@@ -273,58 +273,78 @@ The following referenced documents may be useful in implementing an ETSI deliver
## 3.1 Terms
This clause provides terms and definitions based on CEN/CLC JTC13 WG09's <ahref="#_ref_i.6">[i.6]</a> work on terms and definitions, terms and definitions provided by ETSI EN 303 645/TS 103 701 <ahref="#_ref_i.3">[i.3]</a> and by CEN/CLC EN 18031 <ahref="#_ref_i.5">[i.5]</a> series, and informed by terms used in the Common Criteria and the NIAP Operating System Protection Plan <ahref="#_ref_i.8">[i.8]</a>guide.
This clause provides terms and definitions based on CEN/CLC JTC13 WG09's <ahref="#_ref_i.6">[i.6]</a> work on terms and definitions, terms and definitions provided by ETSI EN 303 645/TS 103 701 <ahref="#_ref_i.3">[i.3]</a> and by CEN/CLC EN 18031 <ahref="#_ref_i.5">[i.5]</a> series, and informed by terms used in the Common Criteria <ahref="#_ref_i.7">[i.7]</a>and the NIAP Operating System Protection Plan <ahref="#_ref_i.8">[i.8]</a>guide.
For the purposes of the present document, the following terms apply:
**Operating System (OS):**Software products with digital elements that provide an abstract interface of the underlying hardware and control the execution of software, and that may provide services such as computing resource management and configuration, scheduling, input-output control, managing data, and providing an interface through which applications interact with system resources and peripherals. This category includes but is not limited to real-time operating systems, general-purpose and special-purpose operating systems.
**Operating System (OS):**software products with digital elements that provide an abstract interface of the underlying hardware and control the execution of software, and that may provide services such as computing resource management and configuration, scheduling, input-output control, managing data, and providing an interface through which applications interact with system resources and peripherals
**General Purpose Operating System:**A class of operating system designed to support a wide variety of workloads consisting of concurrent applications or services. Typical characteristics of this category include support for third-party applications, support for multiple users, and security separation between users and their respective resources. General Purpose Operating Systems lack the operational constraints which define Special Purpose Operating Systems and Real Time Operating System (RTOS) that are typically used in routers, switches, and embedded devices.
**General Purpose Operating System:** class of operating system designed to support a wide variety of workloads consisting of concurrent applications or services
**Application Programming Interface (API):** A specification of routines, data structures, object classes, and variables that allows an application to make use of services provided by another software component, such as a library. APIs are often provided for a set of libraries included with the platform.
> NOTE: Typical characteristics of this category include support for third-party applications, support for multiple users, and security separation between users and their respective resources. General Purpose Operating Systems lack the operational constraints which define Special Purpose Operating Systems and Real Time Operating System (RTOS) that are typically used in routers, switches, and embedded devices.
**System Call Interface:**A specification for the API between the application layer and the kernel or system layer.
**Application Programming Interface (API):** specification of routines, data structures, object classes, and variables that allows an application to make use of services provided by another software component, such as a library
**Input/Output:** The process or function for passing data to or from a given process over a specific interface. Such I/O interfaces include, but are not limited to, serial ports, network ports, long-term storage devices including hard drives and flash drives, as well as human-interface ports such as display and audio devices.
> NOTE: APIs are often provided for a set of libraries included with the platform.
**Common Criteria (CC):** Common Criteria for Information Technology Security Evaluation (International Standard ISO/IEC 15408).<ahref="#_ref_i.7">[i.7]</a>
**system call interface:** specification for the API between the application layer and the kernel or system layer
**Administrator:** An entity that is responsible for management activities, including setting policies that are applied by the enterprise on the operating system. This administrator could be acting remotely through a management server, from which the system receives configuration policies. An administrator can enforce settings on the system which cannot be overridden by non-administrator users.
**Input/Output (I/O):** process or function for passing data to or from a given process over a specific interface
**User:** An entity that is subject to configuration policies applied to the operating system by administrators. On some systems under certain configurations, a normal user can temporarily elevate privileges to that of an administrator. At that time, such a user should be considered an administrator.
> NOTE: Such I/O interfaces include, but are not limited to, serial ports, network ports, long-term storage devices including hard drives and flash drives, as well as human-interface ports such as display and audio devices.
**User Account:** An identity created in an operating system with associated access controls and privileges. Users may have multiple user accounts and user accounts may have multiple users.
**Common Criteria (CC):** Common Criteria for Information Technology Security Evaluation (International Standard ISO/IEC 15408) <ahref="#_ref_i.7">[i.7]</a>
**Threat Actor:**An entity that can adversely affect the system through malicious or unauthorized activities.
**administrator:** entity that is responsible for management activities, including setting policies that are applied by the enterprise on the operating system
**Application:** Software that runs on a platform and performs tasks on behalf of the user or owner of the platform, as well as its supporting documentation.
> NOTE: This administrator could be acting remotely through a management server, from which the system receives configuration policies. An administrator can enforce settings on the system which cannot be overridden by non-administrator users.
**Credential:** Data that establishes the identity of a user, e.g. a cryptographic key or password.
**user:** entity that is subject to configuration policies applied to the operating system by administrators
**Personally Identifiable Information (PII):** Any information about an individual maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and information which can be used to distinguish or trace an individual's identity, such as their name, government-issued identity numbers, date and place of birth, biometric records, etc., including any other personal information which is linked or linkable to an individual.
NOTE: On some systems under certain configurations, a normal user can temporarily elevate privileges to that of an administrator. At that time, such a user should be considered an administrator.
**Sensitive Data:** Sensitive data may include all user or enterprise data or may be specific application data such as PII, emails, messaging, documents, calendar items, and contacts. Sensitive data must minimally include credentials and keys.
**user account:** identity created in an operating system with associated access controls and privileges
**Data Execution Prevention:** An anti-exploitation feature of modern operating systems executing on modern computer hardware, which enforces a non-execute permission on pages of memory that are not code. This prevents pages of memory from containing both data and instructions, which makes it more difficult for an attacker to introduce and execute code.
> NOTE: Users may have multiple user accounts and user accounts may have multiple users.
**Non-writable Executable Memory:** An anti-exploitation feature of modern operating systems executing on modern computer hardware, which enforces a non-write permission on pages of memory that are code. This prevents modifying the instructions of running programs, which makes it more difficult for an attacker to introduce and execute code.
> FIXME: Better distinction of the agent acting through a user account and the user account.
**Credential:** Data that establishes the identity of a user, e.g. a cryptographic key or password.
**threat actor:** entity that can adversely affect the system through malicious or unauthorized activities
**Address Space Layout Randomization (ASLR):** An anti-exploitation feature which loads memory mappings into unpredictable locations. ASLR makes it more difficult for an attacker to redirect control to code that they have introduced into the address space of a process.
**application:** software that runs on a platform and performs tasks on behalf of the user or owner of the platform, as well as its supporting documentation
**Common Weakness Enumeration (CWE):** A community-developed list of software and hardware weaknesses that can become vulnerabilities. https://cwe.mitre.org/
**credential:** data that establishes the identity of a user, e.g. a cryptographic key or password
**Elevated Privilege:** A level of access that allows accessing or changing security-relevant configuration, data, or functions on a system.
**Personally Identifiable Information (PII):** any information about an individual maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and information which can be used to distinguish or trace an individual's identity, such as their name, government-issued identity numbers, date and place of birth, biometric records, etc., including any other personal information which is linked or linkable to an individual
**Command Shell:** A text-based interface allowing execution of system programs.
**sensitive data:** densitive data may include all user or enterprise data or may be specific application data such as PII, emails, messaging, documents, calendar items, contacts, credentials, and keys
**Process Isolation:** Techniques to prevent processes from accessing or changing each other's state.
**data execution prevention:** anti-exploitation feature of modern operating systems executing on modern computer hardware, which enforces a non-execute permission on pages of memory that are not code
**Attack Surface:** User interfaces, target protocol interfaces and reachable data paths that can be attacked within the system.
> NOTE: This prevents pages of memory from containing both data and instructions, which makes it more difficult for an attacker to introduce and execute code.
**Principle of Least Privilege:** Users, processes, and interfaces are granted only the minimum level of permission necessary to perform their legitimate functions, and nothing more.
**non-writable executable memory:** anti-exploitation feature of modern operating systems executing on modern computer hardware, which enforces a non-write permission on pages of memory that are code
> NOTE: This prevents modifying the instructions of running programs, which makes it more difficult for an attacker to introduce and execute code.
**credential:** data that establishes the identity of a user, e.g. a cryptographic key or password
**Address Space Layout Randomization (ASLR):** anti-exploitation feature which loads memory mappings into unpredictable locations
> NOTE: ASLR makes it more difficult for an attacker to redirect control to code that they have introduced into the address space of a process.
**Common Weakness Enumeration (CWE):** community-developed list of software and hardware weaknesses that can become vulnerabilities https://cwe.mitre.org/
**elevated privilege:** level of access that allows accessing or changing security-relevant configuration, data, or functions on a system
**command shell:** text-based interface allowing execution of system programs
**process isolation:** techniques to prevent processes from accessing or changing each other's state
**attack surface:** user interfaces, target protocol interfaces and reachable data paths that can be attacked from inside or outside the system
**principle of least privilege:** design principle requiring that users, processes, and interfaces are granted only the minimum level of permission necessary to perform their legitimate functions, and nothing more
