Glossary
29 terms.
Each term has a DefinedTerm schema marker, an authoritative-sources block, and cross-links to related terms. Page-level .md mirrors available for AI-agent fetch.
AI/ML Security
-
Prompt injection
Prompt injection is a class of attack against systems using large language models (LLMs), where an attacker crafts input that overrides the model's intended instructions and causes it to take attacker-controlled actions. The attack exploits the fact that LLM-based systems treat all text input — including data fetched from external sources — as semantically equivalent to instructions.
-
OWASP LLM Top 10
The OWASP Top 10 for Large Language Model Applications (OWASP LLM Top 10) is a community-maintained list of the most critical security risks in LLM-powered applications. Published by the OWASP Foundation and updated annually, the current edition (v2025) lists prompt injection, sensitive information disclosure, supply chain, data and model poisoning, improper output handling, excessive agency, system-prompt leakage, vector and embedding weaknesses, misinformation, and unbounded consumption.
Automotive
-
CAN bus
CAN bus (Controller Area Network) is a serial communication protocol designed for in-vehicle Electronic Control Unit (ECU) communication. It allows multiple ECUs — engine, transmission, brakes, infotainment — to exchange messages on a shared two-wire bus without a central host.
-
OBD-II
OBD-II (On-Board Diagnostics II) is the standardized diagnostic interface required on light-duty vehicles sold in most international markets. It exposes the vehicle's diagnostic protocol — typically over a CAN bus — through a physical 16-pin connector accessible from the driver's footwell.
-
ECU
ECU (Electronic Control Unit) is the umbrella term for an embedded computing module in a vehicle that controls one or more vehicle subsystems. Modern vehicles contain 50-150 ECUs networked together via [CAN bus](/knowledge/glossary/can-bus/), CAN-FD, automotive Ethernet, or specialized buses.
-
TARA
TARA (Threat Analysis & Risk Assessment) is the structured risk analysis method specified by ISO/SAE 21434 for automotive cybersecurity engineering. It identifies damage scenarios, threat scenarios, and risk values for each in-scope asset of a vehicle system.
Automotive Protocol
Automotive Standards
-
ISO/SAE 21434
ISO/SAE 21434:2021 is the international standard for cybersecurity engineering of road vehicles. It defines the activities, dependencies, and information required for cybersecurity throughout the vehicle lifecycle — from concept through production, operation, maintenance, and decommissioning.
-
UN-R 155
UN-R 155 (UN Regulation No. 155) is the United Nations regulation that mandates a Cybersecurity Management System (CSMS) for new vehicle type approvals. Adopted in 2020 and mandatory in the European Union and many other regulatory regimes since 2024, it transforms automotive cybersecurity from a recommended practice into a regulatory requirement.
China Compliance
-
MLPS (等保 2.0)
MLPS (Multi-Level Protection Scheme), also known as 等保 2.0 (děngbǎo), is the People's Republic of China's mandatory cybersecurity classification framework for information systems. It assigns systems to one of five protection levels (L1 through L5) based on the system's importance and the potential damage from compromise.
-
PIPL
PIPL (Personal Information Protection Law, 个人信息保护法) is the People's Republic of China's comprehensive personal data protection law, enacted in 2021 and effective November 1, 2021. It establishes legal bases for processing personal information, data subject rights, and cross-border transfer requirements applicable to organizations processing personal information of individuals located in mainland China.
-
DSL
DSL (Data Security Law, 数据安全法) is the People's Republic of China's data security framework, enacted in 2021 and effective September 1, 2021. It establishes a data classification regime — including the "Important Data" (重要数据) category — and imposes security obligations on data processing activities based on classification level.
-
CII
CII (Critical Information Infrastructure, 关键信息基础设施) is a classification under the People's Republic of China's Cybersecurity Law (CSL) for information systems whose destruction or compromise would seriously harm national security, livelihood, or public interest. Designation as CII triggers the strictest cybersecurity, data-localization, and oversight requirements in China's regulatory framework.
Embedded OS
-
Embedded Linux
Embedded Linux is the use of the Linux kernel and a customized userspace as the operating system for an embedded device — IoT gateways, industrial controllers, automotive infotainment systems, robotics platforms, and consumer-grade network equipment. Common build systems include Yocto Project, Buildroot, and OpenWrt.
-
FreeRTOS
FreeRTOS is an open-source real-time operating system kernel for microcontrollers and small microprocessors. Maintained by Amazon Web Services since 2017, it is one of the most widely deployed RTOS choices in connected IoT devices that do not have the resources to run [Embedded Linux](/knowledge/glossary/embedded-linux/).
Hardware Security
-
TrustZone
ARM TrustZone is a hardware security architecture that partitions a system-on-chip into two execution worlds — a Secure World and a Normal World — with hardware-enforced isolation. It is present on most modern ARM Cortex-A application processors and on selected Cortex-M microcontrollers (Cortex-M23, M33, M55, M85).
-
Secure boot
Secure boot is the cryptographic verification of firmware or operating-system images by the platform before they are allowed to execute, anchored in an immutable hardware root of trust. The goal is to prevent execution of unauthorized or tampered software — including persistent malware that survives reflashing or reboot.
IoT Protocols
-
MQTT
MQTT (Message Queuing Telemetry Transport) is a lightweight publish-subscribe messaging protocol designed for constrained devices and low-bandwidth networks. Standardized as ISO/IEC 20922 (current version MQTT 5.0), it is the most widely deployed IoT messaging protocol.
-
CoAP
CoAP (Constrained Application Protocol) is a specialized web transfer protocol designed for constrained nodes and constrained networks in the Internet of Things. Standardized as RFC 7252 with extensions, it provides a UDP-based REST-equivalent API for IoT devices that cannot support HTTP.
-
LWM2M
LWM2M (Lightweight Machine-to-Machine) is a device-management protocol standardized by the Open Mobile Alliance (OMA) for IoT device management over constrained networks. It runs on top of [CoAP](/knowledge/glossary/coap/) and provides a structured object model for device monitoring, firmware-over-the-air updates, and configuration management.
Robotics
Robotics Security
-
SROS2
SROS2 (Secure Robot Operating System 2) is the security extension for ROS 2 that adds authentication, access control, and encryption to inter-node communication. Built on the DDS Security specification (OMG DDS-SECURITY 1.1), SROS2 provides the security plumbing that the base ROS 2 framework deliberately omits to keep core operation lightweight.
-
RTPS
RTPS (Real-Time Publish-Subscribe Protocol) is the wire-level protocol that implements the DDS communication model. Standardized by the OMG as DDS-RTPS, it defines how DDS endpoints discover each other, exchange topic data, and signal liveness — typically over UDP multicast and unicast.
-
DDS
DDS (Data Distribution Service) is the OMG-standardized publish-subscribe middleware specification used in real-time and embedded systems including robotics ([ROS2](/knowledge/glossary/ros2/)), defense, aerospace, and industrial control. It defines the data-centric model, Quality-of-Service contracts, and discovery semantics above the wire-level [RTPS](/knowledge/glossary/rtps/) protocol.
Supply Chain Security
Vulnerability Scoring
Vulnerability Taxonomies
-
CVE
CVE (Common Vulnerabilities and Exposures) is the public identifier system for publicly disclosed cybersecurity vulnerabilities. Maintained by the MITRE Corporation and funded by CISA, each CVE entry assigns a unique identifier in the format `CVE-YYYY-NNNNN` to a specific vulnerability in a specific product.
-
CVSS
CVSS (Common Vulnerability Scoring System) is the industry-standard scoring framework for assessing the severity of software vulnerabilities. Maintained by FIRST.org, the current version is CVSS 4.0 (published 2023) with CVSS 3.1 still widely used in legacy advisory databases.
-
CWE
CWE (Common Weakness Enumeration) is the community-developed catalog of software and hardware weakness types. Maintained by MITRE, CWE provides a hierarchical taxonomy that classifies the **kind** of flaw underlying a vulnerability — for example CWE-79 (Cross-Site Scripting), CWE-89 (SQL Injection), CWE-787 (Out-of-Bounds Write).