A pathname that begins at the root directory; a pathname that
always begins with a slash (/).
For example,
/usr/games
is an absolute pathname.
Also called a full pathname.
An optional extension of the traditional UNIX permission bits, which gives the user the ability to specify read/write/execute permissions on a per user basis.
The formal name of the ACL that is checked for access decisions on an object.
A cache mechanism for storing the ACL IR in memory to eliminate duplicate ACLs and reduce the number disk accesses.
The recording, examining, and reviewing of security-related activities on a trusted system.
An event that is monitored and reported on by the audit subsystem. Events include system events, application events, and site-definable events. An event can be any command, system call, routine, or program that runs on the system.
ID that is created at login time and that is inherited across all processes.
The traditional security that is delivered on BSD UNIX systems, BASE security consists of file permissions. A nontrusted Tru64 UNIX system has BASE security.
UNIX software release of the Computer System Research Group of the University of California at Berkeley -- the basis for some features of the Tru64 UNIX and ULTRIX operating system.
An ACL that is associated with directories. This type of ACL determines the Access ACL of any file created in that directory. New directories inherit the default ACL from the parent directory as both the Access and Default ACL.
The traditional UNIX form of file permissions set with the
chmod
command.
SIA introduces the term entity to mean a user, program, or system which can be authenticated. The entity identifier is the user ID (UID).
A POSIX-compliant ASCII representation of an ACL used for presentation to the user or interchanges between foreign systems.
The current user ID, but not necessarily the user's ID. For example, a user logged in under a login ID may change to another user's ID. The ID to which the user changes becomes the effective user ID until the user switches back to the original login ID.
The optional security features that supplements BASE security. Enhanced security consists of extended password profiles and the audit subsystem.
Term used by the security intergration architecure to define a user, program, or system that can be authenticated.
The Trusted Computer System Evaluation Criteria (TCSEC). The enhanced security features in the Tru64 UNIX system have been designed to meet this criteria.
A binary representation of an ACL, that can be easily converted into the Distributed Computing Environment (DCE) ACL binary format.
In a trusted system, the person traditionally responsible for ensuring the security of the system. The person who serves this administrative role is your contact for all security-related questions. The ISSO sets up an initial authentication profile, which specifies login restrictions and passwords options. The ISSO is also responsible for auditing system activity, setting the security characteristics of devices, and performing other security-related tasks. See also system administrator.
Any program that represents itself as a
login
program in order to steal a password.
For example, a spoofing program might
print the login banner on an unattended terminal and wait for input from the
user.
An object as defined for an access control list, refers to the following data storage entities:
File system entries
Semaphores
Message queues
Shared memory
The person responsible for the day-to-day maintenance of a system, including backups, line printer maintenance, and other routine maintenance tasks.
A process that can bypass the permission checks for an operation. If privileges are not configured in the system, then the process must be running with the effective id of 0 (root). If privileges are configured, the process must possess the appropriate granular privilege.
A unique number assigned to a process that is running.
A unit of control of the operating system.
A process is always executing
one program, which can change when the current program invokes the
exec()
system call.
A process is considered trusted when its current
program is trusted.
See also
program.
A set of algorithms designed, compiled, and installed in an executable file for eventual execution by a process. A program is considered trusted when the programmer has explicitly designed it to uphold the security policies of the system. See also process.
The process ID of the parent or spawning process.
The login name for the superuser (system administrator).
The name applied to the topmost directory in the UNIX system's tree-like file structure; hence, the beginning of an absolute pathname. The root directory is represented in pathnames by an initial slash (/); a reference to the root directory itself consists of a single slash.
The basic file system, onto which all other file systems can be mounted. The root file system contains the operating system files that get the rest of the system to run.
The parameters used by the trusted computing base (TCB) to enforce security. Security attributes include the various user and group identities.
The security integration architecture isolates the security-sensitive commands from the specific security mechanisms, thus eliminating the need to modify them for each new security mechanism.
Audit events that are created by application software (that is, not the operating system).
See login spoofing program.
In the trusted system, the person responsible for administrative tasks that are not performed by the ISSO. The system administrator is responsible for file system maintenance and repair, account creation, and other miscellaneous administrative duties. In many cases, the system administrator acts as a balance of power to the ISSO. See also ISSO
The set of hardware, software, and firmware that together enforce the system's security policy. The Tru64 UNIX TCB includes the system hardware and firmware as delivered from Digital, the trusted Tru64 UNIX operating system, and the trusted commands and utilities that enforce the security policy. The operating system and all of the other software distributed with the trusted Tru64 UNIX system have been modified to satisfy security requirements.
See BASE security
Checks performed on passwords to prevent the use of easily guessed passwords. Triviality checks prevent the use of words found in the dictionary, user names, and variations of the user name as passwords.
Any program that when invoked by a user steals the user's data, corrupts the user's files, or otherwise creates a mechanism whereby the trojan horse planter can gain access to the user's account. Viruses and worms can be types of trojan horses. See also virus, worm.
A computer program designed to insinuate itself into other programs or files in a system and then to replicate itself through any available means (disk file, network, and so forth) into other similar computers, from which it can attack yet more systems. Viruses are designed with the object of damaging or destroying the "infected" programs or systems and are often programmed to become destructive at a specific time, such as the birthday of the virus's programmer. See also Trojan Horse, worm.
A technique that allows a security mechanism to trust the authentication process of a previously run security mechanism. This feature is implemented by the security integration architecture (SIA).
A computer program designed to insinuate itself into other programs or files in a system and then to replicate itself through any available means (disk file, network, and so forth) into other similar computers, from which it can attack yet more systems. Worms are designed with no serious intent to do damage, but they are harmful because they occupy resources intended for legitimate use. See also Trojan Horse, virus.