Notes - Computer Security MT24, Basic definitions
Flashcards
@Define authorisation.
The specification of rights of actors to access resources.
@Define confidentiality.
Information is not disclosed to unauthorised entities.
@Define integrity.
If information is altered by unauthorised entities, then authorised entities are aware it was altered.
@Define authentication.
Verification of identity.
How is authentication different from authorisation?
An attacker might be authenticated (e.g. through a stolen password) but they are still not authorised.
@Define the three components of an authenticated channel.
Every message on the channel:
- Was sent by the purported sender
- Was received by the intended recipient
- Was not received out-of-order or in duplicate
@Define non-repudiation.
An actor cannot deny having taken a particular action. As a special case, it means an actor is unable to deny that they authored a particular message.
@Define availability.
Availability means information and resources are available to authorised parties.
@Define a security model.
A mathematical formulation of security policies, which can be used to answer questions like:
- Does this system protect the confidentiality or integrity of certain data?
@Define commitment.
Demonstrating you know a piece of information without revealing the information until later.
@Define an offline attack.
An attack that doesn’t involve interacting with the host (e.g. cracking a password database).
@Define an authentication token.
A physical device used to authenticate a user.
Quote a tagline which describes the difference between a password, a token and a biometric.
- A password is something you know
- A token is something you have
- A biometric is something you are