https://DevOpsCloud.io -- Cloud Monk Losang Jinpa

Return to RFC 4949 Internet Security Glossary Definitions, RFC 4949 Internet Security Glossary, RFC 4949 Internet Security Glossary Bibliography, Cybersecurity, Awesome Security

---

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• UDP

(I) See: User Datagram Protocol.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• UDP flood

(I) A denial-of-service attack that takes advantage of (a) one system's UDP test function that generates a series of characters for each packet it receives and (b) another system's UPD test function that echoes any character it receives; the attack connects (a) to (b) to cause a nonstop flow of data between the two systems. (See: flooding.)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• unauthorized disclosure

(I) A circumstance or event whereby an entity gains access to information for which the entity is not authorized.

Shirey Informational Page 325]

RFC 4949 Internet Security Glossary, Version 2 August 2007

Tutorial: This type of threat consequence can be caused by the following types of threat actions: exposure, interception, inference, and intrusion. Some methods of protecting against this consequence include access control, flow control, and inference control. (See: data confidentiality.)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• unauthorized user

(I) /access control/ A system entity that accesses a system resource for which the entity has not received an authorization. (See: user. Compare: authorized user, insider, outsider.)

Usage: IDOCs that use this term SHOULD state a definition for it because the term is used in many ways and could easily be misunderstood.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• uncertainty

(N) An information-theoretic measure (usually stated as a number of bits) of the minimum amount of plaintext information that needs to be recovered from cipher text to learn the entire plain text that was encrypted. [SP63] (See: entropy.)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• unclassified

(I) Not classified. (Compare: FOUO.)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• unencrypted

(I) Not encrypted.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• unforgeable

(I) /cryptography/ The property of a cryptographic data structure (i.e., a data structure that is defined using one or more cryptographic functions, e.g., “digital certificate”) that makes it computationally infeasible to construct (i.e., compute) an unauthorized but correct value of the structure without having knowledge of one of more keys.

Tutorial: This definition is narrower than general English usage, where “unforgeable” means unable to be fraudulently created or duplicated. In that broader sense, anyone can forge a digital certificate containing any set of data items whatsoever by generating the to-be-signed certificate and signing it with any private key whatsoever. But for PKI purposes, the forged data structure is invalid if it is not signed with the true private key of the claimed issuer; thus, the forgery will be detected when a certificate user uses the true public key of the claimed issuer to verify the signature.

Shirey Informational Page 326]

RFC 4949 Internet Security Glossary, Version 2 August 2007

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• uniform resource identifier (URI)

(I) A type of formatted identifier (RFC 3986) that encapsulates the name of an Internet object, and labels it with an identification of the name space, thus producing a member of the universal set of names in registered name spaces and of addresses referring to registered protocols or name spaces.

Example: HTML uses URIs to identify the target of hyperlinks.

Usage: “A URI can be classified as a locator (see: URL), a name (see: URN), or both. … Instances of URIs from any given scheme may have the characteristics of names or locators or both, often depending on the persistence and care in the assignment of identifiers by the naming authority, rather than on any quality of the scheme.” IDOCs SHOULD “use the general term 'URI' rather than the more restrictive terms 'URL' and 'URN'.” (RFC 3986)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• uniform resource locator (URL)

(I) A URI that describes the access method and location of an information resource object on the Internet. (See: Usage under “URI”. Compare: URN.)

Tutorial: The term URL “refers to the subset of URIs that, besides identifying a resource, provide a means of locating the resource by describing its primary access mechanism (e.g., its network 'location').” (RFC 3986)

A URL provides explicit instructions on how to access the named object. For example, “ftp://bbnarchive.bbn.com/foo/bar/picture/cambridge.zip” is a URL. The part before the colon specifies the access scheme or protocol, and the part after the colon is interpreted according to that access method. Usually, two slashes after the colon indicate the host name of a server (written as a domain name). In an FTP or HTTP URL, the host name is followed by the path name of a file on the server. The last (optional) part of a URL may be either a fragment identifier that indicates a position in the file, or a query string.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• uniform resource name (URN)

(I) A URI with the properties of a name. (See: Usage under “URI”. Compare: URL.)

Tutorial: The term URN “has been used historically to refer to both URIs under the ”urn“ scheme (RFC 2141), which are required to remain globally unique and persistent even when the resource ceases to exist or becomes unavailable, and to any other URI with the properties of a name.” (RFC 3986)

Shirey Informational Page 327]

RFC 4949 Internet Security Glossary, Version 2 August 2007

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• untrusted

(I) See: secondary definition under “trust”.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• untrusted process

1. (I) A system component that is not able to affect the state of system security through incorrect or malicious operation. Example: A component that has its operations confined by a security kernel. (See: trusted process.)

2. (I) A system component that (a) has not been evaluated or examined for adherence to a specified security policy and, therefore, (b) must be assumed to contain logic that might attempt to circumvent system security.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• UORA

(O) See: user-PIN ORA.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• update

See: “certificate update” and “key update”.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• upgrade

(I) /data security/ Increase the classification level of data without changing the information content of the data. (See: classify, downgrade, regrade.)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• URI

(I) See: uniform resource identifier.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• URL

(I) See: uniform resource locator.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• URN

(I) See: uniform resource name.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• user

See: system user.

Usage: IDOCs that use this term SHOULD state a definition for it because the term is used in many ways and could easily be misunderstood.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• user authentication service

(I) A security service that verifies the id[[entity claimed by an entity that attempts to access the system. (See: authentication, user.)

Shirey Informational Page 328]

RFC 4949 Internet Security Glossary, Version 2 August 2007

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• User Datagram Protocol (UDP)

(I) An Internet Standard, Transport-Layer protocol (RFC 768) that delivers a sequence of datagrams from one computer to another in a computer network. (See: UPD flood.)

Tutorial: UDP assumes that IP is the underlying protocol. UDP enables application programs to send transaction-oriented data to other programs with minimal protocol mechanism. UDP does not provide reliable delivery, flow control, sequencing, or other end- to-end service guarantees that TCP does.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• user identifier

(I) See: identifier.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• user id[[entity

(I) See: id[[entity.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• user PIN

(O) /MISSI/ One of two PINs that control access to the functions and stored data of a FORTEZZA PC card. Knowledge of the user PIN enables a card user to perform the FORTEZZA functions that are intended for use by an end user. (See: PIN. Compare: SSO PIN.)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• user-PIN ORA (UORA)

(O) /MISSI/ A MISSI organizational RA that operates in a mode in which the ORA performs only the subset of card management functions that are possible with knowledge of the user PIN for a FORTEZZA PC card. (See: no-PIN ORA, SSO-PIN ORA.)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• usurpation

(I) A circumstance or event that results in control of system services or functions by an unauthorized entity. This type of threat consequence can be caused by the following types of threat actions: misappropriation, misuse. (See: access control.)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• UTCTime

(N) The ASN.1 data type “UTCTime” contains a calendar date (YYMMDD) and a time to a precision of either one minute (HHMM) or one second (HHMMSS), where the time is either (a) Coordinated Universal Time or (b) the local time followed by an offset that enables Coordinated Universal Time to be calculated. (See: Coordinated Universal Time. Compare: GeneralizedTime.)

Usage: If you care about centuries or millennia, you probably need to use the GeneralizedTime data type instead of UTCTime.

Shirey Informational Page 329]

RFC 4949 Internet Security Glossary, Version 2 August 2007

---

Fair Use Sources:

• RFC 4949 Internet Security Glossary