Trusted distribution

A trusted method for distributing the trusted computing base (TCB) hardware, software, and firmware components, both originals and updates, that provides methods for protecting the TCB from modification during distribution and for detection of any changes to the TCB that may occur.

Trusted functionality

That which is determined to be correct with respect to some criteria, e.g., as established by a security policy. The functionality shall neither fall short of nor exceed the criteria.

Trusted operating system (TOS)

A trusted operating system is part of a trusted computing base (TCB) that has been evaluated at an assurance level necessary to protect the data that will be processed.

Trusted path

(1) A means by which an operator and a security function can communicate with the necessary confidence to support the security policy associated with the security function. (2) A mechanism by which a user (through an input device) can communicate directly with the security functions of the information system with the necessary confidence to support the system security policy. This mechanism can only be activated by the user or the security functions of the information system and cannot be imitated by untrusted software.

Trusted platform module (TPM) chip

A tamper-resistant integrated circuit built into some computer motherboards that can perform cryptographic operations (including key generation) and protect small amounts of sensitive information, such as passwords and cryptographic keys. TPM chip, through its key cache management feature, protects the generated keys used in encrypted file system (EFS).

Trusted relationships

Policies that govern how entities in differing domains honor each other’s authorizations. An authority may be completely trusted for example, any statement from the authority will be accepted as a basis for action or there may be limited trust, in which case only statements in a specific range are accepted.

Trusted software

It is the software portion of a trusted computing base (TCB).

Trusted subject

A subject that is part of the trusted computing base (TCB). It has the ability to violate the security policy but is trusted not to actually do so. For example, in the Bell-LaPadula model, a trusted subject is not constrained by the star-property and thus has the capability to write sensitive information into an object whose level is not dominated by the (maximum) level of the subject, but it is trusted to only write information into objects with a label appropriate for the actual level of the information.

Trusted system

Employing sufficient integrity measures to allow its use for processing intelligence information involving sensitive intelligence sources and methods.

Trusted third party (TTP)

An entity other than the owner and verifier that is trusted by the owner or the verifier or both. Sometimes shortened to “trusted party.”

Trustworthiness

(1) The attribute of a person or enterprise that provides confidence to others of the qualifications, capabilities, and reliability of that entity to perform specific tasks and fulfill assigned responsibilities. (2) A characteristic or property of an information system that expresses the degree to which the system can be expected to preserve the confidentiality, integrity, and availability of the information being processed, stored, or transmitted by the system.

Trustworthy system

Computer hardware, software, and procedures that (1) are reasonably secure from intrusion and misuse, (2) provide a reasonable level of availability, reliability, and correct operation, (3) are reasonably suited to performing their intended functions, and (4) adhere to generally accepted security principles.

Truth table

Computer logic blocks can use combinational logic (without memory) or sequential logic (with memory). The combinational logic can be specified by defining the values of the outputs for each possible set of input values using a truth table. Each entry in the table specifies the value of all the outputs for that particular input combination. Truth tables can grow in size quickly and may be difficult to understand. After a truth table is constructed, it can be optimized by keeping nonzero output values only.

Tuning

Altering the configuration of an intrusion detection and prevention system (IDPS) to improve its detection accuracy.

Tunnel mode

IPsec mode that creates a new IP header for each protected packet.

Tunnel virtual private network (VPN)

A secure socket layer (SSL) connection that allows a wide variety of protocols and applications to be run through it.

Tunneled password protocol

A protocol where a password is sent through a protected channel to a cryptographically authenticated verifier. For example, the transport layer security (TLS) protocol is often used with a verifier’s public key certificate to (1) authenticate the verifier to the claimant, (2) establish an encrypted session between the verifier and claimant, and (3) transmit the claimant’s password to the verifier. The encrypted TLS session protects the claimant’s password from eavesdroppers.

Tunneling

(1) It is a technology enabling one network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. (2) A high-level remote access architecture that provides a secure tunnel between a telework client device (a personal computer used by a remote worker) and a tunneling server through which application system traffic may pass. (3) A method of circumventing a firewall by hiding a message that would be rejected by the firewall inside a second, acceptable message.

Tunneling attack

An attack that attempts to exploit a weakness in a system at a level of abstraction lower than that used by the developer to design and/or test the system.

Tunneling router

A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual decryption and de-encapsulation.

Turnstiles

Turnstiles will decrease the everyday piggybacking or tailgating by forcing people to go through a turnstile one person at a time. Turnstiles are used in data centers and office buildings.

Twisted-pair wire

Twisted-pair wire is the most commonly used media, and its application is limited to single building or a few buildings, and used for lower performance systems.

Two-factor authentication

A type of authentication that requires two independent methods to establish identity and authorization to perform security services. The three most recognized factors are (1) something you are (e.g., biometrics), (2) something you know (e.g., password), and (3) something you have (e.g., smart card).

Two-part code

It is a code consisting of an encoding section (first part) arranged in alphabetical or numeric order and a decoding section (second part) arranged in a separate alphabetical or numeric order.

Two-person control

Continuous surveillance and monitoring of positive control material at all times by a minimum of two authorized individuals, each capable of detecting incorrect and unauthorized procedures with respect to the task being performed and each familiar with established security and safety requirements.

Two-person integrity

System of storage and handling designed to prohibit individual access by requiring the presence of at least two authorized individuals, each capable of detecting incorrect or unauthorized security procedures with respect to the task being performed.