Security in Computing, 4th Edition

2017-07-07 02:10:07

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z]

P class

P-boxes 2nd

Packet filtering gateways

Packet sniffers

Packets, network 2nd

Page address translation

Page frames

Page size

Page translation table

Paged segmentation

Paging 2nd

Palladium (protect memory project)

Parallel attack

Parity check

Parker, Donn

Parochial versus professional organizations

Partial ordering

Partial plaintext attacks

Partitioning multilevel databases

Pass-through problem

Passenger Name Record (PNR)

Passive fault detection

Passive wiretapping

Passport

Password attacks

12-step process

brute force

encrypted password file

exhaustive

guessing

indiscreet users

plaintext password list

probability

salt extension

trial and error

weak passwords

Passwords

as authenticators

frequency of change

guessing

Microsoft

mnemonic qualities

network tokens

one-time

selection criteria

with Kerberos

Patents

definition

Diamond v. Bradley

Diamond v. Diehr

for computer objects

Gottschalk v. Benson

infringement

legal issues 2nd

ownership

registering

requirements of novelty

Path, trusted [See Trusted path.]

Patriot Act

Patterns

cryptographic permutations

database reliability

virus signatures

Payment schemes, web privacy

Payments online, web privacy

PDF, deleting text

Peer reviews

Peers, network

Penetrate-and-patch technique

Penetration testing 2nd 3rd

Per-object file protection

Per-session cookies

Per-subject protection

Per-user file protection

Performance testing

Permission based principles of trusted systems

Permissions [See also Privilege.]

individual

persistent

temporary acquired

Permutation cycle

Permutations

columnar transpositions

combined approaches

definition

digram analysis

digrams

encipherment/decipherment complexity

patterns

product ciphers

substitution ciphers

symmetric encryption

trigrams

types

Permuted choices

Persistent cookies

Personal computer users, security responsibilities

Personal firewall

Personal identification number (PIN)

Personnel staff members, security responsibilities

PGP (Pretty Good Privacy)

Phishing 2nd [See also Impersonation.]

Photon reception

Photons, cryptography with

Physical controls

Physical security

backing up data

cold site backups

complete backups

computer screen emanations

contingency planning

definition

degaussing magnetic data

"dirty" power

fires

floods

guards

hot site backups

intercepting sensitive information

locks

natural disasters

networked backups

offsite backups

overwriting magnetic data

power loss

revolving backups

selective backups

shell backups

shredding paper data

smart cards

surge suppressors

Tempest program

theft prevention

unauthorized access

UPS (uninterruptible power supply)

vandalism

Physical separation 2nd

PIN (personal identification number)

Ping of death

Ping protocol

Piracy

Pixel tags [See Web bugs.]

PKI (public key infrastructure)

Plaintext

chosen plaintext attacks

ciphertext only attacks

definition

full plaintext attacks

partial plaintext attacks

password list attacks

probable plaintext attacks

Planning, security [See Risk analysis; Security plan.]

PNR (Passenger Name Record)

Poem codes

Polarizing filters

Policies [See also Principles; Security policies; Standards.]

economic

privacy [See Privacy.]

security [See Security policies.]

Polyinstantiation

Polymorphism, viruses

Port numbers

Port scans

Power off, virus defense

Power, electrical

Power, Richard

PR/SM [See IBM, Processor Resources/System Manager.]

Pragmatic versus normative organizations

Precision versus security

Prediction, of risk [See Risk analysis.]

Pretty Good Privacy (PGP)

Prevention [See Controls; Defense methods.]

Prime numbers

Primitive operations

Principles [See also Policies; Standards.]

economic

privacy [See Privacy.]

security

adequate protection

easiest penetration

effectiveness

weakest link

trusted systems [See Trusted systems.]

Privacy [See also Confidentiality.]

access control

affected subject

aspects of

authentication

anonymized records

attributes

identity 2nd

individual 2nd

meaning of

overview

case study

computer-related problems

controlled disclosure

data mining

aggregation of data

correlation of data

data perturbation

government

preserving privacy

sensitive data

dimensions of privacy

e-mail

access control

anonymous

interception

mixmaster remailers

monitoring

overview

remailers

simple remailers

spamming

spoofing

transmitting

emerging technologies

consumer products

electronic voting

overview

privacy issues

RFID (radio frequency identification)

security issues

Skype

VoIP (Voice over IP)

government and

Council of Europe

European Privacy Directive

Icelandic DNA database

principles and policies

U.K. RIPA (Regulation of Investigatory Powers Act)

history of

information collection 2nd

information disclosure

information retention

information security

information usage

informed consent

loss of control

monitoring

on the web

advertising

adware

contests

credit card payments

drive-by installation

highjackers

keystroke loggers

offers

online environment

online profiling

payment schemes

payments online

precautions

registration

shopping

site ownership

spyware

third-party ads

third-party cookies

web bugs

ownership of data

policy changes

principles and policies

access control

anonymity

audit trails

authentication

Convention 2nd

COPPA (Children's Online Privacy Protection Act)

Council of Europe

data access risks

data anonymization

data left in place

data minimization

deceptive practices

defense methods

Directive 95/46/EC

e-Government Act of 2000

European Privacy Directive

Fair Credit Reporting Act

fair information

Fair Information Policies

Federal Educational Rights and Privacy Act

FTC (Federal Trade Commission)

GLBA (Graham-Leach-Bliley Act)

government policies

HIPAA (Health Insurance Portability and Accountability Act)

identity theft

multiple identities

non-U.S.

Privacy Act (5 USC 552a)

protecting stored data

pseudonymity

quality

restricted usage

training

U.S. laws

Ware committee report

web site controls, commercial

web site controls, government

rights, ethical issues

RIPA (Regulation of Investigatory Powers Act)

sensitive data

Privacy Act 2nd

Privacy-preserving data mining

Private key encryption [See also AES (Advanced Encryption System); DES (Data Encryption Standard); Symmetric encryption.]

Privilege [See also Permissions.]

escalation

limited

Probability

Probability password attacks

Probable plaintext attacks

Probable value disclosure

Problems, cryptographic

Procedure-oriented access control

Process activation

Process versus results organizations

Product cipher, DES

Product ciphers

Product ownership

Professional versus parochial organizations

Profile, of attackers

Programs

definition [See also Applications; Code (program); Software.]

protection legal issues

computer objects

documentation protection

domain names

firmware

hardware

object code software

patents 2nd

reverse engineering

source code software

trade secrets 2nd

trademark

URLs

web content

Programs, security [See also Operating system security; Trusted systems.]

controls [See Controls.]

cyber attacks

errors

failures

faults

fixing faults

flaws

aliasing

authentication

boundary conditions

definition

domain errors

identification

logic errors

overview

serialization

types of

validation errors

IEEE Standard 2nd

intentional incidents [See Cyber attacks.]

malicious code [See also Attacks, methods; Trapdoors; Viruses.]

agents

back doors [See Trapdoors.]

history of

implementation time

interface illusions

keystroke logging

leaking information [See Covert channels.]

logic bombs

man-in-the-middle attacks

potential for harm

privilege escalation

rabbits

rootkit revealers

rootkits

Sony XCP (extended copy protection) rootkit

spoofing

threat assessment

time bombs

timing attacks

Trojan horses

types of 2nd

worms

zero day exploits

nonmalicious errors

buffer overflows

causes of failures

combined flaws

incomplete mediation

synchronization

time-of-check to time-of-use errors

overview

penetrate-and-patch technique

unexpected behavior

Project leaders, security responsibilities

Proliferation of keys

Proof of program correctness

Propagation of errors

Proprietary resources, ethical issues

Prosecuting computer crime

Protected objects, accessing

access control matrix

ACLs (access control lists)

AS (authentication server)

capability

directories

domains

erasing deleted files

KDC (key distribution center)

Kerberos

local name space

procedure-oriented

protection goals

pseudonyms

revocation of access

role-based

single sign-on

TGS (ticket-granting server)

types of

wild cards

Protecting stored data

Protection [See Controls; Defense methods.]

Protection profiles

Protection system commands

Protection systems

Protocols

destination unreachable

echo

encryption

failures

flaws

networking

ping

SMTP (simple mail transport protocol)

SNMP (simple network management protocol)

source quench

stack

TCP/IP

UDP (user datagram protocol)

Provenzano, Bernardo

Proxies

Proxy firewall

Pseudonymity

Pseudonyms

PSOS (Provably Secure Operating System)

Public domain

Public key encryption [See also Asymmetric encryption; RSA (Rivest-Shamir-Adelman) encryption.]

characteristics

definition

flow diagram

key proliferation

purpose of

Public key infrastructure (PKI)

Index

Категории