Correctness

The degree to which software or its components are free from faults and/or meet specified requirements and/or user needs. Correctness is not an absolute property of a system; rather it implies the mutual consistency of a specification and its implementation. The property of being consistent with a correctness criterion, such as a program being correct with respect to its system specification or a specification being consistent with its requirements.

Correctness proof

A mathematical proof of consistency between a specification and its implementation. It may apply at the security model-to-formal specification level, at the formal specification-to-higher order language code level, at the compiler level, or at the hardware level. For example, if a system has a verified design and implementation, then its overall correctness rests with the correctness of the compiler and hardware. When a system is proved correct, it can be expected to perform as specified but not necessarily as anticipated if the specifications are incomplete or inappropriate. It is also known as proof of correctness.

Cost-benefit

A criterion for comparing programs and alternatives when benefits can be valued in dollars. Also referred to as benefit/cost ratio, which is a function of equivalent benefits and equivalent costs.

Cost-risk analysis

The assessment of the costs of potential risk of loss or compromise without data protection versus the cost of providing data protection.

Countermeasures

Actions, devices, procedures, techniques, or other measures that reduce the vulnerability of an information system. Synonymous with security controls and safeguards.

Coupling

Coupling is the manner and degree of interdependence between software modules. It is a measure of the degree to which modules share data. A high degree of coupling indicates a strong dependence among modules, which is not wanted. Data coupling is the best type of coupling, and content coupling is the worst. Data coupling is the sharing of data via parameter lists. With data coupling, only simple data is passed between modules. Similar to data cohesion, components cover an abstract data type. With content coupling, one module directly affects the working of another module as it occurs when a module changes another module’s data or when control is passed from one module to the middle of another module. A lower (weak) coupling value is better. Interfaces exhibiting strong cohesion and weak coupling are less error prone. If various modules exhibit strong internal cohesion, the intermodule coupling tends to be minimal, and vice versa.

Coverage attribute

An attribute associated with an assessment method that addresses the scope or breadth of the assessment objects included in the assessment (for example, types of objects to be assessed and the number of objects to be assessed by type). The values for the coverage attribute, hierarchically from less coverage to more coverage, are basic, focused, and comprehensive.

Covert channel

A communications channel that allows two cooperating processes to transfer information in a manner that violates a security policy but without violating the access control.

Covert storage channel

A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource shared by two subjects at different security levels.

Covert timing channel

A covert channel in which one process signals information to another by modulating its own use of system resources (e.g., CPU time) in such a way that this manipulation affects the real response time observed by the second process.

Cracking (password)

The process of an attacker recovering cryptographic password hashes and using various analytical methods to attempt to identify a character string that will produce one of those hashes.

Credential

An object that authoritatively binds an identity to a token possessed and controlled by a person. It is evidence attesting to one’s right to credit or authority.

Credentials service provider (CSP)

A trusted entity that issues or registers subscriber tokens and issues electronic credentials to subscribers. The CSP may encompass Registration Authorities (RA) and Verifiers that it operates. A CSP may be an independent third party or may issue credentials for its own use.

Criminal law

Law covering all legal aspects of crime.

Criteria

Definitions of properties and constraints to be met by system functionality and assurance.

Critical security parameter

Security-related information (e.g., secret and private cryptographic keys, and authentication data such as passwords and PINs) whose disclosure or modification can compromise the security of a cryptographic module or the security of the information protected by the module.

Criticality

A measure of how important the correct and uninterrupted functioning of the system is to the mission of a user organization. The degree to which the system performs critical processing. A system is critical if any of its requirements are critical.

Criticality level

Refers to the (consequences of) incorrect behavior of a system. The more serious the expected direct and indirect effects of incorrect behavior, the higher the criticality level.

Cross-certificate

A certificate used to establish a trust relationship between two Certification Authorities (CAs). In most cases, a relying party will want to process user certificates that were signed by issuers other than a CA in its trust list. To support this goal, CAs issue cross-certificates that bind another issuer’s name to that issuer’s public key. Cross-certificates are an assertion that a public key may be used to verify signatures on other certificates.

Cross-domain solution

A form of controlled interface that provides the ability to manually and/or automatically access and/or transfer information between different security domains.

Cross-site request forgery (CSRF)

An attack in which a subscriber who is currently authenticated to a relying party and connected through a secure session, browsers to an attacker’s website which causes the subscriber to unknowingly invoke unwanted actions at the relying party.

Cross-site scripting (XSS)

An attacker may use XML injection to perform the equivalent of a XSS, in which requesters of a valid Web service have their requests transparently rerouted to an attacker-controlled Web service that performs malicious operations.

Cryptanalysis

The operations performed in defeating cryptographic protection without an initial knowledge of the key employed in providing the protection.

Cryptanalytic attacks

Several attacks such as COA, KPA, CTA, CPA, ACPA, CCA, and ACCA are possible as follows.

Ciphertext only attack (COA): An attacker has some ciphertext and he does not know the plaintext or the key. His goal is to find the corresponding plaintext. This is the most common attack and the easiest to defend because the attacker has the least amount of information (i.e., ciphertext only) to work with.

Known plaintext attack (KPA): An attacker is able to match the ciphertext with the known plaintext and the encryption algorithm but does not know the key to decode the ciphertext. This attack is harder, but still common because the attacker tries to deduce the key based on the known plaintext. This attack is similar to brute force attack. The KPA works against data encryption standard (DES) in any of its four operating modes (i.e., ECB, CBC, CFB, and OFB) with the same complexity. DES with any number of rounds fewer than 16 could be broken with a known-plaintext attack more efficiently than by brute force attack.