Unit 10

Question 1

access controller

Answer 1

A component used by the security manager to check permissions
belonging to classes.

Question 2

action (in a policy file)

Answer 2

In Java, the part of an entry in a policy file that describes the
kinds of action that may be performed with respect to some target.

Question 3

application domain

Answer 3

A domain containing less privileged (non-system domain)

classes in a protection domain.

Question 4

application gateway

Answer 4

A kind of firewall providing a proxy service.

Question 5

asymmetric cryptography

Answer 5

A code in which the encoding key is different from the decoding key, but is related to it in a non-trivial way (an example of this is public key
cryptography).

Question 6

audit log

Answer 6

A record of the activity on a system that can be used to determine what users have done and to assist recovery in the case of an attack.

Question 7

auditing

Answer 7

Capturing a secure record of security-related events for non-repudiation, recovery and proof of effectiveness.

Question 8

authentication (identification)

Answer 8

The process of determining a user’s or software’s identity.

Question 9

authorisation

Answer 9

The process of determining what code is allowed to do, according to how it is signed, what code base it comes from or what caller it is associated with (for example, what user invoked it).

Question 10

availability

Answer 10

The property of a system that can be used when it is needed by an authorised user or application.

Question 11

block cipher

Answer 11

A cipher in which encryption takes place on blocks of plaintext.

Question 12

brute-force attack

Answer 12

An attack in which possible keys are attempted until a correct one is found.

Question 13

buffer overflow

Answer 13

The error that occurs when a buffer is assigned more data than it should hold.

Question 14

certifying authority

Answer 14

An organisation that issues a certificate associating a user with a cryptographic key.

Question 15

challenge

Answer 15

A method of authorisation in which the user is presented with a question or other task whose successful completion helps to determine their identity.

Question 16

checksum

Answer 16

A number used to check the integrity of a message.

Question 17

cipher

Answer 17

A code, a means of encrypting plaintext.

Question 18

ciphertext

Answer 18

The output of a cipher.

Question 19

click fraud

Answer 19

The fraudulent generation of clicks in order to profit from cost-per-click web pages.

Question 20

code base

Answer 20

The location of code in terms of its URL.

Question 21

collision

Answer 21

A collision occurs in a hash function when two or more inputs generate the same output.

Question 22

confidentiality

Answer 22

The property of a system that ensures that data is visible only to authorised users.

Question 23

credentials

Answer 23

Security information associated with a subject, such as keys or passwords.

Question 24

cryptanalysis

Answer 24

The science of decoding ciphers.

Question 25

cryptographic hash function

Answer 25

A hash function with desirable properties for | applications in security.

Question 26

cryptographic service

Answer 26

A cryptographic facility provided by implementers of services for Java’s cryptography API, such as ciphers, message digests and digital signing.

Question 27

cryptography

Answer 27

The science of ciphering.

Question 28

deciphering (decryption)

Answer 28

Converting ciphertext to plaintext.

Question 29

declarative security

Answer 29

Using an XML deployment descriptor file to delegate authorisation checks to a container.

Question 30

digital certificate

Answer 30

An electronic means of associating a user with a key.

Question 31

digital signature

Answer 31

An electronic means of signing a communication.

Question 32

digitally signed

Answer 32

Having an electronic signature.

Question 33

domain

Answer 33

A set of classes with the same permissions.

Question 34

end-to-end encryption

Answer 34

An approach to network security in which the sending and receiving nodes of a message implement encryption and decryption using a shared key.

Question 35

exponential

Answer 35

Growing according to an exponential relationship; that is, according to a power of a number.

Question 36

fabrication

Answer 36

The construction of false or unauthorised information.

Question 37

firewall

Answer 37

A technology to filter internet traffic between a local and external network.

Question 38

group

Answer 38

A collection of authenticated users.

Question 39

hacker

Answer 39

An unauthorised user of a system.

Question 40

handshake

Answer 40

An exchange of information to establish parameters for communication.

Question 41

hash function

Answer 41

A one-way function that maps an input to a small output.

Question 42

hierarchy of trust

Answer 42

The relationship in which one or more parties place trust in other parties to perform authentication.

Question 43

homograph attack

Answer 43

An attack using social engineering in which a name similar to another is used to try to deceive a user.

Question 44

integrity

Answer 44

The property of information that it has not been altered by an attacker or otherwise corrupted.

Question 45

interception

Answer 45

Access of information by an unauthorised user.

Question 46

interruption

Answer 46

An attack preventing availability of a resource.

Question 47

key

Answer 47

A value used to decipher ciphertext.

Question 48

key space

Answer 48

The set of keys associated with a cipher.

Question 49

key stream

Answer 49

The generation of changing keys for the encryption of data in a stream cipher.

Question 50

linear

Answer 50

Growing according to a linear relationship, that is, by a constant factor for each fixed change in input.

Question 51

link encryption

Answer 51

An approach to network security in which each node implements encryption and decryption, each communicating pair using a different shared key.

Question 52

linking

Answer 52

The stage at which classes are incorporated into the runtime state of a virtual machine.

Question 53

loading

Answer 53

The stage at which classes are located and checked.

Question 54

memory leak

Answer 54

Loss of memory areas due to mismanagement of memory.

Question 55

message authentication code (MAC)

Answer 55

A code used to check the integrity (and in | some cases identity) of a message.

Question 56

message digest

Answer 56

A reduced size version of a message produced by a hash function.

Question 57

middle person

Answer 57

An attacker interposed between a sender and receiver in location or time.

Question 58

modification

Answer 58

Unauthorised alteration of information.

Question 59

nonce

Answer 59

A value used once to defeat replay attacks.

Question 60

non-repudiation

Answer 60

The property of a system that prevents users from denying sending or receiving some information or performing some action.

Question 61

one-time pad

Answer 61

A cipher with perfect secrecy, invented in 1917.

Question 62

one-way function

Answer 62

A function with the property that it is easy to obtain an output from an input, but hard to determine the input given the output.

Question 63

packet

Answer 63

The unit of information in network communication.

Question 64

packet filtering

Answer 64

A technique allowing only desirable packets to travel across a firewall.

Question 65

perfect secrecy

Answer 65

The property of a code in which the ciphertext does not reveal any information about the plaintext or code.

Question 66

permissions

Answer 66

Values that determine which actions are authorised within a system.

Question 67

plaintext

Answer 67

Communication that has not been subjected to encryption.

Question 68

pointer

Answer 68

A memory address that may be manipulated in a variety of ways.

Question 69

policy entry

Answer 69

``` An entry in a policy file describing permissions assigned to a class according to its code base, signing or principals. ```

Question 70

polyalphabetic substitution

Answer 70

A code in which ciphertext is formed from groups of more than one character at a time.

Question 71

primordial loader

Answer 71

The trusted class loader in the JVM which bootstraps the system, loading the main class.

Question 72

principal

Answer 72

An identity associated with a subject, such as the subject’s login ID or an organisation’s name.

Question 73

private key

Answer 73

A cipher key that is kept secret and is used in conjunction with a public key in asymmetric cryptography.

Question 74

programmatic security

Answer 74

Explicit authorisation checks by method invocation.

Question 75

protection domain

Answer 75

The interaction of features enforcing security policies in Java, particularly as regards permissions allocated to classes.

Question 76

provider

Answer 76

A supplier of cryptographic products.

Question 77

public key

Answer 77

A key used in combination with a private key that may be publicised without compromising security of communication.

Question 78

public key cryptography

Answer 78

Cryptography in which public and private key pairs are employed; an example of asymmetric cryptography.

Question 79

public key infrastructure (PKI)

Answer 79

A system for the association of keys with users and the management of key-related information.

Question 80

realm

Answer 80

A set of valid users and groups for an application.

Question 81

reference

Answer 81

A memory value that cannot be manipulated, but merely provides access to objects.

Question 82

replay

Answer 82

An attack in which intercepted or stored information is reused to gain advantage.

Question 83

role

Answer 83

A collection of identities or category of identities with shared permissions.

Question 84

root certificate

Answer 84

A certificate granted to a certifying authority.

Question 85

salt

Answer 85

A number used to prevent collisions in hash functions and or in general to add variability to the processing of information.

Question 86

secret key

Answer 86

A key that must be kept secret, as used in symmetric cryptography.

Question 87

secure channel

Answer 87

A communication channel between a pair of processes providing authentication, confidentiality, integrity services and time stamping.

Question 88

security manager (JVM)

Answer 88

A component of the JVM concerned with authorisation of what code may or may not do.

Question 89

security policy (JVM)

Answer 89

A collection of permissions contained in a policy object, usually determined using policy files.

Question 90

security through obscurity

Answer 90

The discredited notion that secrecy of design alone can provide security.

Question 91

session key

Answer 91

A key that is used only while a session is in effect and then discarded.

Question 92

singleton

Answer 92

A programming design pattern ensuring that only one of an object may exist at a time.

Question 93

social engineering

Answer 93

A collection of techniques used to manipulate people into performing actions, or divulging confidential information. The term typically applies to trickery associated with information gathering or accessing computer systems.

Question 94

stateful packet inspection

Answer 94

A firewall technique in which the state of a system is used to determine the legality of traffic across a firewall.

Question 95

statically typed

Answer 95

Checking typing of variables at compile time.

Question 96

statistical analysis

Answer 96

A cryptanalytical technique using patterns of frequency of letters in languages as an aid to deciphering messages.

Question 97

stream cipher

Answer 97

A cipher whose key changes frequently to encrypt a stream of data.

Question 98

strong typing

Answer 98

Checking for potentially troublesome conversions of types at compile time.

Question 99

subject (for authentication)

Answer 99

A grouping of related information for an entity in a | security system, such as a collection of identities (principals) and credentials.

Question 100

substitution

Answer 100

A ciphering technique in which one character in a language is substituted for another.

Question 101

symmetric cryptography

Answer 101

Cryptography employing a private key or in which the decoding key is trivially related to the coding key.

Question 102

system

Answer 102

In the context of security, refers to the hardware, platform, application software and users’ interactions.

Question 103

system domain

Answer 103

The collection of classes within a protection domain that are trusted.

Question 104

target

Answer 104

An entity to which a permission is applied in a policy file.

Question 105

threat monitoring

Answer 105

The active consideration of dangers to a system’s security.

Question 106

time stamping

Answer 106

The inclusion of information with a message so that its time of occurrence can be determined.

Question 107

transposition

Answer 107

An encryption technique where the order of information in the plaintext is obscured.

Question 108

trapdoor function

Answer 108

A one-way function which is reversible if given some secret information.

Question 109

tunnelling

Answer 109

Wrapping one protocol in another protocol.

Question 110

type safety

Answer 110

The ability of a language to check that types are being used correctly.

Question 111

vector

Answer 111

A route by which an attack may occur on a computer system.

Question 112

virtual private network (VPN)

Answer 112

A network created by a form of tunnelling in which end-to-end encryption takes place between the two ends of the tunnel, so creating a private network of sorts.

Question 113

web of trust

Answer 113

A non-hierarchical approach to establishing trustworthiness of digital certificates.