0 1 2 3 5 6 7 ... 20
Family - A grouping of components that share security objectives but may differ in emphasis or rigour.
Formal - Expressed in a restricted syntax language with defined semantics based on well-established mathematical concepts.
Human user - Any person who interacts with the TOE.
Identity - A representation (e.g. a string) uniquely identifying an authorised user, which can either be the full or abbreviated name of that user or a pseudonym.
Informal - Expressed in natural language.
Internal communication channel - A communication channel between separated parts of TOE.
Internal TOE transfer - Communicating data between separated parts of the TOE.
Inter-TSF transfers - Communicating data between the TOE and the security functions of other trusted IT products.
Iteration - The use of a component more than once with varying operations.
Object - An entity within the TSC that contains or receives information and upon which subjects perform operations.
Organisational security policies - One or more security rules, procedures, practices, or guidelines imposed by an organisation upon its operations.
Package - A reusable set of either functional or assurance components (e.g. an EAL), combined together to satisfy a set of identified security objectives.
Product - A package of IT software, firmware and/or hardware, providing functionality designed for use or incorporation within a multiplicity of systems.
Protection Profile (PP) - An implementation-independent set of security requirements for a category of TOEs that meet specific consumer needs.
Reference monitor - The concept of an abstract machine that enforces TOE access control policies.
Reference validation mechanism - An implementation of the reference monitor concept that possesses the following properties: it is tamperproof, always invoked, and simple enough to be subjected to thorough analysis and testing.
Refinement - The addition of details to a component.
Role - A predefined set of rules establishing the allowed interactions between a user and the TOE.
Secret - Information that must be known only to authorised users and/or the TSF in order to enforce a specific SFP.
Security attribute - Information associated with subjects, users and/or objects that is used for the enforcement of the TSP.
Security Function (SF) - A part or parts of the TOE that have to be relied upon for enforcing a closely related subset of the rules from the TSP.
Security Function Policy (SFP) - The security policy enforced by an SF.
Security objective - A statement of intent to counter identified threats and/or satisfy identified organisation security policies and assumptions.
Security Target (ST) - A set of security requirements and specifications to be used as the basis for evaluation of an identified TOE.
Selection - The specification of one or more items from a list in a component.
Semiformal - Expressed in a restricted syntax language with defined semantics.
Strength of Function (SOF) - A qualification of a TOE security function expressing the minimum efforts assumed necessary to defeat its expected security behaviour by directly attacking its underlying security mechanisms.
SOF-basic - A level of the TOE strength of function where analysis shows that the function provides adequate protection against casual breach of TOE security by attackers possessing a low attack potential.
SOF-medium - A level of the TOE strength of function where analysis shows that the function provides adequate protection against straightforward or intentional breach of TOE security by attackers possessing a moderate attack potential.
SOF-high - A level of the TOE strength of function where analysis shows that the function provides adequate protection against deliberately planned or organised breach of TOE security by attackers possessing a high attack potential.
Subject - An entity within the TSC that causes operations to be performed.
System - A specific IT installation, with a particular purpose and operational environment.
Target of Evaluation (TOE) - An IT product or system and its associated administrator and user guidance documentation that is the subject of an evaluation.
TOE resource - Anything useable or consumable in the TOE.
TOE Security Functions (TSF) - A set consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the TSP.
TOE Security Functions Interface (TSFI) - A set of interfaces, whether interactive (man-machine interface) or programmatic (application programming interface), through which TOE resources are accessed, mediated by the TSF, or information is obtained from the TSF.
TOE Security Policy (TSP) - A set of rules that regulate how assets are managed, protected and distributed within a TOE.
TOE security policy model - A structured representation of the security policy to be enforced
by the TOE.
Transfers outside TSF control - Communicating data to entities not under control of the TSF.
Trusted channel - A means by which a TSF and a remote trusted IT product can communicate with necessary confidence to support the TSP.
Trusted path - A means by which a user and a TSF can communicate with necessary confidence to support the TSP.
TSF data - Data created by and for the TOE, that might affect the operation of the TOE.
TSF Scope of Control (TSC) - The set of interactions that can occur with or within a TOE and are subject to the rules of the TSP.
User - Any entity (human user or external IT entity) outside the TOE that interacts with the TOE. User data - Data created by and for the user, that does not affect the operation of the TSF.
0 1 2 3 5 6 7 ... 20