CSC246 Test 3

security,The defense of a system from external and internal attacks. Such attacks include viruses and worms, denial-of-service attacks, identity theft, and theft of service.

breach of confidentiality,This type of violation involves unauthorized reading of data (or theft of information). Typically, a breach of confidentiality is the goal of an intruder. Capturing secret data from a system or a data stream, such as credit-card information or identity information for identity theft, or unreleased movies or scripts, can result directly in money for the intruder and embarrassment for the hacked institution

breach of integrity,This violation involves unauthorized modification of data. Such attacks can, for example, result in passing of liability to an innocent party or modification of the source code of an important commercial or open-source application.

Breach of availability,This violation involves unauthorized destruction of data. Some attackers would rather wreak havoc and get status or bragging rights than gain financially. Website defacement is a common example of this type of security breach.

Theft of service,This violation involves unauthorized use of resources. For example, an intruder (or intrusion program) may install a daemon on a system that acts as a file server.

Denial of service,This violation involves preventing legitimate use of the system

Masquerading,A practice in which a participant in a communication pretends to be someone else (another host or another person).

replay attack,The malicious or fraudulent repetition of a valid transmission.

man-in-the-middle attack,An attack in which the attacker sits in the middle of the data flow of a communication, masquerading as the sender to the receiver and vice versa

session hijacking,The interception of a communication.

privilege escalation Trojan horse,trojan horse virus that escalates the permissions that the attacker has on the computer

logic bomb,A remote-access tool designed to operate only when a specific set of logical conditions is met.

attack surface,The sum of the methods available to attack a system (e.g., all of the network ports that are open, plus physical access).

worm,A program that spreads malware between computers without intervention from humans.

port scanning,Using a program to remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports).

zombie system,Compromised systems that are being used by attackers without the owners' knowledge.

distributed denial of service attack,An attack from multiple sources (frequently a botnet of zombies) with the purpose of denying legitimate use of the attacked resource

block cipher,A cipher that works on blocks of data (rather than bits)

cipher block chaining,The result of encrypting one data is fed back into the process to encrypt the next block of data

stream cipher,An encryption method that encrypts data as a stream of bits or bytes. Compared to a block cipher.

asymmetric encryption,A cipher algorithm in which different keys are used for encryption and decryption

private key,In an asymmetric encryption algorithm, a key that must be kept private for use in authenticating, encrypting, and decrypting.

public key,In asymmetric encryption algorithm, a key that can be distributed for encrypting and decrypting.

secure hash function,Secure one-way hash functions (also known as message digest functions) are intended to provide proof of data integrity, by providing a verifiable fingerprint, or signature, of the data. A one-way hash function H operates on an arbitrary length input message M, returning h=H(M).

message digest,A small representation of a larger message. Message digests are used to ensure the authentication and integrity of information, not the confidentiality.

digital signature,The authenticator produced by a digital-signature algorithm

principle of least privilege,A design principle stating that every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.

object (with respect to protection),a thing you may want to use

protection domain,An abstraction for a collection of available access rights (essentially, a statement of all the stuff it's OK to do)

access right,The ability to execute an operation on an object.

static (association between process and domain),Process always stays in the same protection domain

dynamic (association between process and domain),process can change its protection domain as it runs.

access matrix,An abstract model of protection in which each row represents a domain, each column an object, and each entry a set of access rights

copy,copy the the all rights to another object

transfer,transfer current rights to another object

limited copy,copy everything to another object except the ability to copy

owner,can add/remove access for an object

control,decides who can switch to a given domain or revoke access

confinement problem,how can a process in the domain get access to an object, if it currently doesn't have the right access rights.

access list,Store permissions with object, store access matrix by column

capability list,stores permission with the domain, stores the access matrix by row

lock and key mechanism,list of keys for each domain, list of locks for each object, perform an operation if there is a match

revocation of access rights,In a dynamic protection system, we may sometimes need to revoke access rights to objects shared by different users.

language based protection,Protection by the language you are writing, public private but also bytecode verification

stack inspection (with respect to language-based protection),Looking at the stack to look for some code to take responsibility for a protected action. Who called the unprotected action

magnetic disk,A direct access storage device, with bits represented by magnetized areas.

platter,one of a stack of metal disks that store information in the hard drive

disk arm,An HDD component that holds the read write head and moves over cylinders of platters.

track,On an HDD platter, the medium that is under the read-write head during a rotation of the platter.

cylinder,On an HDD, the set of tracks under the read-write heads on all platters in the device.

sector,On an HDD platter, a fixed-size section of a track

transfer rate,The rate at which data moves from the disk to memory

seek time,the time it takes for a read/write head to move to a specific data track

rotational latency,The time necessary for the desired sector to rotate to the disk head

host controller,The I/O-managing processors within a computer (e.g., inside a host bus adapter).

disk controller,consists of a special-purpose chip and electronic circuits that control the transfer of data, instructions, and information from a disk to and from the system bus and other components in the computer

magnetic tape,A magnetic media storage device consisting of magnetic tape spooled on reels and passing over a read-write head. Used mostly for backups.

logical blocks,Logical addresses used to access blocks on storage devices

host-attached storage,Storage accessed through local I/O ports (directly attached to a computer, rather than across a network or SAN).

network attatched storage,Storage access over the network

storage-area network,Network dedicated to providing disk storage to other computers on the network.

FCFS,First come first serve for getting memory from the disk, request first, go to that sector first

SSTF,Shortest seek time first, find the one that will take the least time to get to next based on current location, could have starvation

SCAN,Disk head moves from one end of the disk to the other, performing I/O on its way. Once it hits the end of the disk, it reverses and continues, decent average time

C-SCAN,Disk head moves from one end of the disk to the other, performing I/O on its way. Once it hits the end of the disk, it goes back to the beginning without servicing an requests, providing more fair

LOOK,Disk head moves across the disk and stops the head after the last request is complete and then turns around (doesn't go to edge of cylinder).

C-LOOK,Disk head moves across the disk and stops the head after the last request is complete and then goes back to start without servicing requests (doesn't go to edge of cylinder).

low level formatting,A process (usually performed at the factory) that electronically creates the hard drive tracks and sectors and tests for bad spots on the disk surface.

sector sparing,The replacement of an unusable HDD sector with another sector at some other location on the device.

sector slipping,The renaming of sectors to avoid using a bad sector.

RAID,A disk organization technique in which two or more storage devices work together, usually with protection from device failure

redundancy in RAID,Storing extra information so that a disk can be rebuilt without data loss in the event of a failure.

mirroring,In storage, a type of RAID protection in which two physical devices contain the same content. If one device fails, the content can be read from the other

data striping,A fault-tolerance technique that breaks a unit of data into smaller segments and stores these segments on multiple disks.

bit level-striping,The splitting of data at the bit level, with each bit in a byte or word stored on a separate device.

block-level striping,blocks of a file are striped across multiple disks

hot spare,A fully configured and operational piece of backup equipment that can be swapped into a system with little to no interruption in functionality.

file attributes,The properties assigned to a file. Examples of file attributes are read-only and hidden status.

file name,Name assigned to each file for identification and locating purposes.

file type,format in which a file is stored

file location,A pointer to a device and to the location of a file on that device.

current file position pointer,Because a process is usually either reading from or writing to
a file, the current operation location can be kept as a per-process

shared lock,allows other users to read the locked resource, but they cannot update it. A file lock similar to a reader lock in that several processes can obtain the lock concurrently.

exclusive lock,A file lock similar to a writer lock in that only one process at a time can obtain the lock.

mandatory lock,

advisory lock,With mandatory locking, once a process acquires an exclusive lock, the operating system will prevent any other process from accessing the locked file

magic number,A crude method of storing a number at the start of a fi le to indicate the type of the data in the fi le.

sequential access,A file-access method in which contents are read in order, from beginning to end

direct access,A file-access method in which contents are read in random order, or at least not sequentially.

logical record,File contents logically designated as fixed-length structured data.

Tree-Structured Directory,This generalization allows users to create their own subdirectories and to organize their files accordingly. A tree is the most common directory structure. The tree has a root directory, and every file in the system has a unique path name.

acyclic-graph directory,In directory structure implementation, a structure that contains no cycles (loops), allows directories to be shared

general graph directory,Tree-structured directory that can contain cycles. The number of directories that will be searched can be limited to prevent a loop.

link,In file naming, a file that has no contents but rather points to another file

universe (for access to a file system object),All other users in system

file system,Determines the way an operating system stores files on disk.

linear list (directory implementation),A linear list of file names, easy to program but inefficient. Creating a new file requires searching the entire directory for name conflict. Searching is also linear time.

hash table (directory implementation),a linear list stores the directory entries, but a hash data structure is also used to store the files

contiguous allocation,requires that each file occupy a set of contiguous blocks
on the disk.

cluster (in file allocation),The usual solution to this problem is to collect blocks into multiples, called clusters