expand for answer
Exploitable channel
Channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base. (. See covert channel. )
Similar items:
A channel that conveys information by writing data to a common storage area where another process can read it. A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource that is shared by two subjects at different security levels. Covert channel involving the direct or indirect writing to a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (e. g. , sectors on a disk) that is shared by two subjects at different security levels.
[view]
[view]
A channel of communication within a computer system, or network, that is not designed or intended to transfer information. The means by which data can be communicated outside of normal, expected, or detectable methods. Unintended and/or unauthorized communications path that can be used to transfer information in a manner that violates an information system security policy. (. See overt channel and exploitable channel. )
[view]
[view]
A channel that conveys information by altering the performance of a system component or modifying a resource’s timing in a predictable manner. A covert channel in which one process signals information to another by modulating its own use of system resources in such a way that this manipulation affects the real response time observed by the second process. Covert channel in which one process signals information to another process by modulating its own use of system resources (e. g. , central processing unit time) in such a way that this manipulation affects the real response time observed by the second process.
[view]
[view]
A violation, or imminent threat of a violation, of a security policy or practice within the organization. Computer security incidents are the result of an attack, malware infection, or inappropriate usage by employees. See incident.
[view]
[view]
The combination of hardware, software, and controls that form a trusted base that enforces your security policy. The totality of protection mechanisms within a computer system, including hardware, software, and communications equipment, the combination of which is responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system. The ability of a trusted computing base to correctly enforce a security policy depends solely on the mechanisms within the TCB and on the correct input by system administrative personnel of parameters (such as a user’s clearance) related to the security policy. Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination responsible for enforcing a security policy.
[view]
[view]
There are no comments yet.