SharedVocabulary

access control A security control ensuring that only authorised parties may perform actions, such as reading or writing resources.

accountability The property by which a misbehaving entity may be detected, and held to account or punished for its actions.

active disruption An attack that involves actively injecting malformed or other malicious information to violate the security properties of a system.

adversarial behaviour Behaviour, either active or passive, that aims to violate the security properties of the system.

adversary An entity that aims to violate the security properties or interrupt the operation of the system.

analog A system that processes input signals as continuously variable quantities.

anonymity The property by which an entity or action cannot be linked to a long-term name or identifier.

anonymous channel A channel that ensures the sender or receiver of messages, or the initiator or server of the communication remains anonymous.

anonymous messaging A messaging system that offers senders or receivers of messages anonymity.

anonymous publishing A system allowing publishers of resources to remain anonymous, or readers of such material to remain anonymous.

application lifecycle The full set of activities from design through to development, testing, deployment, configuration, maintenance and decommissioning of software.

application platform A software system offering facilities for writing higher level application software. For example, an operating system, a browser or a generic web-server.

architecture The manner in which different software design elements are combined and connected to engineer a larger system.

attack An activity that aims to violate the security properties or availability of a system.

attack surface All the components that the adversary may access and influence, that could lead to successfully attacking the system.

auditor An entity that reviews the actions of another entity to ensure it has performed its operations correctly.

autopoiesis A system that maintains its own structure (Maturana).

authority An entity that may take actions independently of, and un-coerced by, other entities.

availability A security property that ensures the system can provide functionality despite the actions of an adversary.

backbone The part of the wide-area network that connects disparate networks to provide long range communications.

blacklist The activity of registering misbehaving identities and ensuring they are barred from using the system in the future.

blockchain A high-integrity append-only datastructure on which Bitcoin is based.

broadcast Sending of a message to all other parties in the network.

byzantine fault tolerance The ability of a distributed system to maintain consistency despite adversarial entities.

capabilities The potential for a being to act in the world. Also called "capacities" or "affordances. " censorship resistance The security property that guarantees that material may be published and accessed despite the actions of an adversary, behaving as a censor, attempting to block or alter it.

central clock A common reference for time or ordering that may assist in building consistent distributed systems.

centralised A system that relies on a single authority or single component to offer its properties.

centralised directory A central service offering a list and mapping between names and their properties, such as addresses and keys.

certificate authority A trusted entity that certifies the mapping between names and public keys, in the form of a certificate, to facilitate authentic secure communications.

churn The phenomenon in decentralized networks by which nodes constantly come on- and off-line.

circumvention mechanism A security mechanism allowing communication across attempts to block it, for example by a national firewall.

claim A signed statement by an authority attesting that an entity has an attribute.

client The software agent used by a user.

client-server architecture The common Internet service architecture by which a user client connects to a service provider.

cloud computing A distributed, but not decentralized, service architecture based on running Internet services in large data centers.

code The language in which software is written.

coercion An attack by which an adversary forces an otherwise honest party to collude into violating some security assumption.

cognition A process that refers to memory, language, or attention collective intelligenceThe intelligence exhibited by a system composed of multiple distinct entities, where the system is autopoietic. (Halpin) command and controlT he mechanism by which a system or network is controlled, usually centrally.

component failure A single technical component or entity behaving arbitrarily, but usually not maliciously.

compromised An entity that is entirely under the observation and control of the adversary.

confidentiality The family of security properties relating to keeping information secret from adversaries.

cooperation Every entity is expected to follow the same rules in the system depending on its roles. In the early internet this was feasible since anyone working on the Internet shared the same motivation: to maximize efficiency and optimize the system technologically to build a reliable, efficient, and powerful network, although it may not be the case today or in the future.

cooperative An entity that takes actions that benefit the system as a whole, as opposed to operating in a selfish manner.

corrupt insider An entity with some legitimate authority within the system, that is under the control of the adversary.

cover traffic Network traffic that is used as part of a security mechanism to obscure the meta-data of genuine traffic.

covertness The security property involving obscuring that a user's actions are taking place.

CPU cycle The unit of computation on modern central processing units. %CPU? cryptographic proof A piece of information generated by a prover to convince a verifier of a statement.

cryptographic protocol A directive for a sequence of messages exchanged by two or more parties that are part of a cryptographic protection mechanism achieving specific security properties.

cryptography The mathematical discipline dealing with building techniques that protect secrecy and integrity.

darknet An overlay network that is somehow hidden from view and can be accessed using specialized software. In some social and popular parlance, this is confused with any "illegal" activity on the Internet, although the activity on darknets may be legal data collection The set of operations that data is subject to in a system, including the visibility of the data for each user. See "privacy. " In Europe, enforced by Data Protection rules.

decentralized A distributed system involving multiple entities with separate authorities. This kind of architecture may not only apply to technical systems but an entire class of phenomena ranging from the biological to the social systems, and how they are intertwined with technical architectures, including issues of governance, management, cooperation, not as separate, “juxtaposed” phenomena, but as they are embedded in the architecture itself.

denial-of-service An attack that attempts to degrade the availability properties of a system.

deployments The actual use of a software system by users, as compared to its specification, design or engineering.

dev-ops The discipline that combines the development of software with aspects of its operation such as deployment, configuration management and monitoring.

device independence The property of a service that allows its users to seamlessly use it from multiple different and new devices.

digital A system that processes digital signals generated by digital modulation. Electronic devices such as computers and mobile phones are digital systems.

digital studies The study of the digital in the widest sense, not just with a focus on the humanities as in "digital humanities. " differential privacy A security property of the system ensuring that decisions and information are not overly dependent on single user records, therefore protecting their privacy.

distributed A property of a technical system by which multiple hardware elements are combined through networking to build a larger system.

distributed hash table A peer-to-peer system that assigns peers fixed addressing identifiers in such a way that efficient routing is achieved.

distributed ledger A distributed system that provides a high-integrity ledger.

diversity A feature of a network containing elements with different capabilities.

ecological diversity A security mechanism using different software and hardware components to reduce correlated failures.

efficiency The effective use of resources towards achieving an engineering goal, without waste.

encrypted flow A bidirectional sequence of messages protected through cryptographic techniques.

encryption A cryptographic security mechanism that achieves confidentiality.

end-point The receiver of a message or a sender. Often neglected in security models, it may be the user's client or computer.

energy efficient A system that can operate under strict energy constraints.

*entity A discrete part of a system that can be functionally separated.

entropy A measurement of randomeness. A system that is completely random has maximum entropy. Necessary for key generation in terms of encryption.

ephemeral key A cryptographic key that is only used for a short window of time, and securely deleted afterwards.

epistemology The study of what can be known. This is usually consider smaller than what exists, i. e. ontology.

everyday engineering Underlines the need to understand ‘how things are done’ in daily engineering practice: the negotiation work and organizational politics subtending engineering, i. e. how the creation process by engineers exists in close relation to the social, and how design decisions are more often than not based, in addition to technical data, on other dynamics (Dominique Vinck) extended mind The theory that cognition can be extended into the world and outside the barriers of an individual like the brain or skin. (Andy Clark) federated A system that is composed of interconnected providers serving users.

fork A split in a software project or other common infrastructure, often led by a fork in the community itself.

freshness A property of keys or nonces, which ensures that they have not been replayed from past information.

global passive adversaryAn adversary that may observe all messages in the network.

gossip A routing protocol by which messages are passed on to neighbouring nodes without any directed routing.

governance The set of decision-making processes, the ensemble of procedures that frame the choices subtending the organizational design of systems, including technical, legal and value-sharing choices. This includes how governance of the system is created/maintained and how the system copes with crisis.

group key agreement A cryptographic protocol that leads participants to sharing a secret key.

group secure communications A cryptographic protocol that allows participants to exchange protected messages.

group signature An unforgeable signature that does not divulge who, out of a defined set, was the signer.

hardening Engineering a system to resist certain classes of attacks.

heterogeneity see `diversity'.

high-availability A property of the system that ensures minimal down time.

incentive A reason for an entity to behave in a certain, usually desirable, fashion.

inconsistency The state of a system in which a contradiction exists in the information considered authoritative by one or more nodes.

indexing Algorithms for processing data to allow for efficient search.

individuation The process by which a being becomes an individual with capacities (Simondon)
information dispersion code A technique allowing information to be split into smaller fragments and reconstructed through a subset of them.

infrastructure A system that is used by others to provide one or more services necessary for higher level applications.

integrity The property by which a system state is not affected by the adversary.

IP address space The space of names for machines interconnected through the Internet.

load balancing The process by which incoming requests are distributed across different machines to avoid any of them being overloaded.

key A number used in encryption and decryption. If private, it should be kept secret and should be randomly generated from a high entropy source.

locality The practice of keeping information or processing close to each other or the users.

location-based service A service the customises its outputs by the location of the user.

low-latency A property of systems with human-unnoticeable delays when sending a message to its recipient. %a few time replaced with human unnoticeable delays malicious insiderAn entity that has some legitimate authority in the system, but is also controlled by the adversary. %also corrupt insider mass surveillanceAn attack that involves the mass and indiscriminate collection and possibly processing of data.

mechanism design The economic discipline that creates systems in which honest parties have incentives to behave truthfully and cooperatively.

mesh network A network in which nodes are connected to each other physically to allow for wide-area routing.

meta-data All data about a communication that are not its content.

metaphysics The fundamental assumptions around time and space that shape possible ontologies.

middle box A network element that transparently processes flows of traffic.

mix system A security mechanism that offers communication anonymity.

mobile A network user that physically moves. %or across networks? mobile code Software that is delivered dynamically across the network.

national firewall A network element, usually placed around the inter-networks of a national state, that allows it to control and block access to parts of the outside network.

negentropy The process that characterizes life as it struggles against the energy dissipation and disorganization that results (Schrödinger). The concept can be generalized to describe anything that tends to create the difference, choice or new, in a system developing in the direction of self-preservation or an improvement (Stiegler) nodeA peer or entity in the network. %participating machine rather than entity? node enumerationAn attack by which the attacker learns all other participants in the system.

non-colludingAn entity that does not collaborate with others to violate security properties.

onion routing A security mechanism delivering communication anonymity for interactive streams of traffic.

ontology The study of being, i. e. "what exists. " organology The study of all artifices (tools, machines, prosthetics, recording and communication devices) and their interrelation.

open system A system that anyone may join.

out-of-band communication A message that is transmitted outside the system considered.

outsourced computation A computation that is performed on behalf of the user by a remote service.

overlay network A network that uses another network for basic communications.

passive collection An attack technique involving only collection of information.

peer see `node' peer discovery A mechanism by which peers may discover other peers of interest to them.

pharmacology From the Greek word meaning both poison and medicine, means something that is simultaneously both positive and negative) and so must inform the politics and ethics of care within a larger historical context (Stiegler).

peer-to-peerA network in which all nodes are equal and may perform all functions.

phenomenologySubjective experience that cannot be measured easily by science, such as the feeling of "being there. " platform insecurity The issue that end user computing devices may be vulnerable to attacks.

plausible deniability The security property that ensures users of a system can deny allegations of having specific knowledge or having acted in a certain way.

poisoning An attack by which the adversary injects false information about a system state, for example into honest parties' routing tables.

principal see entity privacy The possibility for each user to know and master which operations involving his/her data is collected by third parties, and the balances of power and control that take shape as a result.

privacy system A system that supports one or more privacy properties.

private information retrieval A security mechanism that allows for querying records from a database without disclosing which record to anyone.

provider An entity within a possibly federated system that serves users. %federated hmmm proxy A network relay, possibly obscuring who is talking with whom.

pseudonymity The security property of associating another name to users that is stable over time for a system, yet conceals their real identity.

real-time A system that guarantees that certain properties will hold by a certain deadline.

reference monitorThe security component that is entrusted to decide and enforce access control. %hmmm reputation The deeds of an entity that make it more or less trustworthy to others. %content reputation? resilienceThe property of operating despite failures and attack.

revocable The ability to uncover the identity of an otherwise anonymous party. %hmmm rights Equal access to capabilities given by an institutional framework
root of trust The entity that is entrusted by all others.

routing The process by which messages are routed in a wide-area network to their ultimate destination.

routing decision The process by which a router decides where to send a message that is being routed.

routing table The information necessary to make routing decisions.

scalability The property of a system to handle more load as more machines are devoted to the task.

secure deletion The security property that ensures deleted information may not be recovered.

secure multi-party computationA security mechanism that allows for a computation to be executed privately over multiple entities.

security policy The statement of the properties that must hold in the secure system despite the attempts of a motivated strategic adversary to subvert them.

selfish A node that chooses between valid options to maximize their return with no regard for the welfare of the network.

sensor networkA mesh network of sensor nodes.

server A machine that runs a service and makes it available to users / clients.

serviceA computer software on a remote system that users may use.

share A piece of information that along with others may be used to reconstruct a secret.

smart contract A contract that is encoded in a computer language and triggers automatically when certain conditions are fulfilled.

social graph A graph of users and the relations between them.

social link A connection between two users that denotes a relationship of some kind.

software update A modification to software that fixes certain bugs or attacks, or adds new features.

structured peer-to-peer see `distributed hash table'.

super-node A peer that is entrusted with performing a wider function than other peers or that has many more connections.

sybil attack An attack by which an adversary tries to build multiple identities they control.

systemic failure A failure that is due to the fundamental way in which the system was put together.

telemetry Data sent back by an application with analytics of its actual behavior.

threshold cryptography Cryptographic techniques involving multiple parties, and that can tolerate a fraction of parties being corrupt.

tit-for-tat A strategy by which users reflect each other's positive actions and punish deviation.

toolchain A set of tools that facilitate the process of software creation.

traces Marks left in the world that can be detected. Often the term "digital traces" is used for data left by users.

traffic analysis The disciplines of extracting information out of communications meta-data.

transindividuation How the process of individuation can be effected by the larger society and technical artefacts.

transparent log A security system that guarantees all parties observe the same high-integrity data.

trust The construction of shared meanings among the actors concerned by the use of a specific system -- shared meanings on which they rely for subsequent operations on and by means of the technology.

trusted Technically, a component that, if controlled by the adversary, may violate the security properties of the system. In a general sense, a component whose behavior is predictable or expected according to shared meanings. % trusted party An entity that is trusted.

unobservability The security property ensuring that adversaries cannot determine whether an action has, or has not, taken place.

untrusted entity An entity, potentially centralized, that offers a service to others but is however not trusted, i. e. could fail without affecting the security properties of the system.

values in design The core hypothesis that architecture and design features may be systematically related to political, social, ethical values, such as security, privacy, and freedom. The goal of a VID approach is to identify, define and analyze these relationships, and in parallel, point out the ways in which law and policy normative systems interact with material technologies. This entails looking at values “from the ground up” -- observing how they become embodied in artefacts (Helen Nissenbaum).

verified protocol A protocol that has a proof or other formal argument of security associated with it.

x.509 certificate A format in which certificate authorities package their claims about name to key bindings.

zero-knowledge proof A cryptographic proof that makes assertions on secret values without revealing them.