T <- 4. Definitions -> V
U English
- $ UDP
- (I) See: User Datagram Protocol.
$ UDP flood- (I) A denial-of-service attack that takes advantage of (a) one system's UDP test function that generates a series of characters for each packet it receives and (b) another system's UPD test function that echoes any character it receives; the attack connects (a) to (b) to cause a nonstop flow of data between the two systems. (See: flooding.)
$ unauthorized disclosure- (I) A circumstance or event whereby an entity gains access to information for which the entity is not authorized.
Tutorial: This type of threat consequence can be caused by the following types of threat actions: exposure, interception, inference, and intrusion. Some methods of protecting against this consequence include access control, flow control, and inference control. (See: data confidentiality.)
$ unauthorized user- (I) /access control/ A system entity that accesses a system resource for which the entity has not received an authorization. (See: user. Compare: authorized user, insider, outsider.)
Usage: IDOCs that use this term SHOULD state a definition for it because the term is used in many ways and could easily be misunderstood.
$ uncertainty- (N) An information-theoretic measure (usually stated as a number of bits) of the minimum amount of plaintext information that needs to be recovered from cipher text to learn the entire plain text that was encrypted. [SP63] (See: entropy.)
$ unclassified- (I) Not classified. (Compare: FOUO.)
$ unencrypted- (I) Not encrypted.
$ unforgeable- (I) /cryptography/ The property of a cryptographic data structure (i.e., a data structure that is defined using one or more cryptographic functions, e.g., "digital certificate") that makes it computationally infeasible to construct (i.e., compute) an unauthorized but correct value of the structure without having knowledge of one of more keys.
Tutorial: This definition is narrower than general English usage, where "unforgeable" means unable to be fraudulently created or duplicated. In that broader sense, anyone can forge a digital certificate containing any set of data items whatsoever by generating the to-be-signed certificate and signing it with any private key whatsoever. But for PKI purposes, the forged data structure is invalid if it is not signed with the true private key of the claimed issuer; thus, the forgery will be detected when a certificate user uses the true public key of the claimed issuer to verify the signature.
$ uniform resource identifier (URI)- (I) A type of formatted identifier (RFC 3986) that encapsulates the name of an Internet object, and labels it with an identification of the name space, thus producing a member of the universal set of names in registered name spaces and of addresses referring to registered protocols or name spaces.
Example: HTML uses URIs to identify the target of hyperlinks.
Usage: "A URI can be classified as a locator (see: URL), a name (see: URN), or both. ... Instances of URIs from any given scheme may have the characteristics of names or locators or both, often depending on the persistence and care in the assignment of identifiers by the naming authority, rather than on any quality of the scheme." IDOCs SHOULD "use the general term 'URI' rather than the more restrictive terms 'URL' and 'URN'." (RFC 3986)
$ uniform resource locator (URL)- (I) A URI that describes the access method and location of an information resource object on the Internet. (See: Usage under "URI". Compare: URN.)
Tutorial: The term URL "refers to the subset of URIs that, besides identifying a resource, provide a means of locating the resource by describing its primary access mechanism (e.g., its network 'location')." (RFC 3986)
A URL provides explicit instructions on how to access the named object. For example, "ftp://bbnarchive.bbn.com/foo/bar/picture/cambridge.zip" is a URL. The part before the colon specifies the access scheme or protocol, and the part after the colon is interpreted according to that access method. Usually, two slashes after the colon indicate the host name of a server (written as a domain name). In an FTP or HTTP URL, the host name is followed by the path name of a file on the server. The last (optional) part of a URL may be either a fragment identifier that indicates a position in the file, or a query string.
$ uniform resource name (URN)- (I) A URI with the properties of a name. (See: Usage under "URI". Compare: URL.)
Tutorial: The term URN "has been used historically to refer to both URIs under the "urn" scheme (RFC 2141), which are required to remain globally unique and persistent even when the resource ceases to exist or becomes unavailable, and to any other URI with the properties of a name." (RFC 3986)
$ untrusted- (I) See: secondary definition under "trust".
$ untrusted process- 1. (I) A system component that is not able to affect the state of system security through incorrect or malicious operation. Example: A component that has its operations confined by a security kernel. (See: trusted process.)
2. (I) A system component that (a) has not been evaluated or examined for adherence to a specified security policy and, therefore, (b) must be assumed to contain logic that might attempt to circumvent system security.
$ UORA- (O) See: user-PIN ORA.
$ update- See: "certificate update" and "key update".
$ upgrade- (I) /data security/ Increase the classification level of data without changing the information content of the data. (See: classify, downgrade, regrade.)
$ URI- (I) See: uniform resource identifier.
$ URL- (I) See: uniform resource locator.
$ URN- (I) See: uniform resource name.
$ user- See: system user.
Usage: IDOCs that use this term SHOULD state a definition for it because the term is used in many ways and could easily be misunderstood.
$ user authentication service- (I) A security service that verifies the identity claimed by an entity that attempts to access the system. (See: authentication, user.)
$ User Datagram Protocol (UDP)- (I) An Internet Standard, Transport-Layer protocol (RFC 768) that delivers a sequence of datagrams from one computer to another in a computer network. (See: UPD flood.)
Tutorial: UDP assumes that IP is the underlying protocol. UDP enables application programs to send transaction-oriented data to other programs with minimal protocol mechanism. UDP does not provide reliable delivery, flow control, sequencing, or other end- to-end service guarantees that TCP does.
$ user identifier- (I) See: identifier.
$ user identity- (I) See: identity.
$ user PIN- (O) /MISSI/ One of two PINs that control access to the functions and stored data of a FORTEZZA PC card. Knowledge of the user PIN enables a card user to perform the FORTEZZA functions that are intended for use by an end user. (See: PIN. Compare: SSO PIN.)
$ user-PIN ORA (UORA)- (O) /MISSI/ A MISSI organizational RA that operates in a mode in which the ORA performs only the subset of card management functions that are possible with knowledge of the user PIN for a FORTEZZA PC card. (See: no-PIN ORA, SSO-PIN ORA.)
$ usurpation- (I) A circumstance or event that results in control of system services or functions by an unauthorized entity. This type of threat consequence can be caused by the following types of threat actions: misappropriation, misuse. (See: access control.)
$ UTCTime- (N) The ASN.1 data type "UTCTime" contains a calendar date (YYMMDD) and a time to a precision of either one minute (HHMM) or one second (HHMMSS), where the time is either (a) Coordinated Universal Time or (b) the local time followed by an offset that enables Coordinated Universal Time to be calculated. (See: Coordinated Universal Time. Compare: GeneralizedTime.)
Usage: If you care about centuries or millennia, you probably need to use the GeneralizedTime data type instead of UTCTime.
T <- 4. Definitions -> V