I (Security Glossary)

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

IIS

Software services that support website creation, configuration, and management, along with other Internet functions. Internet Information Services include Network News Transfer Protocol (NNTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP). IIS incorporates various functions for security, allows for CGI applications, and provides for Gopher and FTP servers.

impersonation

A mechanism that allows a server process to run by using the security credentials of the client or some other user using the credentials. When the server is impersonating the client, any operations performed by the server are performed by using the client's (impersonating user's) credentials. Impersonation does not allow the server to access remote resources on behalf of the client. This requires delegation.

impersonation token

An access token that has been created to capture the security information of a client process, allowing a server to "impersonate" the client process in security operations.

See also access token and primary token.

initialization vector

(IV) A sequence of random bytes appended to the front of the plaintext before encryption by a block cipher. Adding the initialization vector to the beginning of the plaintext eliminates the possibility of having the initial ciphertext block the same for any two messages. For example, if messages always start with a common header (a letterhead or "From" line) their initial ciphertext would always be the same, assuming that the same cryptographic algorithm and symmetric key was used. Adding a random initialization vector eliminates this from happening.

inner data

Any encoded data used as the message for another encoded message. For example, an enveloped message and its hash value may be the inner data for a second message.

inner content

Data that is enhanced, such as with a digital signature. This term is used primarily when discussing enhanced data in a PKCS #7 message.

integrity

The completeness and accuracy of a message after it has been sent or stored.

integrity SID

A security identifier (SID) that represents an integrity level. An integrity SID in the system access control list (SACL) of an object's security descriptor specifies the integrity level of the object. Integrity SIDs in an access token specify the integrity level of the token.

IRQL

An interrupt request level (IRQL) defines the hardware priority at which a processor operates at any given time. In the Windows Driver Model, a thread running at a low IRQL can be interrupted to run code at a higher IRQL.

IV

See initialization vector.