C <- 4. Definitions -> E
D
$ DAC
(N) See: Data Authentication Code, discretionary access control.
Deprecated Usage: IDOCs that use this term SHOULD state a
definition for it because this abbreviation is ambiguous.
$ daemon
(I) A computer program that is not invoked explicitly but waits
until a specified condition occurs, and then runs with no
associated user (principal), usually for an administrative
purpose. (See: zombie.)
$ dangling threat
(O) A threat to a system for which there is no corresponding
vulnerability and, therefore, no implied risk.
$ dangling vulnerability
(O) A vulnerability of a system for which there is no
corresponding threat and, therefore, no implied risk.
Shirey Informational [Page 92]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ DASS
(I) See: Distributed Authentication Security Service.
$ data
(I) Information in a specific representation, usually as a
sequence of symbols that have meaning.
Usage: Refers to both (a) representations that can be recognized,
processed, or produced by a computer or other type of machine, and
(b) representations that can be handled by a human.
$ Data Authentication Algorithm, data authentication algorithm
1. (N) /capitalized/ The ANSI standard for a keyed hash function
that is equivalent to DES cipher block chaining with IV = 0.
[A9009]
2. (D) /not capitalized/ Synonym for some kind of "checksum".
Deprecated Term: IDOCs SHOULD NOT use the uncapitalized form "data
authentication algorithm" as a synonym for any kind of checksum,
regardless of whether or not the checksum is based on a hash.
Instead, use "checksum", "Data Authentication Code", "error
detection code", "hash", "keyed hash", "Message Authentication
Code", "protected checksum", or some other specific term,
depending on what is meant.
The uncapitalized term can be confused with the Data
Authentication Code and also mixes concepts in a potentially
misleading way. The word "authentication" is misleading because
the checksum may be used to perform a data integrity function
rather than a data origin authentication function.
$ Data Authentication Code, data authentication code
1. (N) /capitalized/ A specific U.S. Government standard [FP113]
for a checksum that is computed by the Data Authentication
Algorithm. Usage: a.k.a. Message Authentication Code [A9009].)
(See: DAC.)
2. (D) /not capitalized/ Synonym for some kind of "checksum".
Deprecated Term: IDOCs SHOULD NOT use the uncapitalized form "data
authentication code" as a synonym for any kind of checksum,
regardless of whether or not the checksum is based on the Data
Authentication Algorithm. The uncapitalized term can be confused
with the Data Authentication Code and also mixes concepts in a
potentially misleading way (see: authentication code).
Shirey Informational [Page 93]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ data compromise
1. (I) A security incident in which information is exposed to
potential unauthorized access, such that unauthorized disclosure,
alteration, or use of the information might have occurred.
(Compare: security compromise, security incident.)
2. (O) /U.S. DoD/ A "compromise" is a "communication or physical
transfer of information to an unauthorized recipient." [DoD5]
3. (O) /U.S. Government/ "Type of [security] incident where
information is disclosed to unauthorized individuals or a
violation of the security policy of a system in which unauthorized
intentional or unintentional disclosure, modification,
destruction, or loss of an object may have occurred." [C4009]
$ data confidentiality
1. (I) The property that data is not disclosed to system entities
unless they have been authorized to know the data. (See: Bell-
LaPadula model, classification, data confidentiality service,
secret. Compare: privacy.)
2. (D) "The property that information is not made available or
disclosed to unauthorized individuals, entities, or processes
[i.e., to any unauthorized system entity]." [I7498-2].
Deprecated Definition: The phrase "made available" might be
interpreted to mean that the data could be altered, and that would
confuse this term with the concept of "data integrity".
$ data confidentiality service
(I) A security service that protects data against unauthorized
disclosure. (See: access control, data confidentiality, datagram
confidentiality service, flow control, inference control.)
Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for
"privacy", which is a different concept.
$ Data Encryption Algorithm (DEA)
(N) A symmetric block cipher, defined in the U.S. Government's
DES. DEA uses a 64-bit key, of which 56 bits are independently
chosen and 8 are parity bits, and maps a 64-bit block into another
64-bit block. [FP046] (See: AES, symmetric cryptography.)
Usage: This algorithm is usually referred to as "DES". The
algorithm has also been adopted in standards outside the
Government (e.g., [A3092]).
Shirey Informational [Page 94]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ data encryption key (DEK)
(I) A cryptographic key that is used to encipher application data.
(Compare: key-encrypting key.)
$ Data Encryption Standard (DES)
(N) A U.S. Government standard [FP046] that specifies the DEA and
states policy for using the algorithm to protect unclassified,
sensitive data. (See: AES.)
$ data integrity
1. (I) The property that data has not been changed, destroyed, or
lost in an unauthorized or accidental manner. (See: data integrity
service. Compare: correctness integrity, source integrity.)
2. (O) "The property that information has not been modified or
destroyed in an unauthorized manner." [I7498-2]
Usage: Deals with (a) constancy of and confidence in data values,
and not with either (b) information that the values represent
(see: correctness integrity) or (c) the trustworthiness of the
source of the values (see: source integrity).
$ data integrity service
(I) A security service that protects against unauthorized changes
to data, including both intentional change or destruction and
accidental change or loss, by ensuring that changes to data are
detectable. (See: data integrity, checksum, datagram integrity
service.)
Tutorial: A data integrity service can only detect a change and
report it to an appropriate system entity; changes cannot be
prevented unless the system is perfect (error-free) and no
malicious user has access. However, a system that offers data
integrity service might also attempt to correct and recover from
changes.
The ability of this service to detect changes is limited by the
technology of the mechanisms used to implement the service. For
example, if the mechanism were a one-bit parity check across each
entire SDU, then changes to an odd number of bits in an SDU would
be detected, but changes to an even number of bits would not.
Relationship between data integrity service and authentication
services: Although data integrity service is defined separately
from data origin authentication service and peer entity
authentication service, it is closely related to them.
Authentication services depend, by definition, on companion data
integrity services. Data origin authentication service provides
Shirey Informational [Page 95]
RFC 4949 Internet Security Glossary, Version 2 August 2007
verification that the identity of the original source of a
received data unit is as claimed; there can be no such
verification if the data unit has been altered. Peer entity
authentication service provides verification that the identity of
a peer entity in a current association is as claimed; there can be
no such verification if the claimed identity has been altered.
$ data origin authentication
(I) "The corroboration that the source of data received is as
claimed." [I7498-2] (See: authentication.)
$ data origin authentication service
(I) A security service that verifies the identity of a system
entity that is claimed to be the original source of received data.
(See: authentication, authentication service.)
Tutorial: This service is provided to any system entity that
receives or holds the data. Unlike peer entity authentication
service, this service is independent of any association between
the originator and the recipient, and the data in question may
have originated at any time in the past.
A digital signature mechanism can be used to provide this service,
because someone who does not know the private key cannot forge the
correct signature. However, by using the signer's public key,
anyone can verify the origin of correctly signed data.
This service is usually bundled with connectionless data integrity
service. (See: "relationship between data integrity service and
authentication services" under "data integrity service".
$ data owner
(N) The organization that has the final statutory and operational
authority for specified information.
$ data privacy
(D) Synonym for "data confidentiality".
Deprecated Term: IDOCs SHOULD NOT use this term; it mixes concepts
in a potentially misleading way. Instead, use either "data
confidentiality" or "privacy" or both, depending on what is meant.
$ data recovery
1. (I) /cryptanalysis/ A process for learning, from some cipher
text, the plain text that was previously encrypted to produce the
cipher text. (See: recovery.)
Shirey Informational [Page 96]
RFC 4949 Internet Security Glossary, Version 2 August 2007
2. (I) /system integrity/ The process of restoring information
following damage or destruction.
$ data security
(I) The protection of data from disclosure, alteration,
destruction, or loss that either is accidental or is intentional
but unauthorized.
Tutorial: Both data confidentiality service and data integrity
service are needed to achieve data security.
$ datagram
(I) "A self-contained, independent entity of data [i.e., a packet]
carrying sufficient information to be routed from the source
[computer] to the destination computer without reliance on earlier
exchanges between this source and destination computer and the
transporting network." [R1983] Example: A PDU of IP.
$ datagram confidentiality service
(I) A data confidentiality service that preserves the
confidentiality of data in a single, independent, packet; i.e.,
the service applies to datagrams one-at-a-time. Example: ESP.
(See: data confidentiality.)
Usage: When a protocol is said to provide data confidentiality
service, this is usually understood to mean that only the SDU is
protected in each packet. IDOCs that use the term to mean that the
entire PDU is protected should include a highlighted definition.
Tutorial: This basic form of network confidentiality service
suffices for protecting the data in a stream of packets in both
connectionless and connection-oriented protocols. Except perhaps
for traffic flow confidentiality, nothing further is needed to
protect the confidentiality of data carried by a packet stream.
The OSIRM distinguishes between connection confidentiality and
connectionless confidentiality. The IPS need not make that
distinction, because those services are just instances of the same
service (i.e., datagram confidentiality) being offered in two
different protocol contexts. (For data integrity service, however,
additional effort is needed to protect a stream, and the IPS does
need to distinguish between "datagram integrity service" and
"stream integrity service".)
$ datagram integrity service
(I) A data integrity service that preserves the integrity of data
in a single, independent, packet; i.e., the service applies to
datagrams one-at-a-time. (See: data integrity. Compare: stream
integrity service.)
Shirey Informational [Page 97]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Tutorial: The ability to provide appropriate data integrity is
important in many Internet security situations, and so there are
different kinds of data integrity services suited to different
applications. This service is the simplest kind; it is suitable
for connectionless data transfers.
Datagram integrity service usually is designed only to attempt to
detect changes to the SDU in each packet, but it might also
attempt to detect changes to some or all of the PCI in each packet
(see: selective field integrity). In contrast to this simple,
one-at-a-time service, some security situations demand a more
complex service that also attempts to detect deleted, inserted, or
reordered datagrams within a stream of datagrams (see: stream
integrity service).
$ DEA
(N) See: Data Encryption Algorithm.
$ deception
(I) A circumstance or event that may result in an authorized
entity receiving false data and believing it to be true. (See:
authentication.)
Tutorial: This is a type of threat consequence, and it can be
caused by the following types of threat actions: masquerade,
falsification, and repudiation.
$ decipher
(D) Synonym for "decrypt".
Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "decrypt". However, see usage note under "encryption".
$ decipherment
(D) Synonym for "decryption".
Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "decryption". However, see the Usage note under "encryption".
$ declassification
(I) An authorized process by which information is declassified.
(Compare: classification.)
$ declassify
(I) To officially remove the security level designation of a
classified information item or information type, such that the
information is no longer classified (i.e., becomes unclassified).
(See: classified, classify, security level. Compare: downgrade.)
Shirey Informational [Page 98]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ decode
1. (I) Convert encoded data back to its original form of
representation. (Compare: decrypt.)
2. (D) Synonym for "decrypt".
Deprecated Definition: Encoding is not usually meant to conceal
meaning. Therefore, IDOCs SHOULD NOT use this term as a synonym
for "decrypt", because that would mix concepts in a potentially
misleading way.
$ decrypt
(I) Cryptographically restore cipher text to the plaintext form it
had before encryption.
$ decryption
(I) See: secondary definition under "encryption".
$ dedicated security mode
(I) A mode of system operation wherein all users having access to
the system possess, for all data handled by the system, both (a)
all necessary authorizations (i.e., security clearance and formal
access approval) and (b) a need-to-know. (See: /system operation/
under "mode", formal access approval, need to know, protection
level, security clearance.)
Usage: Usually abbreviated as "dedicated mode". This mode was
defined in U.S. Government policy on system accreditation, but the
term is also used outside the Government. In this mode, the system
may handle either (a) a single classification level or category of
information or (b) a range of levels and categories.
$ default account
(I) A system login account (usually accessed with a user
identifier and password) that has been predefined in a
manufactured system to permit initial access when the system is
first put into service. (See: harden.)
Tutorial: A default account becomes a serious vulnerability if not
properly administered. Sometimes, the default identifier and
password are well-known because they are the same in each copy of
the system. In any case, when a system is put into service, any
default password should immediately be changed or the default
account should be disabled.
$ defense in depth
(N) "The siting of mutually supporting defense positions designed
to absorb and progressively weaken attack, prevent initial
Shirey Informational [Page 99]
RFC 4949 Internet Security Glossary, Version 2 August 2007
observations of the whole position by the enemy, and [enable] the
commander to maneuver the reserve." [JP1]
Tutorial: In information systems, defense in depth means
constructing a system's security architecture with layered and
complementary security mechanisms and countermeasures, so that if
one security mechanism is defeated, one or more other mechanisms
(which are "behind" or "beneath" the first mechanism) still
provide protection.
This architectural concept is appealing because it aligns with
traditional warfare doctrine, which applies defense in depth to
physical, geospatial structures; but applying the concept to
logical, cyberspace structures of computer networks is more
difficult. The concept assumes that networks have a spatial or
topological representation. It also assumes that there can be
implemented -- from the "outer perimeter" of a network, through
its various "layers" of components, to its "center" (i.e., to the
subscriber application systems supported by the network) -- a
varied series of countermeasures that together provide adequate
protection. However, it is more difficult to map the topology of
networks and make certain that no path exists by which an attacker
could bypass all defensive layers.
$ Defense Information Infrastructure (DII)
(O) /U.S. DoD/ The U.S. DoD's shared, interconnected system of
computers, communications, data, applications, security, people,
training, and support structures, serving information needs
worldwide. (See: DISN.) Usage: Has evolved to be called the GIG.
Tutorial: The DII connects mission support, command and control,
and intelligence computers and users through voice, data, imagery,
video, and multimedia services, and provides information
processing and value-added services to subscribers over the DISN.
Users' own data and application software are not considered part
of the DII.
$ Defense Information Systems Network (DISN)
(O) /U.S. DoD/ The U.S. DoD's consolidated, worldwide, enterprise
level telecommunications infrastructure that provides end-to-end
information transfer for supporting military operations; a part of
the DII. (Compare: GIG.)
$ degauss
1a. (N) Apply a magnetic field to permanently remove data from a
magnetic storage medium, such as a tape or disk [NCS25]. (Compare:
erase, purge, sanitize.)
Shirey Informational [Page 100]
RFC 4949 Internet Security Glossary, Version 2 August 2007
1b. (N) Reduce magnetic flux density to zero by applying a
reversing magnetic field. (See: magnetic remanence.)
$ degausser
(N) An electrical device that can degauss magnetic storage media.
$ DEK
(I) See: data encryption key.
$ delay
(I) /packet/ See: secondary definition under "stream integrity
service".
$ deletion
(I) /packet/ See: secondary definition under "stream integrity
service".
$ deliberate exposure
(I) /threat action/ See: secondary definition under "exposure".
$ delta CRL
(I) A partial CRL that only contains entries for certificates that
have been revoked since the issuance of a prior, base CRL [X509].
This method can be used to partition CRLs that become too large
and unwieldy. (Compare: CRL distribution point.)
$ demilitarized zone (DMZ)
(D) Synonym for "buffer zone".
Deprecated Term: IDOCs SHOULD NOT use this term because it mixes
concepts in a potentially misleading way. (See: Deprecated Usage
under "Green Book".)
$ denial of service
(I) The prevention of authorized access to a system resource or
the delaying of system operations and functions. (See:
availability, critical, flooding.)
Tutorial: A denial-of-service attack can prevent the normal
conduct of business on the Internet. There are four types of
solutions to this security problem:
- Awareness: Maintaining cognizance of security threats and
vulnerabilities. (See: CERT.)
- Detection: Finding attacks on end systems and subnetworks.
(See: intrusion detection.)
- Prevention: Following defensive practices on network-connected
systems. (See: [R2827].)
Shirey Informational [Page 101]
RFC 4949 Internet Security Glossary, Version 2 August 2007
- Response: Reacting effectively when attacks occur. (See: CSIRT,
contingency plan.)
$ DES
(N) See: Data Encryption Standard.
$ designated approving authority (DAA)
(O) /U.S. Government/ Synonym for "accreditor".
$ detection
(I) See: secondary definition under "security".
$ deterrence
(I) See: secondary definition under "security".
$ dictionary attack
(I) An attack that uses a brute-force technique of successively
trying all the words in some large, exhaustive list.
Examples: Attack an authentication service by trying all possible
passwords. Attack an encryption service by encrypting some known
plaintext phrase with all possible keys so that the key for any
given encrypted message containing that phrase may be obtained by
lookup.
$ Diffie-Hellman
Diffie-Hellman-Merkle
(N) A key-agreement algorithm published in 1976 by Whitfield
Diffie and Martin Hellman [DH76, R2631].
Usage: The algorithm is most often called "Diffie-Hellman".
However, in the November 1978 issue of "IEEE Communications
Magazine", Hellman wrote that the algorithm "is a public key
distribution system, a concept developed by [Ralph C.] Merkle, and
hence should be called 'Diffie-Hellman-Merkle' ... to recognize
Merkle's equal contribution to the invention of public key
cryptography."
Tutorial: Diffie-Hellman-Merkle does key establishment, not
encryption. However, the key that it produces may be used for
encryption, for further key management operations, or for any
other cryptography.
The algorithm is described in [R2631] and [Schn]. In brief, Alice
and Bob together pick large integers that satisfy certain
mathematical conditions, and then use the integers to each
separately compute a public-private key pair. They send each other
their public key. Each person uses their own private key and the
Shirey Informational [Page 102]
RFC 4949 Internet Security Glossary, Version 2 August 2007
other person's public key to compute a key, k, that, because of
the mathematics of the algorithm, is the same for each of them.
Passive wiretapping cannot learn the shared k, because k is not
transmitted, and neither are the private keys needed to compute k.
The difficulty of breaking Diffie-Hellman-Merkle is considered to
be equal to the difficulty of computing discrete logarithms modulo
a large prime. However, without additional mechanisms to
authenticate each party to the other, a protocol based on the
algorithm may be vulnerable to a man-in-the-middle attack.
$ digest
See: message digest.
$ digital certificate
(I) A certificate document in the form of a digital data object (a
data object used by a computer) to which is appended a computed
digital signature value that depends on the data object. (See:
attribute certificate, public-key certificate.)
Deprecated Usage: IDOCs SHOULD NOT use this term to refer to a
signed CRL or CKL. Although the recommended definition can be
interpreted to include other signed items, the security community
does not use the term with those meanings.
$ digital certification
(D) Synonym for "certification".
Deprecated Definition: IDOCs SHOULD NOT use this definition unless
the context is not sufficient to distinguish between digital
certification and another kind of certification, in which case it
would be better to use "public-key certification" or another
phrase that indicates what is being certified.
$ digital document
(I) An electronic data object that represents information
originally written in a non-electronic, non-magnetic medium
(usually ink on paper) or is an analogue of a document of that
type.
$ digital envelope
(I) A combination of (a) encrypted content data (of any kind)
intended for a recipient and (b) the content encryption key in an
encrypted form that has been prepared for the use of the
recipient.
Shirey Informational [Page 103]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Usage: In IDOCs, the term SHOULD be defined at the point of first
use because, although the term is defined in PKCS #7 and used in
S/MIME, it is not widely known.
Tutorial: Digital enveloping is not simply a synonym for
implementing data confidentiality with encryption; digital
enveloping is a hybrid encryption scheme to "seal" a message or
other data, by encrypting the data and sending both it and a
protected form of the key to the intended recipient, so that no
one other than the intended recipient can "open" the message. In
PKCS #7, it means first encrypting the data using a symmetric
encryption algorithm and a secret key, and then encrypting the
secret key using an asymmetric encryption algorithm and the public
key of the intended recipient. In S/MIME, additional methods are
defined for encrypting the content encryption key.
$ Digital ID(service mark)
(D) Synonym for "digital certificate".
Deprecated Term: IDOCs SHOULD NOT use this term. It is a service
mark of a commercial firm, and it unnecessarily duplicates the
meaning of a better-established term. (See: credential.)
$ digital key
(D) Synonym for an input parameter of a cryptographic algorithm or
other process. (See: key.)
Deprecated Usage: The adjective "digital" need not be used with
"key" or "cryptographic key", unless the context is insufficient
to distinguish the digital key from another kind of key, such as a
metal key for a door lock.
$ digital notary
(I) An electronic functionary analogous to a notary public.
Provides a trusted timestamp for a digital document, so that
someone can later prove that the document existed at that point in
time; verifies the signature(s) on a signed document before
applying the stamp. (See: notarization.)
$ digital signature
1. (I) A value computed with a cryptographic algorithm and
associated with a data object in such a way that any recipient of
the data can use the signature to verify the data's origin and
integrity. (See: data origin authentication service, data
integrity service, signer. Compare: digitized signature,
electronic signature.)
Shirey Informational [Page 104]
RFC 4949 Internet Security Glossary, Version 2 August 2007
2. (O) "Data appended to, or a cryptographic transformation of, a
data unit that allows a recipient of the data unit to prove the
source and integrity of the data unit and protect against forgery,
e.g. by the recipient." [I7498-2]
Tutorial: A digital signature should have these properties:
- Be capable of being verified. (See: validate vs. verify.)
- Be bound to the signed data object in such a way that if the
data is changed, then when an attempt is made to verify the
signature, it will be seen as not authentic. (In some schemes,
the signature is appended to the signed object as stated by
definition 2, but in other it, schemes is not.)
- Uniquely identify a system entity as being the signer.
- Be under the signer's sole control, so that it cannot be
created by any other entity.
To achieve these properties, the data object is first input to a
hash function, and then the hash result is cryptographically
transformed using a private key of the signer. The final resulting
value is called the digital signature of the data object. The
signature value is a protected checksum, because the properties of
a cryptographic hash ensure that if the data object is changed,
the digital signature will no longer match it. The digital
signature is unforgeable because one cannot be certain of
correctly creating or changing the signature without knowing the
private key of the supposed signer.
Some digital signature schemes use an asymmetric encryption
algorithm (e.g., "RSA") to transform the hash result. Thus, when
Alice needs to sign a message to send to Bob, she can use her
private key to encrypt the hash result. Bob receives both the
message and the digital signature. Bob can use Alice's public key
to decrypt the signature, and then compare the plaintext result to
the hash result that he computes by hashing the message himself.
If the values are equal, Bob accepts the message because he is
certain that it is from Alice and has arrived unchanged. If the
values are not equal, Bob rejects the message because either the
message or the signature was altered in transit.
Other digital signature schemes (e.g., "DSS") transform the hash
result with an algorithm (e.g., "DSA", "El Gamal") that cannot be
directly used to encrypt data. Such a scheme creates a signature
value from the hash and provides a way to verify the signature
value, but does not provide a way to recover the hash result from
the signature value. In some countries, such a scheme may improve
exportability and avoid other legal constraints on usage. Alice
sends the signature value to Bob along with both the message and
its hash result. The algorithm enables Bob to use Alice's public
Shirey Informational [Page 105]
RFC 4949 Internet Security Glossary, Version 2 August 2007
signature key and the signature value to verify the hash result he
receives. Then, as before, he compares that hash result she sent
to the one that he computes by hashing the message himself.
$ Digital Signature Algorithm (DSA)
(N) An asymmetric cryptographic algorithm for a digital signature
in the form of a pair of large numbers. The signature is computed
using rules and parameters such that the identity of the signer
and the integrity of the signed data can be verified. (See: DSS.)
$ Digital Signature Standard (DSS)
(N) The U.S. Government standard [FP186] that specifies the DSA.
$ digital watermarking
(I) Computing techniques for inseparably embedding unobtrusive
marks or labels as bits in digital data -- text, graphics, images,
video, or audio -- and for detecting or extracting the marks
later.
Tutorial: A "digital watermark", i.e., the set of embedded bits,
is sometimes hidden, usually imperceptible, and always intended to
be unobtrusive. Depending on the particular technique that is
used, digital watermarking can assist in proving ownership,
controlling duplication, tracing distribution, ensuring data
integrity, and performing other functions to protect intellectual
property rights. [ACM]
$ digitized signature
(D) Denotes various forms of digitized images of handwritten
signatures. (Compare: digital signature).
Deprecated Term: IDOCs SHOULD NOT use this term without including
this definition. This term suggests careless use of "digital
signature", which is the term standardized by [I7498-2]. (See:
electronic signature.)
$ DII
(O) See: Defense Information Infrastructure.
$ direct attack
(I) See: secondary definition under "attack". (Compare: indirect
attack.)
$ directory, Directory
1. (I) /not capitalized/ Refers generically to a database server
or other system that stores and provides access to values of
descriptive or operational data items that are associated with the
components of a system. (Compare: repository.)
Shirey Informational [Page 106]
RFC 4949 Internet Security Glossary, Version 2 August 2007
2. (N) /capitalized/ Refers specifically to the X.500 Directory.
(See: DN, X.500.)
$ Directory Access Protocol (DAP)
(N) An OSI protocol [X519] for communication between a Directory
User Agent (a type of X.500 client) and a Directory System Agent
(a type of X.500 server). (See: LDAP.)
$ disaster plan
(O) Synonym for "contingency plan".
Deprecated Term: IDOCs SHOULD NOT use this term; instead, for
consistency and neutrality of language, IDOCs SHOULD use
"contingency plan".
$ disclosure
See: unauthorized disclosure. Compare: exposure.
$ discretionary access control
1a. (I) An access control service that (a) enforces a security
policy based on the identity of system entities and the
authorizations associated with the identities and (b) incorporates
a concept of ownership in which access rights for a system
resource may be granted and revoked by the entity that owns the
resource. (See: access control list, DAC, identity-based security
policy, mandatory access control.)
Derivation: This service is termed "discretionary" because an
entity can be granted access rights to a resource such that the
entity can by its own volition enable other entities to access the
resource.
1b. (O) /formal model/ "A means of restricting access to objects
based on the identity of subjects and/or groups to which they
belong. The controls are discretionary in the sense that a subject
with a certain access permission is capable of passing that
permission (perhaps indirectly) on to any other subject." [DoD1]
$ DISN
(O) See: Defense Information Systems Network (DISN).
$ disruption
(I) A circumstance or event that interrupts or prevents the
correct operation of system services and functions. (See:
availability, critical, system integrity, threat consequence.)
Shirey Informational [Page 107]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Tutorial: Disruption is a type of threat consequence; it can be
caused by the following types of threat actions: incapacitation,
corruption, and obstruction.
$ Distinguished Encoding Rules (DER)
(N) A subset of the Basic Encoding Rules that always provides only
one way to encode any data structure defined by ASN.1. [X690].
Tutorial: For a data structure defined abstractly in ASN.1, BER
often provides for encoding the structure into an octet string in
more than one way, so that two separate BER implementations can
legitimately produce different octet strings for the same ASN.1
definition. However, some applications require all encodings of a
structure to be the same, so that encodings can be compared for
equality. Therefore, DER is used in applications in which unique
encoding is needed, such as when a digital signature is computed
on a structure defined by ASN.1.
$ distinguished name (DN)
(N) An identifier that uniquely represents an object in the X.500
Directory Information Tree (DIT) [X501]. (Compare: domain name,
identity, naming authority.)
Tutorial: A DN is a set of attribute values that identify the path
leading from the base of the DIT to the object that is named. An
X.509 public-key certificate or CRL contains a DN that identifies
its issuer, and an X.509 attribute certificate contains a DN or
other form of name that identifies its subject.
$ distributed attack
1a. (I) An attack that is implemented with distributed computing.
(See: zombie.)
1b. (I) An attack that deploys multiple threat agents.
$ Distributed Authentication Security Service (DASS)
(I) An experimental Internet protocol [R1507] that uses
cryptographic mechanisms to provide strong, mutual authentication
services in a distributed environment.
$ distributed computing
(I) A technique that disperses a single, logically related set of
tasks among a group of geographically separate yet cooperating
computers. (See: distributed attack.)
Shirey Informational [Page 108]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ distribution point
(I) An X.500 Directory entry or other information source that is
named in a v3 X.509 public-key certificate extension as a location
from which to obtain a CRL that may list the certificate.
Tutorial: A v3 X.509 public-key certificate may have a
"cRLDistributionPoints" extension that names places to get CRLs on
which the certificate might be listed. (See: certificate profile.)
A CRL obtained from a distribution point may (a) cover either all
reasons for which a certificate might be revoked or only some of
the reasons, (b) be issued by either the authority that signed the
certificate or some other authority, and (c) contain revocation
entries for only a subset of the full set of certificates issued
by one CA or (d) contain revocation entries for multiple CAs.
$ DKIM
(I) See: Domain Keys Identified Mail.
$ DMZ
(D) See: demilitarized zone.
$ DN
(N) See: distinguished name.
$ DNS
(I) See: Domain Name System.
$ doctrine
See: security doctrine.
$ DoD
(N) Department of Defense.
Usage: To avoid international misunderstanding, IDOCs SHOULD use
this abbreviation only with a national qualifier (e.g., U.S. DoD).
$ DOI
(I) See: Domain of Interpretation.
$ domain
1a. (I) /general security/ An environment or context that (a)
includes a set of system resources and a set of system entities
that have the right to access the resources and (b) usually is
defined by a security policy, security model, or security
architecture. (See: CA domain, domain of interpretation, security
perimeter. Compare: COI, enclave.)
Shirey Informational [Page 109]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Tutorial: A "controlled interface" or "guard" is required to
transfer information between network domains that operate under
different security policies.
1b. (O) /security policy/ A set of users, their information
objects, and a common security policy. [DoD6, SP33]
1c. (O) /security policy/ A system or collection of systems that
(a) belongs to a community of interest that implements a
consistent security policy and (b) is administered by a single
authority.
2. (O) /COMPUSEC/ An operating state or mode of a set of computer
hardware.
Tutorial: Most computers have at least two hardware operating
modes [Gass]:
- "Privileged" mode: a.k.a. "executive", "master", "system",
"kernel", or "supervisor" mode. In this mode, software can
execute all machine instructions and access all storage
locations.
- "Unprivileged" mode: a.k.a. "user", "application", or "problem"
mode. In this mode, software is restricted to a subset of the
instructions and a subset of the storage locations.
3. (O) "A distinct scope within which certain common
characteristics are exhibited and common rules are observed."
[CORBA]
4. (O) /MISSI/ The domain of a MISSI CA is the set of MISSI users
whose certificates are signed by the CA.
5. (I) /Internet/ That part of the tree-structured name space of
the DNS that is at or below the name that specifies the domain. A
domain is a subdomain of another domain if it is contained within
that domain. For example, D.C.B.A is a subdomain of C.B.A
6. (O) /OSI/ An administrative partition of a complex distributed
OSI system.
$ Domain Keys Identified Mail (DKIM)
(I) A protocol, which is being specified by the IETF working group
of the same name, to provide data integrity and domain-level (see:
DNS, domain name) data origin authentication for Internet mail
messages. (Compare: PEM.)
Tutorial: DKIM employs asymmetric cryptography to create a digital
signature for an Internet email message's body and selected
Shirey Informational [Page 110]
RFC 4949 Internet Security Glossary, Version 2 August 2007
headers (see RFC 1822), and the signature is then carried in a
header of the message. A recipient of the message can verify the
signature and, thereby, authenticate the identity of the
originating domain and the integrity of the signed content, by
using a public key belonging to the domain. The key can be
obtained from the DNS.
$ domain name
(I) The style of identifier that is defined for subtrees in the
Internet DNS -- i.e., a sequence of case-insensitive ASCII labels
separated by dots (e.g., "bbn.com") -- and also is used in other
types of Internet identifiers, such as host names (e.g.,
"rosslyn.bbn.com"), mailbox names (e.g., "rshirey@bbn.com") and
URLs (e.g., "http://www.rosslyn.bbn.com/foo"). (See: domain.
Compare: DN.)
Tutorial: The name space of the DNS is a tree structure in which
each node and leaf holds records describing a resource. Each node
has a label. The domain name of a node is the list of labels on
the path from the node to the root of the tree. The labels in a
domain name are printed or read left to right, from the most
specific (lowest, farthest from the root) to the least specific
(highest, closest to the root), but the root's label is the null
string. (See: country code.)
$ Domain Name System (DNS)
(I) The main Internet operations database, which is distributed
over a collection of servers and used by client software for
purposes such as (a) translating a domain name-style host name
into an IP address (e.g., "rosslyn.bbn.com" translates to
"192.1.7.10") and (b) locating a host that accepts mail for a
given mailbox address. (RFC 1034) (See: domain name.)
Tutorial: The DNS has three major components:
- Domain name space and resource records: Specifications for the
tree-structured domain name space, and data associated with the
names.
- Name servers: Programs that hold information about a subset of
the tree's structure and data holdings, and also hold pointers
to other name servers that can provide information from any
part of the tree.
- Resolvers: Programs that extract information from name servers
in response to client requests; typically, system routines
directly accessible to user programs.
Extensions to the DNS [R4033, R4034, R4035] support (a) key
distribution for public keys needed for the DNS and for other
protocols, (b) data origin authentication service and data
Shirey Informational [Page 111]
RFC 4949 Internet Security Glossary, Version 2 August 2007
integrity service for resource records, (c) data origin
authentication service for transactions between resolvers and
servers, and (d) access control of records.
$ domain of interpretation (DOI)
(I) /IPsec/ A DOI for ISAKMP or IKE defines payload formats,
exchange types, and conventions for naming security-relevant
information such as security policies or cryptographic algorithms
and modes. Example: See [R2407].
Derivation: The DOI concept is based on work by the TSIG's CIPSO
Working Group.
$ dominate
(I) Security level A is said to "dominate" security level B if the
(hierarchical) classification level of A is greater (higher) than
or equal to that of B, and A's (nonhierarchical) categories
include (as a subset) all of B's categories. (See: lattice,
lattice model.)
$ dongle
(I) A portable, physical, usually electronic device that is
required to be attached to a computer to enable a particular
software program to run. (See: token.)
Tutorial: A dongle is essentially a physical key used for copy
protection of software; that is, the program will not run unless
the matching dongle is attached. When the software runs, it
periodically queries the dongle and quits if the dongle does not
reply with the proper authentication information. Dongles were
originally constructed as an EPROM (erasable programmable read-
only memory) to be connected to a serial input-output port of a
personal computer.
$ downgrade
(I) /data security/ Reduce the security level of data (especially
the classification level) without changing the information content
of the data. (Compare: downgrade.)
$ downgrade attack
(I) A type of man-in-the-middle attack in which the attacker can
cause two parties, at the time they negotiate a security
association, to agree on a lower level of protection than the
highest level that could have been supported by both of them.
(Compare: downgrade.)
Shirey Informational [Page 112]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ draft RFC
(D) A preliminary, temporary version of a document that is
intended to become an RFC. (Compare: Internet-Draft.)
Deprecated Term: IDOCs SHOULD NOT use this term. The RFC series is
archival in nature and consists only of documents in permanent
form. A document that is intended to become an RFC usually needs
to be published first as an Internet-Draft (RFC 2026). (See:
"Draft Standard" under "Internet Standard".)
$ Draft Standard
(I) See: secondary definition under "Internet Standard".
$ DSA
(N) See: Digital Signature Algorithm.
$ DSS
(N) See: Digital Signature Standard.
$ dual control
(I) A procedure that uses two or more entities (usually persons)
operating in concert to protect a system resource, such that no
single entity acting alone can access that resource. (See: no-lone
zone, separation of duties, split knowledge.)
$ dual signature
(O) /SET/ A single digital signature that protects two separate
messages by including the hash results for both sets in a single
encrypted value. [SET2]
Deprecated Usage: IDOCs SHOULD NOT use this term except when
qualified as "SET(trademark) dual signature" with this definition.
Tutorial: Generated by hashing each message separately,
concatenating the two hash results, and then hashing that value
and encrypting the result with the signer's private key. Done to
reduce the number of encryption operations and to enable
verification of data integrity without complete disclosure of the
data.
$ dual-use certificate
(O) A certificate that is intended for use with both digital
signature and data encryption services. [SP32]
Usage: IDOCs that use this term SHOULD state a definition for it
by identifying the intended uses of the certificate, because there
are more than just these two uses mentioned in the NIST
publication. A v3 X.509 public-key certificate may have a "key
Shirey Informational [Page 113]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Usage" extension, which indicates the purposes for which the
public key may be used. (See: certificate profile.)
$ duty
(I) An attribute of a role that obligates an entity playing the
role to perform one or more tasks, which usually are essential for
the functioning of the system. [Sand] (Compare authorization,
privilege. See: role, billet.)
C <- 4. Definitions -> E