Dynamic binding
Also known as run-time binding or late binding. Dynamic binding refers to the association of a message with a method during run time, as opposed to compile time. Dynamic binding means that a message can be sent to an object without prior knowledge of the object’s class.
Dynamic host configuration protocol (DHCP)
The protocol used to assign Internet Protocol (IP) addresses to all nodes on the network. DHCP allows network administrators to automate and control from a central position the assignment of IP address configurations. The DHCP server is required to log host-names or message authentication code addresses for all clients. DHCP cannot handle manual configurations where a portion of the network IP addresses needs to be excluded or reserved for severs, routers, firewalls, and administrator workstations. Therefore, the DHCP server should be timed to prevent unauthorized configurations.
Dynamic HTML
A collection of dynamic HTML technologies for generating the Web page contents on-the-fly. It uses the server-side scripts (e.g., CGI, ASP, JSP, PHP, and Perl) as well as the client-side scripts (e.g., JavaScript, JavaApplets, and Active- X controls).
Dynamic separation of duty (DSOD)
Separation of duties can be enforced dynamically (i.e., at access time), and the decision to grant access refers to the past access history (e.g., a cashier and an accountant are the same person but play only one role at a time). One type of DSOD is a two-person rule, which states that the first user to execute a two-person operation can be any authorized user, whereas the second user can be any authorized user different from the first. Another type of DSOD is a history-based separation of duty, which states that the same subject (role) cannot access the same object for variable number of times. Popular DSOD policies are the Workflow and Chinese wall policies.
Dynamic subsystem
A subsystem that is not continually present during the execution phase of an information system. Service-oriented architectures and cloud computing architectures are examples of architectures that employ dynamic subsystems.
Dynamic Web documents
Dynamic Web documents (pages) are written in CGI, PHP, JSP, ASP, JavaScript, and Active-X Controls.
E
E2E
Exchange-to-exchange (E2E) is an e-commerce model in which electronic exchanges formally connect to one another for the purpose of exchanging information (e.g., stockbrokers/dealers with stock markets and vice versa).
Easter egg
An Easter egg is hidden functionality within an application program, which becomes activated when an undocumented, and often convoluted, set of commands and keystrokes are entered. Easter eggs are typically used to display the credits given for the application development team and are intended to be nonthreatening.
Eavesdropping
(1) Passively monitoring network communications for data and authentication credentials. (2) The unauthorized interception of information-bearing emanations through the use of methods other than wiretapping. (3) A passive attack in which an attacker listens to a private communication. The best way to thwart this attack is by making it very difficult for the attacker to make any sense of the communication by encrypting all messages. Also known as packet snarfing.
E-business patterns
Patterns for e-business are a group of proven reusable assets that can be used to increase the speed of developing and deploying net-centric applications, like Web-based applications.
Education (information security)
Education integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge and strives to produce IT security specialists and professionals capable of vision and proactive response.
Egress filtering
(1) Filtering of outgoing network traffic. (2) Blocking outgoing packets that should not exit a network. (3) The process of blocking outgoing packets that use obviously false Internet Protocol (IP) addresses, such as source addresses from internal networks.
El Gamal algorithm
A signature scheme derived from a modification of exponentiation ciphers. Exponentiation is a mathematical process where one number is raised to some power.
Electromagnetic emanation attack
An intelligence-bearing signal, which, if intercepted and analyzed, potentially discloses the information that is transmitted, received, handled, or otherwise processed by any information-processing equipment.
Electromagnetic emanations (EME)
Signals transmitted as radiation through the air and through conductors.
Electromagnetic interference
An electromagnetic disturbance that interrupts, obstructs, or otherwise degrades or limits the effective performance of electronic or electrical equipment.
Electronic auction (e-auction)
Auctions conducted online in which (1) a seller invites consecutive bids from multiple buyers and the bidding price either increases or decreases sequentially (forward auction), (2) a buyer invites bids and multiple sellers respond with the price reduced sequentially, and the lowest bid wins (backward or reverse auction), (3) multiple buyers propose biding prices and multiple sellers respond with asking prices simultaneously and both prices are matched based on the quantities of items on both sides (double auction) and (4) sellers and buyers interact in one industry or for one commodity (vertical auction). Prices are determined dynamically through the bidding process. Usually, negotiations and bargaining power can take place between one buyer and one seller due to supply and demand. Reverse auction is practiced in B2B or G2B e-commerce. Limitations of e-auctions include minimal security for C2C auctions (i.e., no encryption), possibility of fraud (i.e., defective products), and limited buyer participation in terms of invitation only or open to dealers only. B2B auctions are secure due to use of private lines.
Electronic authentication
The process of establishing confidence in user identities electronically presented to an information system.
Electronic business XML (ebXML)
Sponsored by UN/CEFACT and OASIS, a modular suite of specifications that enable enterprises of any size and in any geographical location to perform business-to-business (B2B) transactions using XML.
Electronic commerce (EC)
Using information technology to conduct the business functions such as electronic payments and document interchange. It is the process of buying, selling, or exchanging products, services, or information via computer networks. EC models include B2B, B2B2C, B2C, B2E, C2B, C2C, and E2E. EC security risks arising from technical threats include DoS, zombies, phishing, Web server and Web page hijacking, botnets, and malicious code (e.g., viruses, worms, and Trojan horses) and nontechnical threats include pretexting and social engineering.
Electronic credentials
Digital documents used in authentication that bind an identity or an attribute to a subscriber’s token.
Electronic data interchange (EDI) system
The electronic transfer of specially formatted standard business documents (e.g., purchase orders, shipment instructions, invoices, payments, and confirmations) sent between business partners. EDI is a direct computer-to-computer exchange between two organizations, and it can use either a value-added network (VAN-EDI) or the Internet (Web-EDI) with XML standards.
Electronic evidence
Information and data of investigative value that is stored on or transmitted by an electronic device.