Software Security - Week 09

0.0(0)
studied byStudied by 0 people
linked notesView linked note
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/19

flashcard set

Earn XP

Description and Tags

Vocabulary flashcards for SWE210 Software Security Week 9 lecture notes.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

20 Terms

1
New cards

Authentication

The process of identifying and maintaining a digital identity on a computer system.

2
New cards

NIST SP 800-63-2

NIST Special Publication 800-63-2 provides guidelines for e-authentication architectural model.

3
New cards

Password-based Authentication

A common defense against intruders involving comparing a user-supplied password against a stored value.

4
New cards

Hashed Passwords

A security technique using hashed passwords and a salt value to enhance password protection.

5
New cards

Salt Value

A random value added to a password before hashing to prevent dictionary attacks and visibility of duplicate passwords.

6
New cards

Token-based Authentication

Authentication using physical objects a user possesses.

7
New cards

Memory Cards

Cards storing data but lacking processing capabilities

8
New cards

Smart Cards

Physical cards with embedded integrated chips for use as security tokens.

9
New cards

Electronic Identity Cards

Smart cards used as national identification for citizens to access government and commercial services.

10
New cards

Biometric Authentication

Authentication based on unique physical characteristics like fingerprints or facial features.

11
New cards

Remote User Authentication

Verifying a user's identity when accessing a system from outside the physical premises.

12
New cards

Kerberos

An authentication service developed at MIT, used to authenticate service requests between trusted hosts across untrusted networks.

13
New cards

Key Distribution Center (KDC)

The centralized authentication server in Kerberos, authenticating users to servers and servers to users.

14
New cards

Access Control

The prevention of unauthorized use of a resource.

15
New cards

Authentication (Access Control Principle)

The verification of an identity claimed by or for a system entity.

16
New cards

Authorization

The granting of a right or permission to a system entity to access a system resource.

17
New cards

Audit

A review and analysis of activity logs to ensure security policies are followed.

18
New cards

Subject (Access Control)

An entity capable of accessing objects.

19
New cards

Object (Access Control)

A resource to which access is controlled.

20
New cards

Access Right

Describes the way in which a subject may access an object.