Chapter1Computing system计算系统Principle of easiest penetration最易渗透原则Hardware硬件Software软件Data数据Vulnerability脆弱性Threat攻击Attack威胁Control控制Interruption中断Interception截取Modification篡改Fabrication伪造Method方法Opportunity机会Motive动机Security secure安全措施Confidentiality保密性/机密性Integrity完整性Availability可用性Secrecy保密性Privacy私密性Configuration management配置管理Logic bomb逻辑炸弹Trojan horse特洛伊木马Virus病毒Trapdoor陷门Information leak信息泄露Principle of adequate protection适度保护原则Salami attack香肠攻击Replay重放Cracker破译者Prevention预防方法Deterrence障碍Deflection偏差Detection检测Recovery恢复Encryption加密Protocol协议Policy策略Procedure规程Physical control物理控制Principle of effectiveness有效性原则Overlapping control重叠控制Layered defense分层防御Principle of weakest link最弱环节原则Administrative control管理控制Chapter2Sender发送者Recipient接受者Transmission medium传输中介Interceptor截取者Intruder入侵者Encryption加密Decryption解密Encode编码Decode解码Encipher编密码Decipher译密码Cryptosystem密码体制Plaintext明文Ciphertext密文Algorithm算法Key密钥Symmetric对称的Asymmetric非对称的Keyless cipher无密钥密码Cryptography密码编码学Cryptanalyst密码分析学Cryptology密码学Break an encryption破译加密Substitution替换Transposition置换Substitution替换密码monoalphabetic substitution单字符替换法Simple substitution简单替换法Caesar cipher恺撒密码Permutation排列One-time pad一次性密码本Vigenere tableau维吉尼亚表Vernam cipher弗纳母密码Book cipher密码本Columnar Transposition列置换Digram双字母组Trigram三字母组Product cipher成绩密码Secure cryptographic system安全密码体制Amount of secrecy保密量Error propagation差错传播Authentication鉴别Key distribution密钥分配Key management密钥管理Stream cipher流密码Block cipher块密码Confusion混乱性Diffusion扩散性Ciphertext-only attack唯密文攻击Known plaintext attack已知明文攻击Probable plaintext attack可能明文攻击Chosen plaintext attack选择明文攻击Chosen ciphertext attack选择密文攻击Data Encryption Standard(DES)数据加密标准Data Encryption Algorithm-1数据加密算法-1 Double DES双重DESTriple DES三重DESDifferential cryptanalysis微分密码分析学Advanced Encryption Standard(AES)AES高级加密标准Rijndael一种对称加密算法Cycle or round循环Public key encryption公钥加密Asymmetric encryption system非对称密码体制Private key私钥Secret key密钥Rivest-Shamir-Adelman(RSA)algorithm一种非对称加密算法Cryptographic hash function密码哈希函数Message digest消息摘要Hash哈希Checksum检验和One-way function单向函数MD4,MD5两种消息摘要算法名称SHA/SHS安全哈希算法/安全哈希标准Chaining链接Key exchange密钥交换Digital signature数字签名Certificate证书Certificate authority(CA)证书管理中心Chapter3Program程序Secure program安全程序Fault故障Program security flaw程序安全漏洞Bug bugError错误Failure失败Penetrate and patch渗透和打补丁Cyber attack计算机攻击Buffer overflow缓冲区溢出Incomplete mediation不完全验证Time-of-check to time-of-use检查时刻到使用时刻Malicious code恶意代码Rogue program欺诈程序Virus病毒Agent代理Transient virus瞬时病毒Resident virus寄生病毒Trojan horse特洛伊木马Logic bomb逻辑炸弹Time bomb时间炸弹Backdoor后门Trapdoor陷门Worm蠕虫Rabbit野兔Appended virus挂接性病毒Document virus文档病毒Bootstrap load引导装在Boot sector virus引导区病毒Virus signature病毒特征Polymorphic virus多态性病毒Encrypting virus加密病毒Brain virus Brain病毒The Internet worm互联网蠕虫Code Red红色代码病毒Web bug网页bugUnit test单元测试Integration test集成测试Error checking错误检查Rootkit rootkitRootkit revealer Rootkit检测器Privilege escalation权限提升Interface illusion接口错误Keystroke logger键盘记录器Man-in-middle attack中间人攻击Covert channel隐蔽通道File-lock channel文件锁通道Storage channel储存通道Timing channel时间通道Software engineering软件工程Encapsulation封装Information hiding信息隐藏Modularity模块化Maintainability可维护性Understandability易理解性Reusability可重用性Correctability正确性Testability可测试性Coupling耦合Cohesion内聚Mutual suspicion相互猜疑Confined program限制程序Peer review对等复查Program design程序设计Inspection检查Walk-through走查法Review复查Egoless programming无我编程Hazard analysis危险性分析Hazard/interoperability studies危险/互操作性研究Failure modes and effects analysis失效模式和后果分析Fault tree analysis故障树分析Performance test性能检测Regression test衰减检测Black-box test黑盒检测Clear-box test白盒测试Independents test team独立测试小组Penetration test渗透测试Passive fault detection被动故障检测Active fault detection主动故障检测Redundancy冗余Fault tolerance错误容差Configuration management配置管理Configuration identification配置识别Conditional compilation条件编译Configuration audit配置审查Proof of program correctness程序正确性证明Program verification程序验证Process standard过程标准Configuration management standards配置管理标准Security audit安全审计Chapter4Executive执行器Monitor监控器Multiprogrammed system多道程序系统Protected object被保护对象Sharable I/O device可共享的I/O设备Serially reusable I/o device可连续重用的I/O设备Physical separation物理分离Temporal separation时间分离Logical separation逻辑分离Cryptographic separation密码分离Isolation隔离Memory protection内存保护Fence register界地址寄存器Relocation重定位Base/bounds registers基址/范围寄存器Tagged memory architecture标记内存结构Segmentation分段式Segment address table段地址表Segment address translation段地址转换Paging分页Page frame页帧Page address translation页地址转换Paged segmentation段页式Directory目录Revocation of access撤销访问Access control list访问控制列表User-group-world protection用户/组/全局保护Access control matrix访问控制矩阵Wildcard designation通配符指定Capability访问权能Domain域Local name space本地名字空间Kerberos KerberosAuthentication sever鉴别服务器Ticket-granter sever票据授权服务器Key distribution center密钥发布中心Procedure-oriented access control面向程序的访问控制Role-based access control基于角色的访问控制File protection文件保护Shared file共享文件Persistent permission持久许可Temporary access permission临时访问许可Set userid permission设置用户ID许可Per-object protection每个对象保护Per-subject protection每个主题保护User authentication by something you know依据用户知道的事情鉴别User authentication by somthing you have依据用户拥有的东西鉴别User authentication by somthing you are根据用户的身体特征鉴别Password口令Password response口令响应Multifactor authentication多因素鉴别Two-factor authentication两因素鉴别Exhaustive attack on password对口令的穷举攻击Brute force attack on password对口令的暴力攻击Probable password可能的口令Likely password很可能的口令Social engineer attack社会工程攻击One-time password一次性口令Challenge-response system质询响应系统Single sign-on单次登陆Login impersonation假扮演登陆界面Biometric authentication生物特征鉴别Chapter5Trust信任Trusted process可信进程Trusted product可信产品Trusted software可信软件Trusted computing base可信计算基Trusted system可信系统Security policy安全策略Military security policy军事安全策略Sensitivity level敏感等级Object对象Need-to-know rule须知原则Compartment分隔项Classification分类Clearance许可Dominance支配Subject主体Hierarchical security等级安全Nonhierarchial security非等级安全Clark-Wilson policy Clark-Wilson策略Well-formed transaction良构事务Constrained data item受约束数据项Transformation procedure转换规程Access triple访问三元组Separation of duty职责分离Chinese wall policy中国墙策略Lattice model格模型Bell-La Padula model Bell-La Padula模型Simple security property简单安全特性*-property*-特性Write-down下写Biba model Biba模型Simple integrity policy简单完整性策略Integrity*-property完整性*-特性Graham-Denning model Graham-Denning模型Harrison-Ruzzo-Ullman model Harrison-Ruzzo-Ullman模型Command命令Condition条件Primitive operation原语操作Protection system保护系统Take-grant system获取/授予系统Least privilege最少特权Economy of mechanism机制经济型Open design开放设计Complete mediation完全检查Permission-based access基于许可的访问Separation of privilege特权分离Least common mechanism最小公共机制Ease of use易用User authentication用户鉴别Memory protection内存保护Object access control对象访问控制Enforced sharing强制共享Fair service公平服务Interprocess communication进程间通信Synchronization同步Protected control data保护控制数据User identification and authentication用户识别和鉴别Mandatory access control强制访问控制Discretionary access control自主访问控制Object reuse对象重用Magnetic remanence磁记忆Trusted path可信路径Audit审计Accountability责任认定Audit log reduction审计日志精简Intrusion detection入侵检测Kernel内核Nucleus核Core核心Security kernel安全内核Reference monitor引用监视器Reference monitor properties：引用监视器特性：Tamperproof抗干扰Unbypassable不可绕过Analyzable可分析Trusted computing base(TCB)可信计算基Process activation进程激活Execution domain switching执行域转换Memory protection内存保护Virtualization虚拟化Virtual machine虚拟机Virtual memory虚拟内存Layering分层Hierarchically structured operation system层次结构的操作系统Assurance保证Flaw exploitation缺陷利用User interface processing flaw I/O处理缺陷Access ambiguity flaw访问二义性缺陷Incomplete mediation flaw不完全检查缺陷Generality flaw普遍性缺陷Time-of-check to time-of-use flaw检查时刻到使用时刻缺陷Testing测试Penetration testing渗透测试Tiger team analysis攻击队测试Ethical hacking黑客攻击Formal verification形式化验证Proof of correctness正确性证明Theorem prover定理证明器validation证实Requirements checking需求检查Design and code review设计和代码审查Module and system testing模块和系统测试Open source开放源代码Evaluation评估Orange Book(TCSEC)橙皮书(TESEC)D,C1,C2,B1,B2,B3,A1rating D,C1,C2,B1,B2,B3,A1等级German Green Book德国绿皮书Functionality class功能类Assurance level保证等级British evaluation criteria英国评估准则Claims language生命语言Action phrase行为短语Target phrase目标短语CLEF CLEFComparable evaluation可比较评估Transferable evaluation可转移评估ITSEC ITSECEffectiveness有效性Target of evaluation评估目标Security-enforcing function安全强制功能Mechanism机制Strength of mechanism机制强度Target evaluation level目标评估等级Suitability of functionality功能适宜性Binding of functionality功能绑定Combined Federal Criteria联合联邦准则Protection profile保护轮廓Security target安全目标Common Criteria通用准则Extensibility可扩展性Granularity粒度Speed速度Thoroughness全面Objectivity客观性Portability可移植性Emphatic assertion强调申明Chapter7Single point of failure单一故障点Resilience弹回Fault tolerance容错Server服务器Client客户机Node节点Host主机Link链路Workstation工作站Topology拓扑结构Network boundary网络周界Network ownership网络拥有关系Network control网络控制Digital数字Analog模拟Modem调制解调器Twisted pair双绞线Unshielded twisted pair无屏蔽双绞线Bandwidth带宽Coaxial cable同轴电缆Ethernet以太网Repeater中继器Amplifier放大器Optical fiber光纤Wireless LAN无线局域网802.11802.11协议标准Microwave微波Infrared红外线Satellite卫星Geosynchronous orbit覆盖范围Transponder地球同步轨道Footprint异频应答器Protocol协议Protocol stack协议栈ISO reference model ISO参考模型OSI model OSI模型Application layer应用层Presentation layer表示层Session layer会话层Transport layer传输层Network layer网络层Datalink layer数据链路层Physical layer物理层Peer对等层Router路由器Packet包Network interface card网络接口卡MAC address Mac地址Frame帧Session header会话头部Logical connection逻辑连接Sequencing排序TCP TCPIP IPUDP UDPPort端口SMTP SMTPHTTP HTTPFTP FTPSNMP SNMP IP address IP地址Domain域Top-level domain顶级域名Local area network局域网LAN LANWide area network广域网Internet Society互联网社会Anonymity匿名性Motivation for attack攻击的动机Challenge挑战Fame名声Money金钱Espionage间谍Organized crime组织犯罪Ideology意识形态Hactivism激进主义Cyberterrorism网络恐怖主义Reconnaissance侦察Intelligence情报收集Port scan端口扫描Social engineering社会工程学Fingerprinting指纹Eavesdrop偷听War driving战争驱动Passive wiretap被动窃听Active wiretap主动窃听Packet sniffer包嗅探器Inductance自感器Impedance阻抗Multiplexed signals多重信号Interception截取Theft of service骗取服务RFC(request for comments)请求注解Impersonation假冒Authentication鉴别Guessing authentication猜测鉴别Eavesdropping authentication偷听鉴别Avoiding authentication避开鉴别Nonexistent authentication不存在的鉴别Well-known authentication众所周知的鉴别Trusted authentication可信任鉴别Spoof欺骗Masquerade伪装Phishing钓鱼欺诈Session hijacking会话劫持Man-in-middle attack中间人攻击Misdelivery误传Message exposure消息暴露Interception侦听Traffic flow analysis流量分析Message falsification伪造消息Message replay重放消息Message fabrication编造消息Noise噪声Interference干涉Protocol flaw协议缺陷Web site defacement网站被黑Buffer overflow缓冲区溢出Dot-dot attack".."攻击Address resolution地址解析Application code attack应用代码攻击Server-side include服务端包含Denial-of-service attack拒绝服务攻击Transmission failure传输失败Connection flooding连接洪泛Echo响应Chargen索取Ping of death死亡之PingSmurf Smurf攻击Syn flood同步洪泛Teardrop attack teardrop攻击Distributed denial of service分布式拒绝服务Active code活动代码Mobile code移动代码Cookie脚本Escape-character attack ESC字符攻击Active server page活动服务器页Java code Java代码Sandbox沙漏Java virtual machine Java虚拟机Hostile applet有敌意的appletScript kiddie脚本小子Building block attack积木攻击Network segmentation网络分段Redundancy冗余Failover mode失效修复模式Link encryption链路加密End-to-end encryption端到端加密Virtual private network虚拟专有网络Encrypted tunnel加密隧道Certificate证书Certificate authority证书管理中心Transport layer security传输层安全性Security association安全关联Security parameter index安全参数索引Authentication header鉴别报头Encapsulated security payload封装的安全负载Signed code签名代码Content integrity内容完整Error detection错误检测Error correction code错误校正码Parity校验Even parity奇校验Odd parity偶校验Hash code哈希码Huffman code霍夫曼编码Cryptographic checksum密码校验和Message digest消息摘要Strong authentication强鉴别Password token口令令牌Challenge-response system质询-响应系统Digital Distributed Authentication分布式数字鉴别Ticket-granting server票据授权服务器Ticket票据Router ACL路由器ACLService Set Identifier服务区标识符Wired equivalent privacy无线等效保密Temporal Key Integrity Program暂时密钥集成程序Honeypot蜜罐Traffic flow security通信流量安全Onion routing洋葱型路由算法Firewall防火墙Reference monitor引用监视器Packet filtering gateway包过滤网关Screening router屏蔽路由器Stateful inspection状态检查Application proxy应用代理Bastion host保垒主机Guard门卫Personal firewall个人防火墙Layered protection分层保护Defense in depth纵深防御Intrusion detection system入侵检测系统Network-based IDS基于网络的IDSHost-based IDS基于主机的IDSSignature-based IDS基于签名的IDSAnomaly detection异常检测Heuristic intrusion detection启发式入侵检测Misuse detection误用检测Stealth mode秘密模式Scanner扫描仪IDS alarm IDS警告False positive漏报False negative误报Secure e-mail安全电子邮件Message confidentiality消息机密性Message integrity check消息完整性检查Sender authenticity发送者的真实性Sender nonrepudiation发送者的不可否认Key management密钥管理Key ring钥匙环。