T <- 4. Definitions -> V
U
$ UDP
(I) See: User Datagram Protocol.
$ UDP flood
(I) A denial-of-service attack that takes advantage of (a) one
system's UDP test function that generates a series of characters
for each packet it receives and (b) another system's UPD test
function that echoes any character it receives; the attack
connects (a) to (b) to cause a nonstop flow of data between the
two systems. (See: flooding.)
$ unauthorized disclosure
(I) A circumstance or event whereby an entity gains access to
information for which the entity is not authorized.
Shirey Informational [Page 325]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Tutorial: This type of threat consequence can be caused by the
following types of threat actions: exposure, interception,
inference, and intrusion. Some methods of protecting against this
consequence include access control, flow control, and inference
control. (See: data confidentiality.)
$ unauthorized user
(I) /access control/ A system entity that accesses a system
resource for which the entity has not received an authorization.
(See: user. Compare: authorized user, insider, outsider.)
Usage: IDOCs that use this term SHOULD state a definition for it
because the term is used in many ways and could easily be
misunderstood.
$ uncertainty
(N) An information-theoretic measure (usually stated as a number
of bits) of the minimum amount of plaintext information that needs
to be recovered from cipher text to learn the entire plain text
that was encrypted. [SP63] (See: entropy.)
$ unclassified
(I) Not classified. (Compare: FOUO.)
$ unencrypted
(I) Not encrypted.
$ unforgeable
(I) /cryptography/ The property of a cryptographic data structure
(i.e., a data structure that is defined using one or more
cryptographic functions, e.g., "digital certificate") that makes
it computationally infeasible to construct (i.e., compute) an
unauthorized but correct value of the structure without having
knowledge of one of more keys.
Tutorial: This definition is narrower than general English usage,
where "unforgeable" means unable to be fraudulently created or
duplicated. In that broader sense, anyone can forge a digital
certificate containing any set of data items whatsoever by
generating the to-be-signed certificate and signing it with any
private key whatsoever. But for PKI purposes, the forged data
structure is invalid if it is not signed with the true private key
of the claimed issuer; thus, the forgery will be detected when a
certificate user uses the true public key of the claimed issuer to
verify the signature.
Shirey Informational [Page 326]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ uniform resource identifier (URI)
(I) A type of formatted identifier (RFC 3986) that encapsulates
the name of an Internet object, and labels it with an
identification of the name space, thus producing a member of the
universal set of names in registered name spaces and of addresses
referring to registered protocols or name spaces.
Example: HTML uses URIs to identify the target of hyperlinks.
Usage: "A URI can be classified as a locator (see: URL), a name
(see: URN), or both. ... Instances of URIs from any given scheme
may have the characteristics of names or locators or both, often
depending on the persistence and care in the assignment of
identifiers by the naming authority, rather than on any quality of
the scheme." IDOCs SHOULD "use the general term 'URI' rather than
the more restrictive terms 'URL' and 'URN'." (RFC 3986)
$ uniform resource locator (URL)
(I) A URI that describes the access method and location of an
information resource object on the Internet. (See: Usage under
"URI". Compare: URN.)
Tutorial: The term URL "refers to the subset of URIs that, besides
identifying a resource, provide a means of locating the resource
by describing its primary access mechanism (e.g., its network
'location')." (RFC 3986)
A URL provides explicit instructions on how to access the named
object. For example,
"ftp://bbnarchive.bbn.com/foo/bar/picture/cambridge.zip" is a URL.
The part before the colon specifies the access scheme or protocol,
and the part after the colon is interpreted according to that
access method. Usually, two slashes after the colon indicate the
host name of a server (written as a domain name). In an FTP or
HTTP URL, the host name is followed by the path name of a file on
the server. The last (optional) part of a URL may be either a
fragment identifier that indicates a position in the file, or a
query string.
$ uniform resource name (URN)
(I) A URI with the properties of a name. (See: Usage under "URI".
Compare: URL.)
Tutorial: The term URN "has been used historically to refer to
both URIs under the "urn" scheme (RFC 2141), which are required to
remain globally unique and persistent even when the resource
ceases to exist or becomes unavailable, and to any other URI with
the properties of a name." (RFC 3986)
Shirey Informational [Page 327]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ untrusted
(I) See: secondary definition under "trust".
$ untrusted process
1. (I) A system component that is not able to affect the state of
system security through incorrect or malicious operation. Example:
A component that has its operations confined by a security kernel.
(See: trusted process.)
2. (I) A system component that (a) has not been evaluated or
examined for adherence to a specified security policy and,
therefore, (b) must be assumed to contain logic that might attempt
to circumvent system security.
$ UORA
(O) See: user-PIN ORA.
$ update
See: "certificate update" and "key update".
$ upgrade
(I) /data security/ Increase the classification level of data
without changing the information content of the data. (See:
classify, downgrade, regrade.)
$ URI
(I) See: uniform resource identifier.
$ URL
(I) See: uniform resource locator.
$ URN
(I) See: uniform resource name.
$ user
See: system user.
Usage: IDOCs that use this term SHOULD state a definition for it
because the term is used in many ways and could easily be
misunderstood.
$ user authentication service
(I) A security service that verifies the identity claimed by an
entity that attempts to access the system. (See: authentication,
user.)
Shirey Informational [Page 328]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ User Datagram Protocol (UDP)
(I) An Internet Standard, Transport-Layer protocol (RFC 768) that
delivers a sequence of datagrams from one computer to another in a
computer network. (See: UPD flood.)
Tutorial: UDP assumes that IP is the underlying protocol. UDP
enables application programs to send transaction-oriented data to
other programs with minimal protocol mechanism. UDP does not
provide reliable delivery, flow control, sequencing, or other end-
to-end service guarantees that TCP does.
$ user identifier
(I) See: identifier.
$ user identity
(I) See: identity.
$ user PIN
(O) /MISSI/ One of two PINs that control access to the functions
and stored data of a FORTEZZA PC card. Knowledge of the user PIN
enables a card user to perform the FORTEZZA functions that are
intended for use by an end user. (See: PIN. Compare: SSO PIN.)
$ user-PIN ORA (UORA)
(O) /MISSI/ A MISSI organizational RA that operates in a mode in
which the ORA performs only the subset of card management
functions that are possible with knowledge of the user PIN for a
FORTEZZA PC card. (See: no-PIN ORA, SSO-PIN ORA.)
$ usurpation
(I) A circumstance or event that results in control of system
services or functions by an unauthorized entity. This type of
threat consequence can be caused by the following types of threat
actions: misappropriation, misuse. (See: access control.)
$ UTCTime
(N) The ASN.1 data type "UTCTime" contains a calendar date
(YYMMDD) and a time to a precision of either one minute (HHMM) or
one second (HHMMSS), where the time is either (a) Coordinated
Universal Time or (b) the local time followed by an offset that
enables Coordinated Universal Time to be calculated. (See:
Coordinated Universal Time. Compare: GeneralizedTime.)
Usage: If you care about centuries or millennia, you probably need
to use the GeneralizedTime data type instead of UTCTime.
Shirey Informational [Page 329]
T <- 4. Definitions -> V