Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] P class P-boxes 2nd Packet filtering gateways Packet sniffers Packets, network 2nd Page address translation Page frames Page size Page translation table Paged segmentation Paging 2nd Palladium (protect memory project) Parallel attack Parity check Parker, Donn Parochial versus professional organizations Partial ordering Partial plaintext attacks Partitioning multilevel databases Pass-through problem Passenger Name Record (PNR) Passive fault detection Passive wiretapping Passport Password attacks 12-step process brute force encrypted password file exhaustive guessing indiscreet users plaintext password list probability salt extension trial and error weak passwords Passwords as authenticators frequency of change guessing Microsoft mnemonic qualities network tokens one-time selection criteria with Kerberos Patents definition Diamond v. Bradley Diamond v. Diehr for computer objects Gottschalk v. Benson infringement legal issues 2nd ownership registering requirements of novelty Path, trusted [See Trusted path.] Patriot Act Patterns cryptographic permutations database reliability virus signatures Payment schemes, web privacy Payments online, web privacy PDF, deleting text Peer reviews Peers, network Penetrate-and-patch technique Penetration testing 2nd 3rd Per-object file protection Per-session cookies Per-subject protection Per-user file protection Performance testing Permission based principles of trusted systems Permissions [See also Privilege.] individual persistent temporary acquired Permutation cycle Permutations columnar transpositions combined approaches definition digram analysis digrams encipherment/decipherment complexity patterns product ciphers substitution ciphers symmetric encryption trigrams types Permuted choices Persistent cookies Personal computer users, security responsibilities Personal firewall Personal identification number (PIN) Personnel staff members, security responsibilities PGP (Pretty Good Privacy) Phishing 2nd [See also Impersonation.] Photon reception Photons, cryptography with Physical controls Physical security backing up data cold site backups complete backups computer screen emanations contingency planning definition degaussing magnetic data "dirty" power fires floods guards hot site backups intercepting sensitive information locks natural disasters networked backups offsite backups overwriting magnetic data power loss revolving backups selective backups shell backups shredding paper data smart cards surge suppressors Tempest program theft prevention unauthorized access UPS (uninterruptible power supply) vandalism Physical separation 2nd PIN (personal identification number) Ping of death Ping protocol Piracy Pixel tags [See Web bugs.] PKI (public key infrastructure) Plaintext chosen plaintext attacks ciphertext only attacks definition full plaintext attacks partial plaintext attacks password list attacks probable plaintext attacks Planning, security [See Risk analysis; Security plan.] PNR (Passenger Name Record) Poem codes Polarizing filters Policies [See also Principles; Security policies; Standards.] economic privacy [See Privacy.] security [See Security policies.] Polyinstantiation Polymorphism, viruses Port numbers Port scans Power off, virus defense Power, electrical Power, Richard PR/SM [See IBM, Processor Resources/System Manager.] Pragmatic versus normative organizations Precision versus security Prediction, of risk [See Risk analysis.] Pretty Good Privacy (PGP) Prevention [See Controls; Defense methods.] Prime numbers Primitive operations Principles [See also Policies; Standards.] economic privacy [See Privacy.] security adequate protection easiest penetration effectiveness weakest link trusted systems [See Trusted systems.] Privacy [See also Confidentiality.] access control affected subject aspects of authentication anonymized records attributes identity 2nd individual 2nd meaning of overview case study computer-related problems controlled disclosure data mining aggregation of data correlation of data data perturbation government preserving privacy sensitive data dimensions of privacy access control anonymous interception mixmaster remailers monitoring overview remailers simple remailers spamming spoofing transmitting emerging technologies consumer products electronic voting overview privacy issues RFID (radio frequency identification) security issues Skype VoIP (Voice over IP) government and Council of Europe European Privacy Directive Icelandic DNA database principles and policies U.K. RIPA (Regulation of Investigatory Powers Act) history of information collection 2nd information disclosure information retention information security information usage informed consent loss of control monitoring on the web advertising adware contests cookies credit card payments drive-by installation highjackers keystroke loggers offers online environment online profiling payment schemes payments online precautions registration shopping site ownership spyware third-party ads third-party cookies web bugs ownership of data policy changes principles and policies access control anonymity audit trails authentication Convention 2nd COPPA (Children's Online Privacy Protection Act) Council of Europe data access risks data anonymization data left in place data minimization deceptive practices defense methods Directive 95/46/EC e-Government Act of 2000 European Privacy Directive Fair Credit Reporting Act fair information Fair Information Policies Federal Educational Rights and Privacy Act FTC (Federal Trade Commission) GLBA (Graham-Leach-Bliley Act) government policies HIPAA (Health Insurance Portability and Accountability Act) identity theft multiple identities non-U.S. Privacy Act (5 USC 552a) protecting stored data pseudonymity quality restricted usage training U.S. laws Ware committee report web site controls, commercial web site controls, government rights, ethical issues RIPA (Regulation of Investigatory Powers Act) sensitive data Privacy Act 2nd Privacy-preserving data mining Private key encryption [See also AES (Advanced Encryption System); DES (Data Encryption Standard); Symmetric encryption.] Privilege [See also Permissions.] escalation limited Probability Probability password attacks Probable plaintext attacks Probable value disclosure Problems, cryptographic Procedure-oriented access control Process activation Process versus results organizations Product cipher, DES Product ciphers Product ownership Professional versus parochial organizations Profile, of attackers Programs definition [See also Applications; Code (program); Software.] protection legal issues computer objects copyright 2nd documentation protection domain names firmware hardware object code software patents 2nd reverse engineering source code software trade secrets 2nd trademark URLs web content Programs, security [See also Operating system security; Trusted systems.] controls [See Controls.] cyber attacks errors failures faults fixing faults flaws aliasing authentication boundary conditions definition domain errors identification logic errors overview serialization types of validation errors IEEE Standard 2nd intentional incidents [See Cyber attacks.] malicious code [See also Attacks, methods; Trapdoors; Viruses.] agents back doors [See Trapdoors.] history of implementation time interface illusions keystroke logging leaking information [See Covert channels.] logic bombs man-in-the-middle attacks potential for harm privilege escalation rabbits rootkit revealers rootkits Sony XCP (extended copy protection) rootkit spoofing threat assessment time bombs timing attacks Trojan horses types of 2nd worms zero day exploits nonmalicious errors buffer overflows causes of failures combined flaws incomplete mediation synchronization time-of-check to time-of-use errors overview penetrate-and-patch technique unexpected behavior Project leaders, security responsibilities Proliferation of keys Proof of program correctness Propagation of errors Proprietary resources, ethical issues Prosecuting computer crime Protected objects, accessing access control matrix ACLs (access control lists) AS (authentication server) capability directories domains erasing deleted files KDC (key distribution center) Kerberos local name space procedure-oriented protection goals pseudonyms revocation of access role-based single sign-on TGS (ticket-granting server) types of wild cards Protecting stored data Protection [See Controls; Defense methods.] Protection profiles Protection system commands Protection systems Protocols destination unreachable echo encryption failures flaws networking ping SMTP (simple mail transport protocol) SNMP (simple network management protocol) source quench stack TCP/IP UDP (user datagram protocol) Provenzano, Bernardo Proxies Proxy firewall Pseudonymity Pseudonyms PSOS (Provably Secure Operating System) Public domain Public key encryption [See also Asymmetric encryption; RSA (Rivest-Shamir-Adelman) encryption.] characteristics definition flow diagram key proliferation purpose of Public key infrastructure (PKI) |