Notes - Computer Security MT24, Basic definitions


Flashcards

@Define authorisation.


The specification of rights of actors to access resources.

@Define confidentiality.


Information is not disclosed to unauthorised entities.

@Define integrity.


If information is altered by unauthorised entities, then authorised entities are aware it was altered.

@Define authentication.


Verification of identity.

How is authentication different from authorisation?


An attacker might be authenticated (e.g. through a stolen password) but they are still not authorised.

@Define the three components of an authenticated channel.


Every message on the channel:

  • Was sent by the purported sender
  • Was received by the intended recipient
  • Was not received out-of-order or in duplicate

@Define non-repudiation.


An actor cannot deny having taken a particular action. As a special case, it means an actor is unable to deny that they authored a particular message.

@Define availability.


Availability means information and resources are available to authorised parties.

@Define a security model.


A mathematical formulation of security policies, which can be used to answer questions like:

  • Does this system protect the confidentiality or integrity of certain data?

@Define commitment.


Demonstrating you know a piece of information without revealing the information until later.

@Define an offline attack.


An attack that doesn’t involve interacting with the host (e.g. cracking a password database).

@Define an authentication token.


A physical device used to authenticate a user.

Quote a tagline which describes the difference between a password, a token and a biometric.


  • A password is something you know
  • A token is something you have
  • A biometric is something you are



Related posts