d686 all

all the terms

mechanisms

implement the enforcement of protection policies and control access to resources

policies

set rules for how resources should be accessed and used, providing guidelines for access control

principle of least privilege

A design principle stating that every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.

permissions

An entity's access rights to an object (e.g., a user's access rights to a file).

compartmentalization

The process of protecting each system component through the use of specific permissions and access restrictions.

audit trail

The collection of activities in a log for monitoring or review.

defense in depth

The theory that more layers of defense provide stronger defense than fewer layers.

principle of least privilege

A design principle stating that every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.

protection rings

a model for privilege separation where concentric rings represent different privilege levels, with inner rings having higher privileges

ring 3

the outermost ring with the lowest privileges, where user-mode code runs with restricted access

ring 0

the innermost ring with the highest privileges, where the kernel operates with full access

hypervisor

The computer function that manages the virtual machine; also called a virtual machine manager (VMM).

TrustZone (TZ)

ARM processor implementation of the most secure protection ring.

secure monitor call (SMC)

An ARM processor special instruction that can be used by the kernel to request services from the TrustZone.

hardware objects

The CPU, memory devices, input/output (I/O) devices, and any other physical components that are part of a computer

software objects

The software components that make up a computer or device (files, programs, semaphores, etc.).

need-to-know principle

The principle that only those resources currently needed should be available to use at a given time.

protection domain

In protection, a set of resources that a process may access. In virtualization, a virtual machine manager creates a protection domain for each guest to inform the CPU of which physical memory pages belong to that guest.

access right

The ability to execute an operation on an object.

domain switching

The mechanism for switching dynamic domains

access matrix

An abstract model of protection in which each row represents a domain, each column an object, and each entry a set of access rights.

confinement problem

The problem of guaranteeing that no information initially held in an object can migrate outside of its execution environment.

access list

a set of rules that controls the permissions granted to users or systems for accessing various resources, such as files, directories, or network services

capability list

a protection mechanism listing objects and the permitted operations on each

capability

a token or key representing an object's access rights in a capability list

role-based access control (RBAC)

a method of access control in which roles rather than individual users directly receive permissions, enhancing security and simplifying administration

mandatory access control (MAC)

security settings enforced by system policies that restrict access based on predefined rules and labels.

role

a predefined set of permissions assigned to users based on their organizational position or function within RBAC systems

discretionary access control (DAC)

permission system that allows users to decide who can access files and resources

labels

identifiers assigned to objects or users in a system; used to enforce security policies

mount point

The location within the file structure where a file system is attached

raw disk

Direct access to a secondary storage device as an array of blocks with no file system.

bootstrap loader

The small program that loads the kernel as part of the bootstrap procedure.

dual-booted

A term describing a computer that can boot one of two or more installed operating systems.

root partition

The storage partition that contains the kernel and the root file system; the one mounted at boot.

new technology file system (NTFS)

Microsoft-designed file system, successor to FAT32, supports 64-bit volume sizes, provides journaling for reliability, file-based data compression

EXT2

second extended file system, no journaling, and recommended for flash drives and USB drives.

EXT3

third extended file system, supports journaling, and reduces file system corruption risk

EXT4

fourth extended file system supports large file and system sizes, and new features like multiblock allocation, delayed allocation, and journal checksum

master file table (MFT)

contains file records like inodes, organized in a B-Tree structure, managed like any other file

metafiles

special files managed like regular files, including log file, volume file, attribute definition file, bitmap file, boot file, bad cluster file, and root directory

volume bitmap

identifies free space within the volume, can grow dynamically

file record

entry in MFT containing attributes such as file name, creation date, permissions, can contain small files and directories, or pointers to file data for large files

data streams

multiple data streams can be associated with a file, default is the mainstream

directories

contain file names and references, organized as a sorted B+ tree for large directories, redundant data for optimization.

EXT2/EXT3/EXT4 file systems

Linux file systems, each with distinct features and capabilities

security

the protection of computer systems and data from unauthorized access, corruption, and breaches, ensuring data integrity, confidentiality, and proper user authentication

protection

rules and tools used to control who can access and use system resources, making sure only authorized users and processes can interact with files and data

attacker

a person trying to harm or gain unauthorized access to a computer system

attack

an attempt to harm or gain unauthorized access to a computer system

threat

a potential danger to the security of a system 

security violations

unauthorized actions or breaches that compromise the confidentiality, integrity, or availability of a system, data, or network

denial-of-service (DoS)

blocking the normal use of a system by overwhelming it with requests that slow or stop its normal functions

masquerading

pretending to be someone else to gain unauthorized access

replay attack

repeating a valid data transmission to trick a system

man-in-the-middle attack

when an attacker secretly intercepts and alters the communication between two parties

session hijacking

taking control of a communication session between two parties

privilege escalation

gaining more privileges than a person or system should have

secure

The state of a system whose resources are used and accessed as intended under all circumstances.

intruder

Someone attempting to breach security.

hacker

Someone attempting to breach computer security.

attacker

Someone attempting to breach a computer system's security.

threat

The potential for a security violation.

attack

An attempt to break a computer system's security.

denial-of-service

Preventing legitimate use of a system.

masquerading

A practice in which a participant in a communication pretends to be someone else (another host or another person).

authentication

The process of correctly identifying a person or device. In cryptography, constraining the set of potential senders of a message.

replay attack

The malicious or fraudulent repetition of a valid transmission.

man-in-the-middle attack

An attack in which the attacker sits in the middle of the data flow of a communication, masquerading as the sender to the receiver and vice versa

session hijacking

The interception of a communication.

privilege escalation

The enabling of more privileges than an entity (process, system, person) should have.

attack surface

The sum of the methods available to attack a system (e.g., all of the network ports that are open, plus physical access).

social engineering

A practice in which an attacker tricks someone into performing some task for the attacker (such as sending the attacker confidential information).

phishing

A class of social engineering attacks in which a legitimate-looking e-mail or website tricks a user into breaching confidentiality or enabling privilege escalation.

malware

software created to harm, exploit, or take control of computer systems

logic bomb

malware that activates when specific conditions are met

ransomware

malware that locks or encrypts your computer files and demands payment to unlock them

spyware

a type of malware that secretly collects information about a person or organization

trap door

a hidden way into a computer system left by an attacker for future access

back door

a secret method of accessing a computer system, often left by an attacker after a successful hack

Trojan Horse

a program that appears harmless but performs harmful actions

code-injection attack

an attack where harmful code is added to a good program

virus

a harmful piece of code that copies itself and can damage or change files and programs

worm

malware that spreads itself between computers without human help

secure by default

Describes a system or computer whose initial configuration decreases its attack surface.

zombie systems

Compromised systems that are being used by attackers without the owners' knowledge

sniffing

An attack in which the attacker monitors network traffic to obtain useful information.

spoof

The imitation of a legitimate identifier (such as an IP address) by an illegitimate user or system.

distributed denial-of-service attack (DDoS)

An attack from multiple sources (frequently a botnet of zombies) with the purpose of denying legitimate use of the attacked resource.

cryptography

A tool used to constrain the potential senders and/or receivers of a message (or stored data).

keys

In the context of protection, unique bit patterns held by domains corresponding with unique bit patterns (locks) held by objects. Generally, secrets used in cryptography.

encryption

The use of cryptography to limit the receivers of a message or access to data.

cryptography

A tool used to constrain the potential senders and/or receivers of a message (or stored data)

keys

In the context of protection, unique bit patterns held by domains corresponding with unique bit patterns (locks) held by objects. Generally, secrets used in cryptography.

encryption

The use of cryptography to limit the receivers of a message or access to data.

symmetric encryption algorithm

A cryptography algorithm in which the same keys are used to encrypt and decrypt the message or data.

data-encryption standard (DES)

A cipher (algorithm for doing encryption and decryption) provided by the U.S. National Institute of Standards and Technology (NIST).

block cipher

A cipher that works on blocks of data (rather than bits).

triple DES

A modification of DES that uses the same algorithm three times and uses two or three keys to make the encryption more difficult to break.

advanced encryption standard (AES)

The NIST cipher designed to replace DES and triple DES.