISSI PCA)
$ Policy Management Authority
$ policy mapping
$ POP3
$ POP3 APOP
$ POP3 AUTH
$ port scan
$ POSIX
$ Post Office Protocol, version 3 (POP3)
$ PPP
$ PPTP
$ pre-authorization
$ Pretty Good Privacy(trademark) (PGP(trademark))
$ primary account number (PAN)
$ privacy
$ Privacy Enhanced Mail (PEM)
$ private component
$ private extension
$ private key
$ privilege
$ privilege management infrastructure
$ privileged process
$ procedural security
$ proprietary
$ protected checksum
$ protected distribution system
$ protection authority
$ protection ring
$ protocol
$ protocol suite
$ proxy server
$ pseudo-random
$ pseudo-random number generator
$ public component
$ public key
$ public-key certificate
$ public-key cryptography
$ Public-Key Cryptography Standards (PKCS)
$ public-key forward secrecy (PFS)
$ public-key infrastructure (PKI)
- $ RA
$ RA domains
$ RADIUS
$ Rainbow Series
$ random
$ random number generator
$ RBAC
$ RC2
$ RC4
$ realm
$ RED
$ Red Book
$ RED/BLACK separation
$ reference monitor
$ reflection attack
$ register
$ registration
$ registration authority (RA)
$ regrade
$ rekey
$ reliability
$ relying party
$ Remote Authentication Dial-In User Service (RADIUS)
$ renew
$ replay attack
$ repository
$ repudiation
$ Request for Comment (RFC)
$ residual risk
$ restore
$ revocation
$ revocation date
$ revocation list
$ revoke
$ RFC
$ risk
$ risk analysis
$ risk assessment
$ risk management
$ Rivest Cipher #2 (RC2)
$ Rivest Cipher #4 (RC4)
$ Rivest-Shamir-Adleman (RSA)
$ role-based access control (RBAC)
$ root
$ root certificate
$ root key
$ root registry
$ router
$ RSA
$ rule-based security policy
- $ safety
$ SAID
$ salt
$ sanitize
$ SASL
$ SCA
$ scavenging
$ screening router
$ SDE
$ SDNS
$ seal
$ secret
$ secret-key cryptography
$ Secure Data Exchange (SDE)
$ Secure Data Network System (SDNS)
$ Secure Hash Standard (SHS)
$ Secure Hypertext Transfer Protocol (Secure-HTTP, S-HTTP)
$ Secure/MIME (S/MIME)
$ Secure Sockets Layer (SSL)
$ secure state
$ security
$ security architecture
$ security association
$ security association identifier (SAID)
$ security audit
$ security audit trail
$ security class
$ security clearance
$ security compromise
$ security domain
$ security environment
$ security event
$ security fault analysis
$ security gateway
$ security incident
$ security intrusion
$ security kernel
$ security label
$ security level
$ security management infrastructure (SMI)
$ security mechanism
$ security model
$ security parameters index (SPI)
$ security perimeter
$ security policy
$ Security Protocol 3 (SP3)
$ Security Protocol 4 (SP4)
$ security-relevant event
$ security service
$ security situation
$ security token
$ security violation
$ self-signed certificate
$ semantic security
$ sensitive (information)
$ separation of duties
$ serial number
$ server
$ session key
$ SET
$ SET private extension
$ SET qualifier
$ SET Secure Electronic Transaction (trademark) or SET (trademark)
$ SETCo
$ SHA-1
$ shared secret
$ S-HTTP
$ sign
$ signature
$ signature certificate
$ signer
$ SILS
$ simple authentication
$ Simple Authentication and Security Layer (SASL)
$ Simple Key-management for Internet Protocols (SKIP)
$ Simple Mail Transfer Protocol (SMTP)
$ Simple Network Management Protocol (SNMP)
$ simple security property
$ single sign-on
$ situation
$ S/Key
$ SKIP
$ SKIPJACK
$ slot
$ smart card
$ smart token
$ SMI
$ S/MIME
$ SMTP
$ smurf
$ sniffing
$ SNMP
$ social engineering
$ SOCKS
$ soft TEMPEST
$ software
$ SORA
$ source authentication
$ source integrity
$ SP3
$ SP4
$ spam
$ SPC
$ SPI
$ split key
$ split knowledge
$ spoofing attack
$ SSH
$ SSL
$ SSO
$ SSO PIN
$ SSO-PIN ORA (SORA)
$ Standards for Interoperable LAN/MAN Security (SILS)
$ star property
$ Star Trek attack
$ steganography
$ storage channel
$ stream cipher
$ strong authentication
$ subject
$ subnetwork
$ subordinate certification authority (SCA)
$ subordinate distinguished name
$ superencryption
$ survivability
$ symmetric cryptography
$ symmetric key
$ SYN flood
$ system
$ system entity
$ system high
$ system high security mode
$ system integrity
$ system integrity service
$ system low
$ system resource
$ system security officer (SSO)
$ system verification
- $ TACACS
$ TACACS+
$ tamper
$ TCB
$ TCP
$ TCP/IP
$ TCSEC
$ TELNET
$ TEMPEST
$ Terminal Access Controller (TAC) Access Control System (TACACS)
$ TESS
$ The Exponential Encryption System (TESS)
$ threat
$ threat action
$ threat analysis
$ threat consequence
$ thumbprint
$ ticket
$ timing channel
$ TLS
$ TLSP
$ token
$ token backup
$ token copy
$ token management
$ token restore
$ token storage key
$ top CA
$ top-level specification
$ traffic analysis
$ traffic flow confidentiality
$ traffic padding
$ tranquillity property
$ Transmission Control Protocol (TCP)
$ Transport Layer Security (TLS)
$ Transport Layer Security Protocol (TLSP)
$ transport mode vs. tunnel mode
$ trap door
$ triple DES
$ triple-wrapped
$ Trojan horse
$ trust
$ trust chain
$ trust-file PKI
$ trust hierarchy
$ trust level
$ trusted
$ trusted certificate
$ trusted computer system
$ Trusted Computer System Evaluation Criteria (TCSEC)
$ trusted computing base (TCB)
$ trusted distribution
$ trusted key
$ trusted path
$ trusted process
$ trusted subnetwork
$ trusted system
$ Trusted Systems Interoperability Group (TSIG)
$ trustworthy system
$ TSIG
$ tunnel
$ tunnel mode
$ two-person control
$ Type I cryptography
$ Type II cryptography
$ Type III cryptography
- $ UDP
$ unclassified
$ unencrypted
$ unforgeable
$ uniform resource identifier (URI)
$ uniform resource locator (URL)
$ uniform resource name (URN)
$ untrusted process
$ UORA
$ update
$ URI
$ URL
$ URN
$ user
$ User Datagram Protocol (UDP)
$ user identifier
$ user PIN
$ user-PIN ORA (UORA)
$ usurpation
$ UTCTime
- $ v1 certificate
$ v1 CRL
$ v2 certificate
$ v2 CRL
$ v3 certificate
$ valid certificate
$ valid signature
$ validate vs. verify
$ validation
$ validity period
$ value-added network (VAN)
$ VAN
$ verification
$ verify
$ violation
$ virtual private network (VPN)
$ virus
$ VPN
$ vulnerability
- $ W3
$ war dialer
$ Wassenaar Arrangement
$ watermarking
$ web of trust
$ web server
$ web vs. Web
$ wiretapping
$ work factor
$ World Wide Web ("the Web", WWW, W3)
$ worm
$ wrap
$ WWW
- $ X.400
$ X.500
$ X.500 Directory
$ X.509
$ X.509 attribute certificate
$ X.509 authority revocation list
$ X.509 certificate
$ X.509 certificate revocation list (CRL)
$ X.509 public-key certificate
$ XTACACS
- $ Yellow Book
- (D) インターネット標準文書は、 "Computer Security Requirements: Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments" [CSC3] の同義語として、この用語を使ってはいけない(SHOULD NOT)。代わりに、文書の正式名称を使う、もしくは参照において慣行的な略語を使う。
- (Green Book, Rainbow Series (にある用法)参照。)
- $ zeroize (ゼロ化)
- (I) 蓄積されたデータを利用不能かつ復旧不能にするためにイレイザーもしくは他の手段を使う。特に、暗号モジュールもしくは他のデバイスに蓄積された鍵。
(O) 電子的に蓄積されたデータを、データの復旧ができないようにするためにデータストレージの中身を置き換えることによって消去すること。[FP140]