Glossary

absolute pathname

A pathname that begins at the root directory; a pathname that always begins with a slash (/). For example, /usr/games is an absolute pathname. Also called a full pathname.

ACL (access control list)

An optional extension of the traditional UNIX permission bits, which gives the user the ability to specify read/write/execute permissions on a per user basis.

Access ACL

The formal name of the ACL that is checked for access decisions on an object.

AIC (Attribute IR Cache)

A cache mechanism for storing the ACL IR in memory to eliminate duplicate ACLs and reduce the number disk accesses.

auditing

The recording, examining, and reviewing of security-related activities on a trusted system.

audit event

An event that is monitored and reported on by the audit subsystem. Events include system events, application events, and site-definable events. An event can be any command, system call, routine, or program that runs on the system.

audit ID (AUID)

ID that is created at login time and that is inherited across all processes.

BASE security

The traditional security that is delivered on BSD UNIX systems, BASE security consists of file permissions. A nontrusted Digital UNIX system has BASE security.

BSD (Berkeley Software Distribution)

UNIX software release of the Computer System Research Group of the University of California at Berkeley -- the basis for some features of the Digital UNIX and ULTRIX operating system.

Default ACL

An ACL that is associated with directories. This type of ACL determines the Access ACL of any file created in that directory. New directories inherit the default ACL from the parent directory as both the Access and Default ACL.

discretionary access control (DAC)

The traditional UNIX form of file permissions set with the chmod command.

entity

SIA introduces the term entity to mean a user, program, or system which can be authenticated. The entity identifier is the user ID (UID).

ER (external representation)

A POSIX-compliant ASCII representation of an ACL used for presentation to the user or interchanges between foreign systems.

effective user ID (EUID)

The current user ID, but not necessarily the user's ID. For example, a user logged in under a login ID may change to another user's ID. The ID to which the user changes becomes the effective user ID until the user switches back to the original login ID.

ENHANCED security

The optional security features that supplements BASE security. Enhanced security consists of extended password profiles and the audit subsystem.

entity

Term used by the security intergration architecure to define a user, program, or system that can be authenticated.

evaluation criteria

The Trusted Computer System Evaluation Criteria (TCSEC). The enhanced security features in the Digital UNIX system have been designed to meet this criteria.

IR (internal representation)

A binary representation of an ACL, that can be easily converted into the Distributed Computing Environment (DCE) ACL binary format.

ISSO (information system security officer)

In a trusted system, the person traditionally responsible for ensuring the security of the system. The person who serves this administrative role is your contact for all security-related questions. The ISSO sets up an initial authentication profile, which specifies login restrictions and passwords options.

The ISSO is also responsible for auditing system activity, setting the security characteristics of devices, and performing other security-related tasks. See also system administrator.

login spoofing program

Any program that represents itself as a login program in order to steal a password. For example, a spoofing program might print the login banner on an unattended terminal and wait for input from the user.

object (as defined for ACLs)

An object as defined for an access control list, refers to the following data storage entities:

• File system entries

• Semaphores

• Message queues

• Shared memory

operator

The person responsible for the day-to-day maintenance of a system, including backups, line printer maintenance, and other routine maintenance tasks.

Privileged process

A process that can bypass the permission checks for an operation. If privileges are not configured in the system, then the process must be running with the effective id of 0 (root). If privileges are configured, the process must possess the appropriate granular privilege.

process ID (PID)

A unique number assigned to a process that is running.

process

A unit of control of the operating system. A process is always executing one program, which can change when the current program invokes the exec() system call. A process is considered trusted when its current program is trusted. See also program.

program

A set of algorithms designed, compiled, and installed in an executable file for eventual execution by a process. A program is considered trusted when the programmer has explicitly designed it to uphold the security policies of the system. See also process.

PPID, ppid (parent process ID)

The process ID of the parent or spawning process.

root

The login name for the superuser (system administrator).

root directory

The name applied to the topmost directory in the UNIX system's tree-like file structure; hence, the beginning of an absolute pathname. The root directory is represented in pathnames by an initial slash (/); a reference to the root directory itself consists of a single slash.

root file system

The basic file system, onto which all other file systems can be mounted. The root file system contains the operating system files that get the rest of the system to run.

security attributes

The parameters used by the trusted computing base (TCB) to enforce security. Security attributes include the various user and group identities.

SIA (security integration architecture)

The security integration architecture isolates the security-sensitive commands from the specific security mechanisms, thus eliminating the need to modify them for each new security mechanism.

site-defined events

Audit events that are created by application software (that is, not the operating system).

spoofing program

See login spoofing program.

system administrator

In the trusted system, the person responsible for administrative tasks that are not performed by the ISSO. The system administrator is responsible for file system maintenance and repair, account creation, and other miscellaneous administrative duties. In many cases, the system administrator acts as a balance of power to the ISSO. See also ISSO

TCB (trusted computing base)

The set of hardware, software, and firmware that together enforce the system's security policy. The Digital UNIX TCB includes the system hardware and firmware as delivered from Digital, the trusted Digital UNIX operating system, and the trusted commands and utilities that enforce the security policy. The operating system and all of the other software distributed with the trusted Digital UNIX system have been modified to satisfy security requirements.

Traditional security

See BASE security

Triviality checks

Checks performed on passwords to prevent the use of easily guessed passwords. Triviality checks prevent the use of words found in the dictionary, user names, and variations of the user name as passwords.

Trojan horse

Any program that when invoked by a user steals the user's data, corrupts the user's files, or otherwise creates a mechanism whereby the trojan horse planter can gain access to the user's account. Viruses and worms can be types of trojan horses. See also virus, worm.

virus

A computer program designed to insinuate itself into other programs or files in a system and then to replicate itself through any available means (disk file, network, and so forth) into other similar computers, from which it can attack yet more systems. Viruses are designed with the object of damaging or destroying the "infected" programs or systems and are often programmed to become destructive at a specific time, such as the birthday of the virus's programmer. See also Trojan Horse, worm.

vouching

A technique that allows a security mechanism to trust the authentication process of a previously run security mechanism. This feature is implemented by the security integration architecture (SIA).

worm

A computer program designed to insinuate itself into other programs or files in a system and then to replicate itself through any available means (disk file, network, and so forth) into other similar computers, from which it can attack yet more systems. Worms are designed with no serious intent to do damage, but they are harmful because they occupy resources intended for legitimate use. See also Trojan Horse, virus.