3.7. Terms and Concepts program, 98 secure program, 99 fault, 100 program security flaw, 100 bug, 100 error, 100 failure, 100 penetrate and patch, 100 cyber attack, 101 buffer overflow, 103 incomplete mediation, 107 time-of-check to time-of-use, 109 malicious code, 113 rogue program, 114 virus, 114 agent, 114 transient virus, 114 resident virus, 114 Trojan horse, 116 logic bomb, 116 time bomb, 116 backdoor, 116 trapdoor, 116 worm, 116 rabbit, 116 appended virus, 118 document virus, 119 bootstrap load, 122 boot sector virus, 122 virus signature, 124 polymorphic virus, 128 encrypting virus, 128 Brain virus, 133 the Internet worm, 134 Code Red, 137 web bug, 139 unit test, 142 integration test, 142 error checking, 142 salami attack, 144 rootkit, 145 rootkit revealer, 146 privilege escalation, 147 interface illusion, 148 keystroke logger, 149 man-in-the-middle attack, 149 covert channel, 150 storage channel, 152 file-lock channel, 154 timing channel, 155 software engineering, 160 encapsulation, 161 information hiding, 161 modularity, 161 maintainability, 162 understandability, 163 reusability, 163 correctability, 163 testability, 163 coupling, 163 cohesion, 163 mutual suspicion, 164 confined program, 165 peer review, 165 program design, 165 inspection, 166 walk-through, 166 review, 166 egoless programming, 166 hazard analysis, 168 hazard/interoperability studies, 168 failure modes and effects analysis, 168 fault tree analysis, 168 unit test, 170 integraton test, 170 performance test, 170 regression test, 170 black-box test, 170 clear-box test, 170 independent test team, 172 penetration test, 172 passive fault detection, 172 active fault detection, 172 redundancy, 173 fault tolerance, 173 configuration management, 174 configuration identification, 175 conditional compilation, 175 configuration audit, 175 proof of program correctness, 177 program verification, 177 process standards, 180 configuration management standards, 180 security audit, 180 |