Refresher of Security Taxonomy

A list of basic terminologies frequently used with security & privacy related discussions/articles/research papers

  1. Principal : A legitimate actor of any system.

  2. Credential(s) : An artifact(s) to provide identity.

  3. Authentication : The process through which an identity is associated with some principal.

  4. Authorization : A set of rights/permissions which a principal possesses.

  5. Threat : A specific means by which an attacker can put a system at risk.

  6. Threat model : A collection of threats that is deemed important for a particular environment. It can also be thought as a collection of attacker(s) abilities.

  7. Vulnerability : A systematic artifact that exposes the user, data, or system to a threat. Vulnerabilities are also known as attack vectors which an adversary (bad guy(s)) use to compromise a system. Common sources of vulnerability could be bad software/hardware design, bad policy/configuration, system misuse etc.

  8. Attack : An occurrence where a vulnerability is exploited by an adversary. When an attack is successful, we call it as a compromise.

  9. Risk = Threat (Actors) + Vulnerability + Asset(s)

    explaining risk

  10. Trust : An expectation from a principal to act in an anticipated manner.

  11. Trust model : An explicit assessment of the trust embodied in a system.

  12. Security model : A combination of a trust and threat models that address the set of perceived risks along with security requirements.

  13. Confidentiality vs Privacy: Privacy applies to the person while confidentiality applies to the data (more here).

Sajid Rahman
Sajid Rahman
PhD Student

My research interests include software security & privacy engineering, deep learning, and human-centered computing.