Vocabulary

access controlA security control ensuring that only authorised parties may perform actions, such as reading or writing resources. accountabilityThe property by which a misbehaving entity may be detected, and held to account or punished for its actions. active disruptionAn attack that involves actively injecting malformed or other malicious information to violate the security properties of a system. adversarial behaviourBehaviour, either active or passive, that aims to violate the security properties of the system. adversaryAn entity that aims to violate the security properties or interrupt the operation of the system. analogA system that processes input signals as continuously variable quantities. anonymityThe property by which an entity or action cannot be linked to a long-term name or identifier. anonymous channelA channel that ensures the sender or receiver of messages, or the initiator or server of the communication remains anonymous. anonymous messagingA messaging system that offers senders or receivers of messages anonymity. anonymous publishingA system allowing publishers of resources to remain anonymous, or readers of such material to remain anonymous. application lifecycleThe full set of activities from design through to development, testing, deployment, configuration, maintenance and decommissioning of software. application platformA software system offering facilities for writing higher level application software. For example, an operating system, a browser or a generic web-server. architectureThe manner in which different software design elements are combined and connected to engineer a larger system. attackAn activity that aims to violate the security properties or availability of a system. attack surfaceAll the components that the adversary may access and influence, that could lead to successfully attacking the system. auditorAn entity that reviews the actions of another entity to ensure it has performed its operations correctly. autopoiesisA system that maintains its own structure (Maturana). authorityAn entity that may take actions independently of, and un-coerced by, other entities. availabilityA security property that ensures the system can provide functionality despite the actions of an adversary. backboneThe part of the wide-area network that connects disparate networks to provide long range communications. blacklistThe activity of registering misbehaving identities and ensuring they are barred from using the system in the future. blockchainA high-integrity append-only datastructure on which Bitcoin is based. broadcastSending of a message to all other parties in the network. byzantine fault toleranceThe ability of a distributed system to maintain consistency despite adversarial entities. capabilitiesthe potential for a being to act in the world. Also called “capacities” or “affordances.” censorship resistanceThe security property that guarantees that material may be published and accessed despite the actions of an adversary, behaving as a censor, attempting to block or alter it. central clockA common reference for time or ordering that may assist in building consistent distributed systems. centralisedA system that relies on a single authority or single component to offer its properties. centralised directoryA central service offering a list and mapping between names and their properties, such as addresses and keys. certificate authorityA trusted entity that certifies the mapping between names and public keys, in the form of a certificate, to facilitate authentic secure communications. churnThe phenomenon in decentralized networks by which nodes constantly come on- and off-line. circumvention mechanismA security mechanism allowing communication across attempts to block it, for example by a national firewall. claimA signed statement by an authority attesting that an entity has an attribute. clientThe software agent used by a user. client-server architectureThe common Internet service architecture by which a user client connects to a service provider. cloud computingA distributed, but not decentralized, service architecture based on running Internet services in large data centers. codeThe language in which software is written. coercionAn attack by which an adversary forces an otherwise honest party to collude into violating some security assumption. cognitionA process that refers to memory, language, or attention collective intelligenceThe intelligence exhibited by a system composed of multiple distinct entities, where the system is autopoietic. (Halpin) command and controlThe mechanism by which a system or network is controlled, usually centrally. component failureA single technical component or entity behaving arbitrarily, but usually not maliciously. compromisedAn entity that is entirely under the observation and control of the adversary. confidentialityThe family of security properties relating to keeping information secret from adversaries. cooperationEvery entity is expected to follow the same rules in the system depending on its roles. In the early internet this was feasible since anyone working on the Internet shared the same motivation: to maximize efficiency and optimize the system technologically to build a reliable, efficient, and powerful network, although it may not be the case today or in the future. cooperativeAn entity that takes actions that benefit the system as a whole, as opposed to operating in a selfish manner. corrupt insiderAn entity with some legitimate authority within the system, that is under the control of the adversary. cover trafficNetwork traffic that is used as part of a security mechanism to obscure the meta-data of genuine traffic. covertnessThe security property involving obscuring that a user’s actions are taking place. CPU cycleThe unit of computation on modern central processing units. cryptographic proofA piece of information generated by a prover to convince a verifier of a statement. cryptographic protocolA directive for a sequence of messages exchanged by two or more parties that are part of a cryptographic protection mechanism achieving specific security properties. cryptographyThe mathematical discipline dealing with building techniques that protect secrecy and integrity. darknetAn overlay network that is somehow hidden from view and can be accessed using specialized software. In some social and popular parlance, this is confused with any “illegal” activity on the Internet, although the activity on darknets may be legal data collectionThe set of operations that data is subject to in a system, including the visibility of the data for each user. See “privacy.” In Europe, enforced by Data Protection rules. decentralizedA distributed system involving multiple entities with separate authorities. This kind of architecture may not only apply to technical systems but an entire class of phenomena ranging from the biological to the social systems, and how they are intertwined with technical architectures, including issues of governance, management, cooperation, not as separate, “juxtaposed” phenomena, but as they are embedded in the architecture itself. denial-of-serviceAn attack that attempts to degrade the availability properties of a system. deploymentsThe actual use of a software system by users, as compared to its specification, design or engineering. dev-opsThe discipline that combines the development of software with aspects of its operation such as deployment, configuration management and monitoring. device independenceThe property of a service that allows its users to seamlessly use it from multiple different and new devices. digitalA system that processes digital signals generated by digital modulation. Electronic devices such as computers and mobile phones are digital systems. digital studiesThe study of the digital in the widest sense, not just with a focus on the humanities as in “digital humanities.” differential privacyA security property of the system ensuring that decisions and information are not overly dependent on single user records, therefore protecting their privacy. distributedA property of a technical system by which multiple hardware elements are combined through networking to build a larger system. distributed hash tableA peer-to-peer system that assigns peers fixed addressing identifiers in such a way that efficient routing is achieved. distributed ledgerA distributed system that provides a high-integrity ledger. diversityA feature of a network containing elements with different capabilities. ecological diversityA security mechanism using different software and hardware components to reduce correlated failures. efficiencyThe effective use of resources towards achieving an engineering goal, without waste. encrypted flowA bidirectional sequence of messages protected through cryptographic techniques. encryptionA cryptographic security mechanism that achieves confidentiality. end-pointThe receiver of a message or a sender. Often neglected in security models, it may be the user’s client or computer. energy efficientA system that can operate under strict energy constraints. entropyA measurement of randomeness. A system that is completely random has maximum entropy. Necessary for key generation in terms of encryption. ephemeral keyA cryptographic key that is only used for a short window of time, and securely deleted afterwards. epistemologyThe study of what can be known. This is usually consider smaller than what exists, i.e. ontology. everyday engineeringUnderlines the need to understand ‘how things are done’ in daily engineering practice: the negotiation work and organizational politics subtending engineering, i.e. how the creation process by engineers exists in close relation to the social, and how design decisions are more often than not based, in addition to technical data, on other dynamics (Dominique Vinck) extended mindThe theory that cognition can be extended into the world and outside the barriers of an individual like the brain or skin. (Andy Clark) federatedA system that is composed of interconnected providers serving users. forkA split in a software project or other common infrastructure, often led by a fork in the community itself. freshnessA property of keys or nonces, which ensures that they have not been replayed from past information. global passive adversaryAn adversary that may observe all messages in the network. gossipA routing protocol by which messages are passed on to neighbouring nodes without any directed routing. governanceThe set of decision-making processes, the ensemble of procedures that frame the choices subtending the organizational design of systems, including technical, legal and value-sharing choices. This includes how governance of the system is created/maintained and how the system copes with crisis. group key agreementA cryptographic protocol that leads participants to sharing a secret key. group secure communicationsA cryptographic protocol that allows participants to exchange protected messages. group signatureAn unforgeable signature that does not divulge who, out of a defined set, was the signer. hardeningEngineering a system to resist certain classes of attacks. heterogeneitysee ‘diversity’. high-availabilityA property of the system that ensures minimal down time. incentiveA reason for an entity to behave in a certain, usually desirable, fashion. inconsistencyThe state of a system in which a contradiction exists in the information considered authoritative by one or more nodes. indexingAlgorithms for processing data to allow for efficient search. individuationThe process by which a being becomes an individual with capacities (Simondon) information dispersion codeA technique allowing information to be split into smaller fragments and reconstructed through a subset of them. infrastructureA system that is used by others to provide one or more services necessary for higher level applications. integrityThe property by which a system state is not affected by the adversary. IP address spaceThe space of names for machines interconnected through the Internet. load balancingThe process by which incoming requests are distributed across different machines to avoid any of them being overloaded. keyA number used in encryption and decryption. If private, it should be kept secret and should be randomly generated from a high entropy source. localityThe practice of keeping information or processing close to each other or the users. location-based serviceA service the customises its outputs by the location of the user. low-latencyA property of systems with human-unnoticeable delays when sending a message to its recipient. malicious insiderAn entity that has some legitimate authority in the system, but is also controlled by the adversary. mass surveillanceAn attack that involves the mass and indiscriminate collection and possibly processing of data. mechanism designThe economic discipline that creates systems in which honest parties have incentives to behave truthfully and cooperatively. mesh networkA network in which nodes are connected to each other physically to allow for wide-area routing. meta-dataAll data about a communication that are not its content. metaphysicsThe fundamental assumptions around time and space that shape possible ontologies. middle boxA network element that transparently processes flows of traffic. mix systemA security mechanism that offers communication anonymity. mobileA network user that physically moves. mobile codeSoftware that is delivered dynamically across the network. national firewallA network element, usually placed around the inter-networks of a national state, that allows it to control and block access to parts of the outside network. negentropyThe process that characterizes life as it struggles against the energy dissipation and disorganization that results (Schrödinger). The concept can be generalized to describe anything that tends to create the difference, choice or new, in a system developing in the direction of self-preservation or an improvement (Stiegler) nodeA peer or entity in the network. node enumerationAn attack by which the attacker learns all other participants in the system. non-colludingAn entity that does not collaborate with others to violate security properties. onion routingA security mechanism delivering communication anonymity for interactive streams of traffic. ontologyThe study of being, i.e. “what exists.” organologyThe study of all artifices (tools, machines, prosthetics, recording and communication devices) and their interrelation. open systemA system that anyone may join. out-of-band communicationA message that is transmitted outside the system considered. outsourced computationA computation that is performed on behalf of the user by a remote service. overlay networkA network that uses another network for basic communications. passive collectionAn attack technique involving only collection of information. peersee ‘node’ peer discoveryA mechanism by which peers may discover other peers of interest to them. pharmacologyFrom the Greek word meaning both poison and medicine, means something that is simultaneously both positive and negative) and so must inform the politics and ethics of care within a larger historical context (Stiegler). peer-to-peerA network in which all nodes are equal and may perform all functions. phenomenologySubjective experience that cannot be measured easily by science, such as the feeling of “being there.” platform insecurityThe issue that end user computing devices may be vulnerable to attacks. plausible deniabilityThe security property that ensures users of a system can deny allegations of having specific knowledge or having acted in a certain way. poisoningAn attack by which the adversary injects false information about a system state, for example into honest parties’ routing tables. principalsee entity privacyThe possibility for each user to know and master which operations involving his/her data is collected by third parties, and the balances of power and control that take shape as a result. privacy systemA system that supports one or more privacy properties. private information retrievalA security mechanism that allows for querying records from a database without disclosing which record to anyone. providerAn entity within a possibly federated system that serves users. proxyA network relay, possibly obscuring who is talking with whom. pseudonymityThe security property of associating another name to users that is stable over time for a system, yet conceals their real identity. real-timeA system that guarantees that certain properties will hold by a certain deadline. reference monitorThe security component that is entrusted to decide and enforce access control. reputationThe deeds of an entity that make it more or less trustworthy to others. resilienceThe property of operating despite failures and attack. revocableThe ability to uncover the identity of an otherwise anonymous party. rightsEqual access to capabilities given by an institutional framework root of trustThe entity that is entrusted by all others. routingThe process by which messages are routed in a wide-area network to their ultimate destination. routing decisionThe process by which a router decides where to send a message that is being routed. routing tableThe information necessary to make routing decisions. scalabilityThe property of a system to handle more load as more machines are devoted to the task. secure deletionThe security property that ensures deleted information may not be recovered. secure multi-party computationA security mechanism that allows for a computation to be executed privately over multiple entities. security policyThe statement of the properties that must hold in the secure system despite the attempts of a motivated strategic adversary to subvert them. selfishA node that chooses between valid options to maximize their return with no regard for the welfare of the network. sensor networkA mesh network of sensor nodes. serverA machine that runs a service and makes it available to users / clients. serviceA computer software on a remote system that users may use. shareA piece of information that along with others may be used to reconstruct a secret. smart contractA contract that is encoded in a computer language and triggers automatically when certain conditions are fulfilled. social graphA graph of users and the relations between them. social linkA connection between two users that denotes a relationship of some kind. software updateA modification to software that fixes certain bugs or attacks, or adds new features. structured peer-to-peersee ‘distributed hash table’. super-nodeA peer that is entrusted with performing a wider function than other peers. sybil attackAn attack by which an adversary tries to build multiple identities they control. systemic failureA failure that is due to the fundamental way in which the system was put together. telemetryData sent back by an application with analytics of its actual behavior. threshold cryptographyCryptographic techniques involving multiple parties, and that can tolerate a fraction of parties being corrupt. tit-for-tatA strategy by which users reflect each other’s positive actions and punish deviation. toolchainA set of tools that facilitate the process of software creation. tracesMarks left in the world that can be detected. Often the term “digital traces” is used for data left by users. traffic analysisThe disciplines of extracting information out of communications meta-data. transindividuationHow the process of individuation can be effected by the larger society and technical artefacts. transparent logA security system that guarantees all parties observe the same high-integrity data. trustThe construction of shared meanings among the actors concerned by the use of a specific system – shared meanings on which they rely for subsequent operations on and by means of the technology. trustedTechnically, a component that, if controlled by the adversary, may violate the security properties of the system. In a general sense, a component whose behavior is predictable or expected according to shared meanings. trusted partyAn entity that is trusted. unobservabilityThe security property ensuring that adversaries cannot determine whether an action has, or has not, taken place. untrusted entityAn entity, potentially centralized, that offers a service to others but is however not trusted, i.e. could fail without affecting the security properties of the system. values in designThe core hypothesis that architecture and design features may be systematically related to political, social, ethical values, such as security, privacy, and freedom. The goal of a VID approach is to identify, define and analyze these relationships, and in parallel, point out the ways in which law and policy normative systems interact with material technologies. This entails looking at values “from the ground up” – observing how they become embodied in artefacts. (Helen Nissenbaum) verified protocolA protocol that has a proof or other formal argument of security associated with it. x.509 certificateA format in which certificate authorities package their claims about name to key bindings. zero-knowledge proofA cryptographic proof that makes assertions on secret values without revealing them.