formula results from the CPAN

Amethyst
refinements => Requirement in a protection profile taken to a lower level of abstraction than the component on which it is based. Note: The refinement of a component requirement is necessary when multiple environment-specific requirements must be ass...
reliability => The probability of a given system performing its mission adequately for a specified period of time under the expected operating conditions.
requirements => Phase of the Development Process wherein the top level definition of the functionality of the system is produced.
residual risk => The portion of risk that remains after security measures have been applied.
residue => Data left in storage after processing operations are complete, but before degaussing or rewriting has taken place.
resource => anything used or consumed while performing a function. The categories of resources are: time, information, objects (information containers), or processors (the ability to use information). specific examples are: CPU time; terminal connect...
restricted area => Any area to which access is subject to special restrictions or controls for reasons of security or safeguarding of property or material.
risk => The expected loss due to, or impact of, anticipated threats in light of system vulner- abilities and strength or determination of relevant threat agents.
risk analysis => The process of identifying security risks, determining their magnitude, and identifying areas needing safeguards.  Risk analysis is a part of risk management.  Synonymous with risk assessment.
risk index => The disparity between the minimum clearance or authorization of system users and the maximum sensitivity (e.g., classification and categories) of data processed by a system.  See CSC-STD-003-85 and CSC-STD-004-85 for a complete explanat...
risk management => The total process of identifying, controlling, and eliminating or minimizing uncertain events that may affect system resources. It includes risk analysis, cost benefit analysis, selection, implementation and test, security evaluati...
role => A defined set of functionally related operations, and the authorisations necessary to perform those operations, which may be assigned to users.
RSA => A public key algorithm invented by Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman (RSA). RSA can be used to generate digital signatures, encrypt messages, and provide key management for DES (Data Encryption Standard), RC2 (Rivest Cipher ...
safeguards => See security safeguards.
scavenging => Searching through object residue to acquire unauthorized data.
secrecy policy => a security policy to prevent unauthorized users from reading sensitive information. See also Security Policy
secret key => The key that two parties share and keep secret for secret key cryptography. Given secret key algorithms of equal strength, the approximate difficulty of decrypting encrypted messages by brute force search can be measured by the number o...
secure state => A condition in which no subject can access any object in an unauthorized manner.
secure subsystem => A subsystem that contains its own implementation of the reference monitor concept for those resources it controls.  However, the secure subsystem must depend on other controls and the base operating system for the control of subje...
Security => The combination of confidentiality, integrity and availability. [ITSEC] Security Audit Trail - Set of records that collectively provide documentary evidence of pro- cessing used to aid in tracing from original transactions forward to rela...
security administrator => A user or user role about which assumptions of correct behaviour need to be made to ensure the continuing correct operation of the TOE.
security architecture => the subset of computer architecture dealing with the security of the computer or network system. See computer architecture, network architecture.
security attribute => Information,  controlled  by  the  TSF  and  used  in  TSP enforcement,  about  a  user, subject, resource or object.
security domain => Scope of potential interaction as enforced by the TSF. 
security enforcing => that which directly contributes to satisfying the security objectives of the Target of Evaluation.
SF => Security Function - A part or parts of the TOE which enforce a closely related subset of the rules and objectives from the TOE Security Policy (TSP).
SFP => Security Function Policy (SFP) - A closely related subset of the rules and objectives of the TSP. The security policy enforced by a security function (SF).
security kernel => The hardware, firmware, and software elements of a Trusted Computing Base that implement the reference monitor concept.  It must mediate all accesses, be protected from modification, and be verifiable as correct.
security level => The combination of a hierarchical classification and a set of non-hierarchical categories that represents the sensitivity of information.
security mechanism => the logic or algorithm that implements a particular security enforcing or security relevant function in hardware and software.
security objectives => The contribution to security which a system or product is intended to achieve.
security policy => A set of rules and procedures regulating the use of information including its processing, storage, distribution and presentation.
security relevant => that which is not security enforcing, but must function correctly for the Target of Evaluation to enforce security.
security target => a specification of the security required of a Target of Evaluation, used as a baseline for evaluation. The security target will specify the security enforcing functions of the Target of Evaluation. It will also specify the security...
security testing => A process used to determine that the security features of a system are implemented as designed and that they are adequate for a proposed application environment. This process includes hands-on functional testing, penetration testi...
security audit trail => The set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backward from records and reports to their compon...
security evaluation => An evaluation done to assess the degree of trust that can be placed in systems for the secure handling of sensitive information.  One type, a product evaluation, is an evaluation performed on the hardware and software features ...
security fault analysis => A security analysis, usually performed on hardware at gate level, to determine the security properties of a device when a hardware fault is encountered. 
security features =>  The security-relevant functions, mechanisms, and characteristics of system hardware and software.  Security features are a subset of system security safeguards.
security filter => A trusted subsystem that enforces a security policy on the data that pass through it.
security flaw => An error of commission or omission in a system that may allow protection mechanisms to be bypassed.
security measures => Elements of software, firmware, hardware, or procedures that are included in a system for the satisfaction of security specifications.
security perimeter => The boundary where security controls are in effect to protect assets.
security range => The highest and lowest security levels that are permitted in or on a system, system component, subsystem or network. 
security requirements => The types and levels of protection necessary for equipment, data, information, applications, and facilities to meet security policy.
security safeguards => The protective measures and controls that are prescribed to meet the security requirements specified for a system.  Those safeguards may include but are not necessarily limited to: hardware and software security  features, oper...
security specifications => A detailed description of the safeguards required to protect a system.
security target => (1) A specification of the security required of a target of evaluation, used as a baseline for evaluation. The security target will specify the security-enforcing functions of the target of evaluation. It will also specify the secu...
security testing => A process used to determine that the security features of a system are implemented as designed.  This includes hands-on functional testing, penetration testing, and verification. 
sensitive information => Any information, the loss, misuse, modification of, or unauthorized access to, could affect the national interest or the conduct of Federal programs, or the privacy to which individuals are entitled under  Section 552a of Tit...
shall => Indication that a requirement must be met unless a justification of why it cannot be met is given and accepted.
should => Indication of an objective requirement that requires less justification for non-con- formancy and should be more readily approved. Note: Should is often used when a specific requirement is not feasible in some situations or with common curr...
simple security condition => A Bell-LaPadula security model rule allowing a subject read access to an object only if the security level of the subject dominates the security level of the object.
simple security property => A Bell-La Padula security model rule allowing a subject read access to an object only if the security level of the subject dominates the security level of the object.  Synonymous with simple security condition.
single level device => A device that is used to process data of a single security level at any one time.  Since the device need not be trusted to separate data of different security levels, sensitivity labels do not have to be stored with the data be...
site certification => The comprehensive assessment of the technical and nontechnical security functions of an IT (information technology) system in its  operational environment to establish the extent to which the system meets a set of specified secu...
skipjack =>  A classified 64-bit block encryption, or secret key encryption,algorithm. The algorithm uses 80-bit keys (compared with 56 for DES) and has 32 computational rounds or iterations (compared with 16 for DES)=2E Skipjack supports all DES mod...
software security => General purpose (executive, utility or software development tools) and applications programs or routines that protect data handled by a system.
sponsor => the person or organisation that requests an evaluation.
spoofing => An attempt to gain access to a system by posing as an authorized user. (Synonymous with impersonating, masquerading, and mimicking.)
state delta verification system => A system designed to give high confidence regarding microcode performance by using formulas that represent isolated states of a computation to check proofs concerning the course of that computation.
state variable => A variable that represents either the state of the system or the state of some system resource. 
state => Give required information with no attempted or implied requirement, to justify the information presented.
storage object => An object that supports both read and write accesses.
SAISS => Subcommittee on Automated Information Systems Security  - authorizes and directs the establishment, under the NTISSC, of a permanent Subcommittee on Automated Information Systems Security.  The SAISS is composed of one voting member from eac...
subject => Active entity in an IT product or AIS, generally in the form of a process or device, that causes information to flow among objects or changes the system state.
system => an assembly of computer and/or communications hardware, software, and firmware configured for the purpose of classifying, sorting, calculating, computing, summarizing, transmitting and receiving, storing and retrieving data with the purpose...
system entry => Mechanism by which an identified and authenticated user is provided access into the system.
SSO => System Security Officer - the person responsible for the security of a system. The SSO is authorized to act in the "security administrator" role. Functions that the SSO is expected to perform include: auditing and changing security characteris...
system integrity => The quality that a system has when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. 
tampering => An unauthorized modification that alters the proper functioning of an equipment or system in a manner that degrades the security or functionality it provides.
TOE => Target of Evaluation - An IT system, product or component which is identified as requiring security evaluation.
TCB => (trusted computing base) subset: A set of software, firmware, and hardware (where any of these three could be absent) that mediates the access of a set S of subjects to a set O of objects on the basis of a stated access control policy P and sa...
technical attack => An attack that can be perpetrated by circumventing or nullifying hardware and software protection mechanisms, rather than by subverting system personnel or other users.
technical policy => (1) The set of rules regulating access of subjects to objects enforced by a TCB (trusted computing base) subset. (2) The set of rules regulating access of subjects to objects enforced by a computer system.
technical vulnerability => A hardware, firmware, communication, or software flaw that leaves a computer processing system open for potential exploitation, either externally or internally, thereby resulting in risk for the owner, user, or manager of t...
TEMPEST => The study and control of spurious electronic signals emitted by electrical equipment.
threat => Any circumstance or event with the potential to cause harm to a system in the form of destruction, disclosure, modification of data, and/or denial of service.
threat agent => A method used to exploit a vulnerability in a system, operation, or facility.
threat monitoring => The analysis, assessment, and review of audit trails and other data collected for the purpose of searching out system events that may constitute violations or attempted violations of system security.
ticket oriented => A computer protection system in which each subject maintainsa list of unforgeable bit patterns, called tickets, one for each object thesubject is authorized to access.  Compare list-oriented.
time dependent password => A password that is valid only at a certain time of day or during a specified interval of time.
TSF => TOE Security Functions  - All  parts  of  the  TOE which  have  to be relied  upon  for  enforcement  of  the  TOE Security Policy (TSP).
tool => a product used in the construction and/or documentation of a target of evaluation.
TLS => top-level specification - A nonprocedural description of system behavior  at the most abstract level - typically, a functional specification that omits all implementation details.
tranquility => A security model rule stating that the security level of an object cannot change while the object is being processed by an AIS. 
transaction => Set of subject actions and their associated data storage accesses.
trap door => (1) Hidden software or hardware mechanism that can be triggered to permit protection mechanisms in an automated information system to be circumvented. Note: A trap door is usually activated in some innocent-appearing manner (for example,...
trojan horse => A computer program with an apparently or actually useful function that contains additional (hidden) functions that surreptitiously exploit the legitimate authorizations of the invoking process to the detriment of security or integrity...
trusted channel => a mechanism by which two NTCB partitions can communicate directly. This mechanism can be activated by either of the NTCB partitions, cannot be imitated by untrusted software, and maintains the integrity of information that is sent ...
TCB => Trusted Computing Base - The totality of protection mechanisms within a computer system including hardware, firmware, and software the combination of which is responsible for enforcing a security policy. A TCB consists of one or more component...
trusted path => A mechanism by which a person at a terminal can communicate directly with the Trusted Computing Base.  This mechanism can only be activated by the person or the Trusted Computing Base and cannot be imitated by untrusted software. 
trusted subject => a subject that is part of the TCB. It has the ability to  violate the security policy, but is trusted not to actually do so. For examplein the BellLaPadulla model a trusted subject is not constrained by the *-property and thus has ...
untrusted => A qualifier implying that no assumptions about correct behaviour need to be made in order to ensure the correct enforcement of the TSP.
user => Any person who interacts directly with a computer system.
user id => user Identifier - Unique symbol or character string that is used by an IT product to uniquely identify a specific user.
validation => The process of assessing the usefullness of a system in relation to its intended use or purpose.
view => That portion of the database that satisfies the conditions specified in a query.
virus => (1) Malicious software, a form of Trojan horse, which reproduces itself in other executable code. (2) A self-propagating Trojan horse, composed of a mission component, a trigger component, and a self-propagating component. (3) Self-replicati...
vulnerability => Weakness in an information system or components (e.g., system  security procedures, hardware design, internal controls) that could be exploited to produce an information-related misfortune.
Vulnerability Assessment => an aspect of the assessment of the effectiveness of a Target of Evaluation, namely whether known vulnerabilities in that Target of Evaluation could in practice compromise its security as specified in the security target.
wiretapping => The real-time collection of transmitted data, such as dialed digits, and the sending of that data in real time to a listening device.
work factor => An estimate of the effort or time needed by a potential penetrator with specified expertise and resources to overcome a protective measure. 
write => A fundamental operation that results only in the flow of information from a subject to an object.
write access => permission to write an object.
( run in 0.647 second using v1.01-cache-2.11-cpan-0bb4e1dffa6 )