Previous section.
Distributed Audit Service (XDAS)
Copyright © 1998 The Open Group
Glossary
API
Application Programming Interface.
The interface between the application software and the application platform,
across which all services are provided.
The application programming interface is primarily in support of application
portability, but system and application interoperability are also supported
by a communication API (see POSIX.0).
audit
See Security Audit (see ISO/IEC 7498-2).
audit analysis
The analysis of audit data comprises manual or automated
processes which scrutinize the audit data to identify in them real
or potential security threats or to track system activity for the
purpose of assigning accountability. Several approaches are possible
including:
-
to compare activity with a profile based on normal behaviour;
-
to seek out unacceptable or suspicious events by establishing a rules
base for inappropriate system activity.
Analysis can generate filtering requirements which can be fed back
into the discrimination process and provide strong reporting utilities.
audit trail
See Security Audit Trail (see ISO/IEC 7498-2).
authenticated identity
An identity of a principal that has been assured through
authentication (see ISO/IEC 10081-2).
authentication
Verify claimed identity;
see data origin authentication, and peer entity authentication
(see ISO/IEC 7498-2).
Authentication information in the form of a security certificate which may be
used to assure the identity of an entity guaranteed by an authentication
authority (see ISO/IEC 10081-2).
authorization
The granting of rights, which includes the granting of access based on access
rights (see ISO/IEC 7498-2).
authorization policy
A set of rules, part of an access control policy, by which access by security
subjects to security objects is granted or denied. An authorization policy may
be defined in terms of access control lists, capabilities or attributes
assigned to security subjects, security objects
or both (see ECMA TR/46).
availability
The property of being accessible and usable upon demand by an authorized
entity (see ISO/IEC 7498-2).
client-server
These operations occur between a pair of communicating independent peer
processes. The peer process initiating a service request is termed the
client. The peer process responding to a service request is termed the
server. A process may act as both client and server in the context of a set
of transactions.
The peer processes may reside on the same or different processors.
The configuration most commonly envisaged as client-server is that of a
workstation hosting client processors servicing a single user communicating
with server processes on a host processor servicing multiple workstation
clients.
confidentiality
The property that information is not made available or disclosed to
unauthorized individuals, entities, or processes (see ISO/IEC 7498-2).
credentials
Data that is transferred to establish
the claimed identity of an entity (see ISO/IEC 7498-2).
data integrity
The property that data has not been altered or destroyed in an unauthorized
manner (see ISO/IEC 7498-2).
denial of service
The unauthorized prevention of authorized access to resources or the
delaying of time-critical operations (see ISO/IEC 7498-2).
identification
The assignment of a name by which an entity can be referenced.
The entity may be high level (such as a user) or low level (such as a
process or communication channel.
initiator
An entity (for example, human user or computer based entity) that attempts
to access other entities (see ISO/IEC 10081-3).
integrity
See Data Integrity (see ISO/IEC 7498-2).
policy
See security policy (see ISO/IEC 7498-2).
privacy
The right of individuals to control or influence what information related to
them may be collected and stored and by whom and to whom that information may
be disclosed.
- Note:
- because this term relates to the right of individuals, it cannot be
very precise and its use should be avoided except as a motivation for
requiring security (see ISO/IEC 7498-2).
security attribute
A security attribute is a piece of security information which is associated
with an entity.
security audit
An independent review and examination of system records and operations in
order to test for adequacy of system controls, to ensure compliance with
established policy and operational procedures, to detect breaches in security
and to recommend any indicated changes
in control, policy and procedures (see ISO/IEC 7498-2).
security audit message
A message generated following the occurrence of an auditable security-related
event (see ISO/IEC 10081-7).
security audit record
A single record in a security audit trail corresponding to a single
security-related event (see ISO/IEC 10081-7).
security audit trail
Data collected and potentially used to facilitate
a security audit (see ISO/IEC 7498-2).
security auditor
An individual or a process allowed to have access to the security audit trail
and to build audit reports (see ISO/IEC 10081-7).
security domain
A set of elements, a security policy, a security authority and a set of
security-relevant operations in which the set of elements are subject to the
security policy, administered by the security authority, for the specified
operations (see ISO/IEC 10081-1).
security policy
The set of criteria for the provision of security services (see also
identity-based and rule-based security policy).
security service
A service which may be invoked directly or indirectly by functions
within a system that ensures
adequate security of the system or of data transfers between
components of the system or with other systems.
target
An entity to which access may be attempted (see ISO/IEC 10081-3).
threat
A potential violation of security (see ISO/IEC 7498-2).
An action or event that might prejudice security (see ITSEC).
trust
A relationship between two elements, a set of operations and a security policy
in which element X trusts element Y if and only if X has confidence that Y
behaves in a well defined way (with respect to the operations) that does
not violate the given security policy (see ISO/IEC 10081-1).
trusted functionality
That which is perceived to be correct with respect to some criteria, for
example, as established by a security policy (see ISO/IEC 7498-2).
Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy
of this publication.