The formal name of the ACL that is checked for access decisions on an object.
An optional extension of the traditional UNIX permission, which gives the user the ability to specify read, write, and execute permissions on a per user and per group basis.
See also Access ACL, default ACLs
This document uses the term "administrator" in a generic sense to refer to any user involved in the security operation of the system.
An event that is monitored and reported by the audit subsystem. Events include system events, application events, and site-definable events. An event can be any command, system call, routine, or program that runs on the system.
An ID that is created at log in time and that is inherited across all processes.
The recording, examining, and reviewing of security-related activities on a trusted system.
A process in which an entity presents credentials to a system to prove its identity.
A mechanism by which entities are authenticated. Examples include BSD, Enhanced Security, and Kerberos.
The traditional security that is delivered on BSD UNIX systems.
Base security consists of user authentications based on user names and passwords
located in the
/etc/passwd
file.
Base security is the
default Tru64 UNIX security.
A UNIX software release of the Computer System Research Group of the University of California at Berkeley -- the basis for some features of Tru64 UNIX.
A process in which a cryptographic algorithm, called cipher, is used to transform cipher text (encrypted text) into plain text (decrypted text).
The ACLs associated with directories. These two types of ACLs (default access ACL and default directory ACL) determine what ACLs are given to files and subdirectories created in a directory.
An electronic document that can be used to authenticate the identity of an individual, a server, a company, or some other principal and bind that principal with a public key.
An electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document.
Manages access to system resources including directories, files, devices, and processes. Tru64 UNIX implements DAC through the use of Tru64 UNIX permissions and Access Control Lists (ACLs).
A process in which a cryptographic algorithm, called cipher, is used to transform plain text (decrypted text) into cipher text (encrypted text).
The current user ID, but not necessarily the user's ID. For example, a user logged in under a login ID may change to another user's ID. The ID to which the user changes becomes the effective user ID until the user switches back to the original login ID.
Passwords with the enhanced attributes made available by the
enhanced security option.
Enhanced passwords are stored in the
prpasswd
file and are sometimes referred to as extended, protected,
or shadowed passwords.
The optional security feature that supplement base security. Enhanced security consists of enhanced password profiles.
See also enhanced passwords
A user, program, or system that can be authenticated.
A POSIX-compliant ASCII representation of an ACL used for presentation to the user.
See also IR (internal representation)
The Trusted Computer System Evaluation Criteria (TCSEC). The enhanced security features in the Tru64 UNIX system have been designed to meet this criteria.
A noninteractive UNIX authentication method that is based on host name and user name identification (not passwords).
A protocol that provides remote authentication services at the IP layer for data that is exchanged by using the TCP/IP transport protocol.
A binary representation of an ACL used by the ACL library routines.
See also ER (external representation)
A secure method for authenticating a request for a service in a computer network.
Mediates communication between principals and creates a session key for their exclusive use when using secret keys authentication.
See also ER (external representation)
an Internet standard distributed client/server directory service protocol that runs over TCP/IP.
Any program that represents itself as a
login
program to steal a password.
For example, a spoofing program might print
the login banner on an unattended terminal and wait for input from the user.
A distributed client/server data lookup service for sharing information on a local area network (LAN).
The person responsible for the day-to-day maintenance of a system, including backups, line printer maintenance, and other routine maintenance tasks.
See also system administrator
A user, service, application, or host.
A unique number assigned to a process that is running.
A unit of control of the operating system.
A process is always
executing one program, which can change when the current program invokes the
exec()
system call.
A process is considered trusted when its current
program is trusted.
See also program
A set of algorithms designed, compiled, and installed in an executable file for eventual execution by a process. A program is considered trusted when it upholds the security policies of the system.
See also process
A type of cryptography in which two communicating principals, usually a client and server, use a public and private key to authenticate each other and the user and to encrypt and decrypt the data that they exchange.
The process ID of the parent or spawning process.
The login name for the superuser (system administrator).
The name applied to the topmost directory in the UNIX system's tree-like file structure; hence, the beginning of an absolute pathname. The root directory is represented in pathnames by an initial slash (/); a reference to the root directory itself consists of a single slash.
The basic file system, onto which all other file systems can be mounted. The root file system contains the operating system files that get the rest of the system to run.
A type of cryptography in which two communicating principals, usually a client or server, use the same secret key, called a session key, to authenticate a system and user and to encrypt and decrypt the data that they exchange.
A client/server application that provides a suite of network commands that provides remote authentication services for data that is exchanged when using a Secure Shell command.
The parameters used by the trusted computing base (TCB) to enforce security. Security attributes include the various user and group identities.
The Security Integration Architecture manages the order in which security mechanisms are used.
See also vouching
Client/server software that uses Kerberos to provide remote
authentication services for data that is exchanged when using the
ftp,
rcp,
rlogin,
rsh, and
telnet
network commands.
Audit events that are created by application software (that is, not the operating system).
The system administrator is responsible for file system maintenance and repair, account creation, and other miscellaneous administrative duties.
The set of hardware, software, and firmware that together enforce the system's security policy. The Tru64 UNIX TCB includes the system hardware and firmware as delivered, the trusted Tru64 UNIX operating system, and the trusted commands and utilities that enforce the security policy. The operating system and other software distributed with the trusted Tru64 UNIX system satisfy security requirements.
Checks performed on passwords to prevent the use of easily guessed passwords. Triviality checks prevent the use of words found in the dictionary, user names, and variations of the user name as passwords.
Any program that when invoked by a user steals the user's data, corrupts the user's files, or otherwise creates a mechanism whereby the Trojan horse planter can gain access to the user's account. Viruses and worms can be types of Trojan horses.
A computer program designed to insinuate itself into other programs or files in a system and then to replicate itself through any available means (disk file, network, and so forth) into other similar computers, from which it can attack yet more systems. Viruses are designed with the object of damaging or destroying the "infected" programs or systems and are often programmed to become destructive at a specific time, such as the birthday of the virus's programmer.
See also Trojan horse , worm
A technique that allows a security mechanism to trust the authentication process of a previously run security mechanism. This feature is implemented by the Security Integration Architecture (SIA).
A computer program designed to insinuate itself into other programs or files in a system and then to replicate itself through any available means (disk file, network, and so forth) into other similar computers, from which it can attack yet more systems. Worms are designed with no serious intent to do damage, but they are harmful because they occupy resources intended for legitimate use.
See also Trojan horse , virus