Security in Computing, 4th Edition

4.7. Terms and Concepts

executive, 189

monitor, 190

multiprogrammed system, 190

protected object, 190

sharable I/O device, 190

serially reusable I/O device, 190

physical separation, 191

temporal separation, 191

logical separation, 191

cryptographic separation, 192

isolation, 192

memory protection, 193

fence register, 193

relocation, 194

base/bounds registers, 195

tagged memory architecture, 197

segmentation, 199

segment address table, 199

segment address translation, 199

paging, 202

page frame, 202

page address translation, 202

paged segmentation, 203

directory, 205

revocation of access, 206

access control list, 208

usergroupworld protection, 209

access control matrix, 210

wildcard designation, 210

capability, 210

domain, 211

local name space, 211

Kerberos, 213

authentication server, 213

ticket-granter server, 213

key distribution center, 213

procedure-oriented access control, 214

role-based access control, 214

file protection, 215

shared file, 215

persistent permission, 218

temporary access permission, 218

set userid permission, 218

per-object protection, 219

per-subject protection, 219

user authentication by something you know, 219

user authentication by something you have, 219

user authentication by something you are, 219

password, 221

password response, 222

multifactor authentication, 222

two-factor authentication, 222

exhaustive attack on password, 223

brute force attack on password, 223

probable password, 224

likely password, 224

social engineer attack, 230

one-time password, 231

challengeresponse system, 231

single sign-on, 232

login impersonation, 233

biometric authentication, 234