GIST v0.7 ― T
“TACACS[+]” to “type unification”

T

- TACACS, - TACACS+ n.

See: Terminal Access Controller (TAC) Access Control System.

- tailgate vb.

ISO/IEC 2382-8:1998

To gain unauthorized physical access by following an authorized person through a controlled door.

- tamper vb.

RFC 2828 (2000)

(I) Make an unauthorized modification in a system that alters the system’s functioning in a way that degrades the security services that the system was intended to provide.

- target n.

OASIS XACML 2.0 (2005)

The set of decision requests, identified by definitions for resource, subject and action, that a rule, policy or policy set is intended to evaluate.

- Target of Evaluation (TOE) n.

SC 27 SD 6 (2002)

ISO/IEC 15408-1: 1999

An IT product or system and its associated administrator and user guidance documentation that is the subject of an evaluation.

- TCB n.

See: trusted computing base.

- TCP n.

See: Transmission Control Protocol.

- TCP/IP n.

RFC 2828 (2000)

(I) A synonym for Internet Protocol Suite (see: (secondary definition under) Internet), in which the Transmission Control Protocol (TCP) and the Internet Protocol (IP) are important parts.

- TCSEC n.

See: Trusted Computer System Evaluation Criteria.

- technical control n.

NIST IR 7298 (2006)

SP 800-53; FIPS 200

technical controls

The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.

- technical non-repudiation n.

NIST IR 7298 (2006)

SP 800-32

The contribution of public key mechanisms to the provision of technical evidence supporting a non-repudiation security service.

- technology testing n.

BEM 2002

Testing one or more biometric systems to measure statistical properties (e.g. FAR and FRR) to compare various algorithms and technologies usually achieved by off-line processing. (Compare operational testing; scenario testing.)

- TELNET n.

RFC 2828 (2000)

(I) A TCP-based, application-layer, Internet Standard protocol [R0854] for remote login from one host to another.

- TEMPEST n.

RFC 2828 (2000)

(O) A nickname for specifications and standards for limiting the strength of electromagnetic emanations from electrical and electronic equipment and thus reducing vulnerability to eavesdropping. This term originated in the U.S. Department of Defense. [Army, Kuhn, Russ] (See: emanation s security, soft TEMPEST.)

(D) ISDs SHOULD NOT use this term as a synonym for [electromagnetic] emanations security.

NIST IR 7298 (2006)

FIPS 140-2

A name referring to the investigation, study, and control of unintentional compromising emanations from telecommunications and automated information systems equipment.

- template n.

See: biometric template.

- template aging n.

iAfB-ICSA 1999

The degree to which biometric data evolves and changes over time, and the process by which templates account for this change.

BEM 2002

The gradual change of a user’s biometric feature(s) which requires periodic updating of the user’s reference template.

- template size n.

iAfB-ICSA 1999

The amount of computer memory taken up by the biometric data.

- Terminal Access Controller (TAC) Access Control System (TACACS) n.

RFC 2828 (2000)

(I) A UDP-based authentication and access control protocol [R1492] in which a network access server receives an identifier and password from a remote terminal and passes them to a separate authentication server for verification.

(C) TACACS was developed for ARPANET and has evolved for use in commercial equipment. TACs were a type of network access server computer used to connect terminals to the early Internet, usually using dial-up modem connections. TACACS used centralized authentication servers and served not only network access servers like TACs but also routers and other networked computing devices. TACs are no longer in use, but TACACS+ is. [R1983]

XTACACS: The name of Cisco Corporation’s implementation, which enhances and extends the original TACACS.
TACACS+: A TCP-based protocol that improves on TACACS and XTACACS by separating the functions of authentication, authorization, and accounting and by encrypting all traffic between the network access server and authentication server. It is extensible to allow any authentication mechanism to be used with TACACS+ clients.

- TESS n.

See: The Exponential Encryption System.

- text-dependent system n.

iAfB-ICSA 1999

A speaker verification system that requires a speaker to say a specific set of numbers or words. (See also: biometric characteristic.)

- text-independent system n.

iAfB-ICSA 1999

A speaker verification system that creates voiceprints from unconstrained speech and does not require a speaker to say a specific set of numbers or words. (See also: biometric characteristic.)

- text-prompted system n.

iAfB-ICSA 1999

A speaker verification system that prompts the speaker to say randomly ordered numbers or words. The term challenge-response is also used in a similar way to define text prompting. (See also: biometric characteristic.)

- The Exponential Encryption System (TESS) n.

RFC 2828 (2000)

(I) A system of separate but cooperating cryptographic mechanisms and functions for the secure authenticated exchange of cryptographic keys, the generation of digital signatures, and the distribution of public keys. TESS employs asymmetric cryptography, based on discrete exponentiation, and a structure of self-certified public keys. [R1824]

- thermal adj.

iAfB-ICSA 1999

A finger image capture technique that uses a sensor to sense heat from the finger and thus capture a finger image pattern. (See: biometric characteristic.)

- third-party test n.

iAfB-ICSA 1999

An objective test, independent of a biometric vendor, usually carried out entirely within a test laboratory in controlled environmental conditions.

- threat n.

ISO/IEC 2382-8:1998

A potential violation of computer security.

active threat: A threat [of] a deliberate unauthorized change to the state of a data processing system. Example: A threat that would result in modification of messages, insertion of spurious messages, masquerade [attack], or denial of service.
passive threat: A threat of disclosure of information without changing the state of a data processing system. Example: A threat that would result in the recovery of sensitive information through the interception of data transmitted.

RFC 2828 (2000)

(I) A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. (See: attack, threat action, threat consequence.)

(C) That is, a threat is a possible danger that might exploit a vulnerability. A threat can be either intentional (i.e., intelligent; e.g., an individual cracker or a criminal organization) or accidental (e.g., the possibility of a computer malfunctioning, or the possibility of an act of God such as an earthquake, a fire, or a tornado).

(N) U.S. Government usage: The technical and operational capability of a hostile entity to detect, exploit, or subvert friendly information systems and the demonstrated, presumed, or inferred intent of that entity to conduct such activity.

BEM 2002

An intentional or unintentional potential event that could compromise the security integrity of the system.

SC 27 SD 6 (2002)

ISO/IEC PDTR 13335-1 (11/2001)

A potential cause of an unwanted incident that may result in harm to a system or organization.

ISO/IEC DTR 15947 (10/2001)

A potential cause of an unwanted incident that may result in harm to an IT system.

ISO/IEC 17799: 2000

A potential cause of an unwanted incident which may result in harm to a system or organization.

NIST IR 7298 (2006)

SP 800-53; CNSSI-4009 Adapted

Any circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

FIPS 200; CNSSI-4009 Adapted

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.

IAEG LIAF (2008)

An adversary that is motivated and capable to violate the security of a target and has the capability to mount attacks that will exploit the target’s vulnerabilities.

- threat action n.

RFC 2828 (2000)

(I) An assault on system security. (See: attack, threat, threat consequence.)

(C) A complete security architecture deals with both intentional acts (i.e. attacks) and accidental events [FIPS31]. Various kinds of threat actions are defined as subentries under threat consequence.

- threat agent n.

NIST IR 7298 (2006)

SP 800-53

threat agent/source

Either:

intent and method targeted at the intentional exploitation of a vulnerability; or
a situation and method that may accidentally trigger a vulnerability.

FIPS 200

threat source

The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability.

SP 800-37

threat source

Either:

intent and method targeted at the intentional exploitation of a vulnerability; or
a situation and method that may accidentally trigger a vulnerability.

Synonymous with threat agent.

- threat analysis, - threat assessment n.

ISO/IEC 2382-8:1998

threat analysis

An examination of actions and events that might adversely affect a data processing system.

RFC 2828 (2000)

threat analysis

(I) An analysis of the probability of occurrences and consequences of damaging actions to a system.

NIST IR 7298 (2006)

SP 800-27A

threat analysis

The examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment.

SP 800-53; CNSSI-4009

threat assessment

Formal description and evaluation of threat to an information system.

- threat consequence n.

RFC 2828 (2000)

(I) A security violation that results from a threat action. Includes disclosure, deception, disruption, and usurpation. (See: attack, threat, threat action.)

(C) The following subentries describe four kinds of threat consequences, and also list and describe the kinds of threat actions that cause each consequence. Threat actions that are accidental events are marked by “*”.

(unauthorized) disclosure (a threat consequence): A circumstance or event whereby an entity gains access to data for which the entity is not authorized. (See: data confidentiality.) The following threat actions can cause unauthorized disclosure:
1. exposure: A threat action whereby sensitive data is directly released to an unauthorized entity. This includes:
  1. deliberate exposure: Intentional release of sensitive data to an unauthorized entity.
  2. scavenging: Searching through data residue in a system to gain unauthorized knowledge of sensitive data.
  3. * human error: Human action or inaction that unintentionally results in an entity gaining unauthorized knowledge of sensitive data.
  4. * hardware/software error. System failure that results in an entity gaining unauthorized knowledge of sensitive data.
2. interception: A threat action whereby an unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations. This includes:
  1. theft: Gaining access to sensitive data by stealing a shipment of a physical medium, such as a magnetic tape or disk, that holds the data.
  2. wiretapping (passive): Monitoring and recording data that is flowing between two points in a communication system. (See: wiretapping.)
  3. emanations analysis: Gaining direct knowledge of communicated data by monitoring and resolving a signal that is emitted by a system and that contains the data but is not intended to communicate the data. (See: emanation.)
3. inference: A threat action whereby an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or byproducts of communications. This includes:
  1. traffic analysis: Gaining knowledge of data by observing the characteristics of communications that carry the data. (See: (main Glossary entry for) traffic analysis.)
  2. signals analysis: Gaining indirect knowledge of communicated data by monitoring and analyzing a signal that is emitted by a system and that contains the data but is not intended to communicate the data. (See: emanation.)
4. intrusion: A threat action whereby an unauthorized entity gains access to sensitive data by circumventing a system’s security protections. This includes:
  1. trespass: Gaining unauthorized physical access to sensitive data by circumventing a system’s protections.
  2. penetration: Gaining unauthorized logical access to sensitive data by circumventing a system’s protections.
  3. reverse engineering: Acquiring sensitive data by disassembling and analyzing the design of a system component.
  4. cryptanalysis: Transforming encrypted data into plaintext without having prior knowledge of encryption parameters or processes. (See: (main Glossary entry for) cryptanalysis.)
deception (a threat consequence): A circumstance or event that may result in an authorized entity receiving false data and believing it to be true. The following threat actions can cause deception:
1. masquerade: A threat action whereby an unauthorized entity gains access to a system or performs a malicious act by posing as an authorized entity. (See: (main Glossary entry for) masquerade attack.)
  1. spoof: Attempt by an unauthorized entity to gain access to a system by posing as an authorized user.
  2. malicious logic: In context of masquerade, any hardware, firmware, or software (e.g., Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic. (See: (main Glossary entry for) malicious logic.)
2. falsification: A threat action whereby false data deceives an authorized entity. (See: active wiretapping.)
  1. substitution: Altering or replacing valid data with false data that serves to deceive an authorized entity.
  2. insertion: Introducing false data that serves to deceive an authorized entity.
3. repudiation: A threat action whereby an entity deceives another by falsely denying responsibility for an act. (See: non-repudiation service, (main Glossary entry for) repudiation.)
  1. false denial of origin: Action whereby the originator of data denies responsibility for its generation.
  2. false denial of receipt: Action whereby the recipient of data denies receiving and possessing the data.
disruption (a threat consequence): A circumstance or event that interrupts or prevents the correct operation of system services and functions. (See: denial of service, (main GIST entry for) disruption.) The following threat actions can cause disruption:
1. incapacitation: A threat action that prevents or interrupts system operation by disabling a system component.
  1. malicious logic: In context of incapacitation, any hardware, firmware, or software (e.g., logic bomb) intentionally introduced into a system to destroy system functions or resources. (See: (main Glossary entry for) malicious logic.)
  2. physical destruction: Deliberate destruction of a system component to interrupt or prevent system operation.
  3. * human error: Action or inaction that unintentionally disables a system component.
  4. * hardware or software error: Error that causes failure of a system component and leads to disruption of system operation.
  5. * natural disaster: Any act of God (e.g., fire, flood, earthquake, lightning, or wind) that disables a system component. [FP031 section 2]
2. corruption: A threat action that undesirably alters system operation by adversely modifying system functions or data.
  1. tamper: In context of corruption, deliberate alteration of a system’s logic, data, or control information to interrupt or prevent correct operation of system functions.
  2. malicious logic: In context of corruption, any hardware, firmware, or software (e.g., a computer virus) intentionally introduced into a system to modify system functions or data. (See: (main Glossary entry for) malicious logic.)
  3. * human error: Human action or inaction that unintentionally results in the alteration of system functions or data.
  4. * hardware or software error: Error that results in the alteration of system functions or data.
  5. * natural disaster: Any act of God (e.g., power surge caused by lightning) that alters system functions or data. [FP031 section 2]
3. obstruction: A threat action that interrupts delivery of system services by hindering system operations.
  1. interference: Disruption of system operations by blocking communications or user data or control information.
  2. overload: Hindrance of system operation by placing excess burden on the performance capabilities of a system component. (See: flooding.)
usurpation (a threat consequence): A circumstance or event that results in control of system services or functions by an unauthorized entity. The following threat actions can cause usurpation:
1. misappropriation: A threat action whereby an entity assumes unauthorized logical or physical control of a system resource.
  1. theft of service: Unauthorized use of service by an entity.
  2. theft of functionality: Unauthorized acquisition of actual hardware, software, or firmware of a system component.
  3. theft of data: Unauthorized acquisition and use of data.
2. misuse: A threat action that causes a system component to perform a function or service that is detrimental to system security.
  1. tamper: In context of misuse, deliberate alteration of a system’s logic, data, or control information to cause the system to perform unauthorized functions or services.
  2. malicious logic: In context of misuse, any hardware, software, or firmware intentionally introduced into a system to perform or control execution of an unauthorized function or service.
  3. violation of permissions: Action by an entity that exceeds the entity’s system privileges by executing an unauthorized function.

- threat source n.

See: threat agent.

- threshold n., vb.

1. n.

iAfB-ICSA 1999

threshold, decision threshold

The acceptance or rejection of biometric data is dependent on the match score falling above or below the threshold. The threshold is adjustable so that the biometric systemec can be more or less strict, depending on the requirements of any given biometric application.

BEM 2002

A parametric value used to convert a matching score to a decision. A threshold change will usually change both FAR and FRR – as FAR decreases, FRR increases.

JTC 1/SC 37 (2008)

threshold [n.]

Numerical value (or set of values) at which a decision boundary exists.

2. vb.

JTC 1/SC 37 (2006⇒2008)

thresholding threshold (vb.)
cull (vb.)
exclude

Elimination of Eliminate biometric reference identifier(s) associated with biometric reference(s) and/or identifiers for reference probe biometric sample(s) that have failed to attain a level of any type of score.

Note: Score can be quality score, comparison score, etc.

- thresholding n.

See: threshold (vb.)

- throughput rate n.

iAfB-ICSA 1999

The number of end users that a biometric system can process within a stated time interval.

- thumbprint n.

RFC 2828 (2000)

(I) A pattern of curves formed by the ridges on the tip of a thumb. (See: biometric authentication, fingerprint.)

(D) ISDs SHOULD NOT use this term as a synonym for hash result because that meaning mixes concepts in a potentially misleading way.

- ticket n.

ISO/IEC 2382-8:1998

A representation of one or more access rights that possessor has to an object. Note: The ticket represents an access permission.

RFC 2828 (2000)

(I) A synonym for capability. (See: Kerberos.)

(C) A ticket is usually granted by a centralized access control server (ticket-granting agent) to authorize access to a system resource for a limited time. Tickets have been implemented with symmetric cryptography, but can also be implemented as attribute certificates using asymmetric cryptography.

- time bomb n.

ISO/IEC 2382-8:1998

A logic bomb to be activated at a predetermined time.

- time-out n.

OASIS SAML 2.0 (2005)

A period of time after which some condition becomes true if some event has not occurred. For example, a session that is terminated because its state has been inactive for a specified period of time is said to “time out”.

Note: time-out is the noun; time out the verb. (Compare: backup; back up.)

- time stamp n.

SC 27 SD 6 (2002)

ISO/IEC 11770-1: 1996

A time variant parameter which denotes a point in time with respect to a common time reference.

ISO/IEC 9798-1: 1997

A time variant parameter which denotes a point in time with respect to a common reference.

ISO/IEC 11770-3: 1999

A data item which denotes a point in time with respect to a common time reference.

ISO/IEC FDIS 15946-3 (02/2001)

A data item which denotes a point in time with respect to a common reference.

- time-stamp requester n.

SC 27 SD 6 (2002)