executive, 189
monitor, 190
multiprogrammed system, 190
protected object, 190
sharable I/O device, 190
serially reusable I/O device, 190
physical separation, 191
temporal separation, 191
logical separation, 191
cryptographic separation, 192
isolation, 192
memory protection, 193
fence register, 193
relocation, 194
base/bounds registers, 195
tagged memory architecture, 197
segmentation, 199
segment address table, 199
segment address translation, 199
paging, 202
page frame, 202
page address translation, 202
paged segmentation, 203
directory, 205
revocation of access, 206
access control list, 208
usergroupworld protection, 209
access control matrix, 210
wildcard designation, 210
capability, 210
domain, 211
local name space, 211
Kerberos, 213
authentication server, 213
ticket-granter server, 213
key distribution center, 213
procedure-oriented access control, 214
role-based access control, 214
file protection, 215
shared file, 215
persistent permission, 218
temporary access permission, 218
set userid permission, 218
per-object protection, 219
per-subject protection, 219
user authentication by something you know, 219
user authentication by something you have, 219
user authentication by something you are, 219
password, 221
password response, 222
multifactor authentication, 222
two-factor authentication, 222
exhaustive attack on password, 223
brute force attack on password, 223
probable password, 224
likely password, 224
social engineer attack, 230
one-time password, 231
challengeresponse system, 231
single sign-on, 232
login impersonation, 233
biometric authentication, 234