Security in Computing, 4th Edition

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z]

Object code, legal issues [See also Copyright.]

Objects, digital

     allocation

     copying

     copyright

     information as

     legal issues

     patents

    protected [See Protected objects.]

     reusing

OCTAVE methodology

Odd parity

Odlyzko, Andrew

Offers, web privacy

Offsite backups

One-by-one gif [See Web bugs.]

One-time execution viruses

One-time pads

One-time passwords 2nd

One-way functions

Onion routing

Online banking

Online environment

Online profiling

Opaqueness, of network

Opcodes

Open design

Open source

Open Systems Interconnection (OSI) model

Open versus closed organizations

Operating system data protection

Operating system protection features

Operating system security [See also Programs, security; Trusted systems.]

     cryptographic separation

     executives

     file protection

         all-none

         group

         individual permissions

         per-object

         per-user

         persistent permissions

         SUID (set userid)

         temporary acquired permissions

     granularity

     hardware-enforced protection

     history of

     levels of protection

     logical separation

     memory and address protection

         base/bounds registers

         context switch

         fences

         page frames

         paging 2nd

         relocation

         relocation factor

         segment address table

         segmentation 2nd

        selective protection [See Tagged architecture.]

         tagged architecture

     monitors

     multiprogrammed operating systems

     physical separation

     protected objects, accessing

         access control matrix

         ACLs (access control lists)

         AS (authentication server)

         capability

         directories

         domains

         erasing deleted files

         KDC (key distribution center)

         Kerberos

         local name space

         procedure-oriented

         protection goals

         pseudonyms

         revocation of access

         role-based

         single sign-on

         TGS (ticket-granting server)

         types of

         wild cards

     protection methods

     separation

     system functions

     temporal separation

     user authentication

         additional authentication information

         biometrics 2nd

         challenge-response system 2nd

         cookies

         flaws

         impersonating trusted systems

         impersonation of login

         multifactor authentication

         one-time passwords

         overview

         password attacks

         password selection criteria

         passwords as authenticators

         phishing

         process description

         single sign-on

         two-factor authentication

         versus identification

Opportunity cost

Optical fiber networks

     description

     eavesdropping

     wiretapping

Oracle, estimating security costs

Oracles

Orange Book [See TCSEC (Trusted Computer System Evaluation Criteria).]

Organizational culture

     cultural practices

     cultural values

     dimensions of

     employee versus job

     heroes

     loose versus tight control

     normative versus pragmatic

     open versus closed

     parochial versus professional

     process versus results

     rituals

     role of organizational culture

     security choices, examples

     symbols

Organized crime

Originality of work

OSI (Open Systems Interconnection) model

Overlapping controls

Overwriting magnetic data

Owners

Ownership

     networks

     of data

     programs

     web sites

Ozment, Andy