TOC-TOU attack

TOC-TOU stands for Time-of-check to time-of-use. An example of TOC-TOU attack is when one print job under one user’s name is exchanged with the print job for another user. It is achieved through bypassing security controls by attacking information after the controls were exercised (that is, when the print job is queued) but before the information is used (that is, prior to printing the job). This attack is based on timing differences and changing states.

Token

(1) Something that the claimant possesses and controls (typically a key or password) used to authenticate the claimant’s identity. (2) When used in the context of authentication, a physical device necessary for user identification. (3) A token is an object that represents something else, such as another object (either physical or virtual). (4) A security token is a physical device, such as a special smart card, that together with something that a user knows, such as a PIN, can enable authorized access to a computer system or network.

Token authenticator

The value that is provided for the protocol stack to prove that the claimant possesses and controls the token. Protocol messages sent to the verifier are dependent upon the token authenticator, but they may or may not explicitly contain it.

Token device

A device used for generating passwords based on some information (e.g., time, date, and personal identification number) that is valid for only a brief period (e.g., one minute).

Top-down approach

An approach that starts with the highest-level component of a hierarchy and proceeds through progressively lower levels.

Topology

(1) The physical, nonlogical features of a card. A card may have either standard or enhanced topography. (2) The structure, consisting of paths and switches, that provides the communications interconnection among nodes of a network.

Total risk

The potential for the occurrence of an adverse event if no mitigating action taken (i.e., the potential for any applicable threat to exploit a system vulnerability).

Tracing

An automated procedure performed by software that shows what program instructions have been executed in a computer program and in which sequence they have been executed. Tracing can also be performed manually by following the path of a transaction or an activity from beginning to the end and vice versa.

Tracking cookie

A cookie placed on a user’s computer to track the user’s activity on different websites, creating a detailed profile of the user’s behavior.

Traffic analysis attack

(1) The act of passively monitoring transmissions to identify communication patterns and participants. (2) A form of passive attack in which an intruder observes information about calls (although not necessarily the contents of the messages) and makes inferences from the source and destination numbers or frequency and length of the messages. The goal is to gain intelligence about a system or its users, and may not require the examination of the content of the communications, which may or may not be decipherable. (3) A traffic flow signal from a reader could be used to detect a particular activity occurring in the communications path. (4) An inference attack occurs when a user or intruder is able to deduce information to which he had no privilege from information to which he has privilege. Traffic-flow security protection can be used to counter traffic analysis attacks.

Traffic encryption key (TEK)

A key is used to encrypt plaintext or to super-encrypt previously encrypted text and/or to decrypt ciphertext.

Traffic-flow security

The protection resulting from encrypting the source and destination addresses of valid messages transmitted over a communications circuit. Security is assured due to use of link encryption and because no part of the data is known to an attacker.

Traffic load

The number of messages input to a network during a specific time period.

Traffic padding or flooding

A protection to conceal the presence of valid messages on a communications circuit by causing the circuit to appear busy at all times. Unnecessary data are sent through the circuit to keep it busy and to confuse the intruder. It is a countermeasure against the threat of traffic analysis.

Trans-border data flow

Deals with the movement and storage of data by automatic means across national or federal boundaries. It may require data encryption when data is flowing over some borders.

Transaction

An activity or request to a computer. Purchase orders, changes, additions, and deletions are examples of transactions recorded in a business information environment. A logical unit of work for an end user. Also, used to define a program or a dialog in a computer system.

Transmission control protocol (TCP)

A reliable connection and byte-oriented transport layer protocol within the TCP/IP suite.

Transmission control protocol/Internet protocol (TCP/IP)

TCP/IP is the protocol suite used by the Internet. A protocol suite is the set of message types, their formats, and the rules that control how messages are processed by computers on the network.

Transmission medium

The physical path between transmitters and receivers in a communication network. A mechanism that supports propagation of digital signals. Examples of a transmission medium are cables such as leased lines from common commercial carriers, fiber optic cables, and satellite channels.

Transmittal list

A list, stored and transmitted with particular data items, which identifies the data in that batch and can be used to verify that no data are missing.

Transport layer

Portion of an open system interconnection (OSI) system responsible for reliability and multiplexing of data across network to the level required by the application.

Transport-layer security (TLS)

(1) An authentication and security protocol widely implemented in Web browsers and Web servers. (2) Provides security at the layer responsible for end-to-end communications. (3) Provides privacy and data integrity between two communicating applications. (4) It is designed to encapsulate other protocols, such as HTTP. TLS is new and SSL is old.

Transport mode

IPsec mode that does not create a new IP header for each protected packet.

Tranquility

A property applied to a set of (typically untrusted) controlled entities saying that their security level may not change.

Tranquility principle

A request that changes to an object’s access control attributes are prohibited as long as any subject has access to the object.

Trap

A message indicating that a fault condition may exist or that a fault is likely to occur. In computer crime investigations, trap and trace means the attacker’s phone call is trapped and traced.

Trapdoor

A hidden software or hardware mechanism that responds to a special input used to circumvent the system’s security controls. Synonymous with backdoor.

Tree topology

Tree topology is a network topology which resembles an interconnection of start networks in that individual peripheral nodes are required to transmit to and receive from one another node only toward a central node. The tree topology is not required to act as repeaters or regenerators. The tree topology, which is a variation of bus topology, is subject to a single-point of failure of a transmission path to the node. The tree topology is an example of a hybrid topology where a linear bus backbone connects star-configured networks.