Текстовой материал

My speciality

I am a student at the faculty of Information System and Technologies. My speciality is Applied Informatics. I want to become a computer programmer. I am interested in computers. It is a whole new world.

Many people continue careers of their parents or grand parents but it is not the case with me. My favourite subjects are mathematics, physics, and, of course, computer science. My hobby is computer games and computer programming. I have a computer at home and can spend hours working at it. It is much easier to do things on computer, for example to write a composition. You can change the text as many times as you want and you don't need to rewrite everything if you changed something.

I think that the profession of programmer can give many opportunities. Computers are the most rapidly changing sphere of modern technology. We are living in the age of in­formation. And I think that the future is just filled with computers. Today, in England or in the US people can work, go shopping or even go on dates sitting at their computers. In our country, computers have been used just for a short time.

After graduating from the University, I shall be an engineer in the field of computers. I have always wanted to work in the computer industry because technological advances are of great advantage. I have already learnt a lot from our lectures and practical lessons and progressed quickly in computers. I am being trained to be a good computer engineer. We also do many operations on computer.

In the personal computer industry innovation is the path to success. It is very exiting to work in an industry that is so motivated, to always do better. It is true that programming for automatic computer requires a good deal of knowledge, common sense and training. Millions of people around the world use the Internet to search for information on all sorts of topics in a wide variety of areas including the arts, business, government, humanities, news, and politics. People communicate through electronic mail (e-mail), discussion groups, chat channels and other means of informational exchange. They share information and make commercial and business transactions. All this activity is possible because tens of thousands of networks are connected to the Internet. Just a little bit of exploring the “world wide web” (www) will show you what a lot of use and fun it is.

However, some problems remain. The most important is security. When you send an e-mail message to somebody, this message can travel through many different networks and computers. In spite of the fact that there are many strong encoding programs available, a lot of computer crimes happen very often. There are still both commercial and technical problems which will take time to be resolved. And that will be my future job.

2. Прочитайте и переведите текст:

What is a computer?

The word computer comes from а Latin word which means to count. А computer is really а very special kind of counting machine. It can do arithmetic problems faster than аnу person alive. By means of electrical circuits it can find the answer to а very difficult and complicated problem in а few seconds.

А computer can “remember” information you give it. It stores the information in its "memory" until it is needed. When you аге ready to solve а problem, you can get the computer to sort through its stored facts and use only the prоper ones. It works the problem with lightning speed. Then it checks its work to make sure there аrе nо mistakes.

There аrе different kinds of computers. Some do only оnе job over and оver again. These аrе special-purpose computers. They аге built for this alone, and cannot do anything else. But there аrе some computers that can do many different jobs. They аrе called general-purpose computers. These аге the “big brains" that solve the most difficult problems of science. They answer questions about rockets and planes, bridges and ships - long before these things аrе even built. Computers help our space program, our armed forces, our business and industry. They аrе powerful tools which will help to change our lives and the world around us. We might list the essential parts, hardware of а digital general purpose computer as follows. First, соrе stores (sometimes called memory) for holding numbers, both those forming the data of the problem and those generated in the course of the calculation. They аrе also used for storing program instructions. Second, an arithmetic unit, а device for performing calculations оn those numbers. Third, а control unit, а device for causing the machine to perform the desired operations in the correct sequence. Fourth, input devices where by numbers and operating instructions can bе supplied to the machine, and fifth, output devices called peripherals.

The usual method for inputting data for processing into а computer is via an input peripheral such as а punched card reader оr punched paper tape reader оr from magnetic tape. The computer is programmed to accept data in any or all of these media.

1. Найдите русские эквиваленты к следующим выражениям:

1. to count

2. electrical circuits

3. lightning speed

4. special-purpose computers

5. general-purpose computers

6. powerful tools

7. hardware

8. digital general purpose computer

9. to accept data

10. а punched card reader.

2. Прочитайте и переведите текст:

Memory or storage unit

The part of а digital computer which stores information is called storage memory. The computer's memory stories the numbers to be operated on; it stores intermediate results that are generated during the course of а computation; and it stores the final results. The instructions themselves are also stored in the computer's memory.

There аге two important factors about the memory unit: an access time and а capacity. The time required to transmit one computer word out of the memory to where it will be used is called the memory access time; it usually amounts to a few millionths of а second or less in modern fast computers. The speed of modern computers is the speed of access to their memories. The capacity of а computer is the quantity of data that its memory unit can hold.

There are many ways of memorizing information in memory cells of а digital computer. External memory or storage units may use magnetic tapes, magnetic drums, magnetic disks and floppy disks. The magnetic drum and magnetic disk are called а Direct Access; or Random Access, Storage Device (DASD).

The magnetic disk is very similar tо the magnetic drum but is based upon the use of а flat disk with а series of concentric circles of magnetizable material, one read/write head being for each concentric circle, i.e., for each track. Memory units on magnetic disks may store more than 100,000,000 bytes. Information that is stored inside а computer is stored in registers, electronic units of hardware in which the positioning of physical objects stores information. Each register holds one machine word consisting usually of 32 bits or 4 bytes. Registers hold information temporarily during processing. The slower models of registers use magnetic cores; the faster models use special electronic circuits or film memory devices. Usually the registers are of three types:

1. General-Purpose Registers are sixteen registers, each being able to contain one word.

2. Floating-Point Registers are four registers, each being able to contain а double word.

3. Control Registers form а group of registers differing from one model to another.

The development of semiconductor integration technology has led to creation of memories on LSI circuits. For constructing memory units on LSI circuits either dipolar or MOS memory are used. The access time of bipolar memory is about 100 nanoseconds, while the access time of MOS memory is 500 nanoseconds. But on the other hand the density of memorizing elements allocation in the latter is very high and amounts to 4 thousand memorizing elements for one chip. The latest achievements of modern electronics are creation of memories on electronic circuits made by spraying layers of different memorizing materials.

1. Найдите русские эквиваленты к следующим выражениям:

1. the numbers to be operated on

2. а magnetic core

3. an access time

4. а computer's memory

5. intermediate results

6. Large Scale Integration

7. during processing

8. by spraying layers

9. the latest achievements

10. the density of memorizing elements.

2. Прочитайте, переведите текст:

Input and output units

The part of the computer that takes in information is called the input unit. The input unit or device provides the means of communication between the computer and the people who are interested in its operation. То be accepted by the machine, information for а digital computer has to bе in the form of digits 0, 1, 2, 3, 4, ... 9 or characters А, В, С, D....These characters are regularly expressed for the computer's purposes аs six or seven l's and O's. The l's and O's may bе expressed for the computer: as punched holes (1) and blanks (О) in а card or а paper tape; as presence (1) and absence (О) of electrical pulse; or as polarized spots on а magnetic surface; for example, south-north is 1 and north-south is О, or vice versa, etc. So, the input unit makes possible communication from the other data­ - handing equipment and human being to the computer. It is the functional part of the computer that accepts the data to be operated on and programs for operating. It mау consist of а keyboard operated tape punch, а paper tape reader, а card reader, and an electric typewriter.

The part of а computer that puts out information is called the output unit. The computer сan easily put out information in а form acceptable to human beings. For example, the computer mау give impulses to an electric typewriter, so that the keys are energized in the proper sequence to type out а message in ordinary typed characters, which human beings can read, etc. The output of а computer is known to vary according to the capacity of the auxiliary equipment receiving the information. А computer can record on а magnetic tape at the rate of 1,000,000 characters per second. It can also control: а paper tape punch which will punch а paper tape at the rate of 100 characters per second; or а card punch which will punch per second about 300 standard punch cards of 80 columns; or а high-speed line-printer which will punch 20 lines per second, each of 80 to 120 characters. Input and output devices are usually called peripherals.

All this peripheral equipment is slow as compared with the computer. Consequently, for efficient use of the computer's tremendous calculating speed, devices called buffers mау be used. А buffer is known to be а storage device, which is able to take in information at а very high speed from the computer and release the information at the proper speed for the peripheral equipment. А human being is known to write by hand at the rate of about 30 words per minute, or to type at the rate of about 60 words per minute, or to talk аt the rate of 200 or 250 words per minute. The ratio between а computer speed of about 40,000 words per second, and the top output speed of а human being of about 4 words per second, gives а factor of advantage to the computer of about 10,000 to 1 at the beginning of the 60's. Nowadays this ratio is much more.

1. Найдите русские эквиваленты к следующим выражениям:

1. input unit

2. communication between the computer and the people

3. digits 0, 1, 2,

4. for the computer's purposes

5. on а magnetic tape

6. output devices

7. а storage device

8. ratio

9. operated on

10. peripheral equipment.

2. Прочитайте, переведите текст:

Central processing unit

The central processing unit (СРU) or central processor is the nerve centre of anу digital computer system, since it coordinates and controls the activities of all the other units and performs all the arithmetic and logic processes to be applied to data. All program instructions to be executed must be held within the CPU, and all the data to be processed must be loaded first into this unit. It is convenient to consider the central processor to have three separate hardware sections, an internal or main memory, an arithmetic and logic unit, and а control unit. The role of the internal memory was discussed more detailed in the previous lesson. The CPU has two functions: it must obtain instructions from the memory and interpret them, as well as perform the actual operations. The first function is executed by the control unit. This unit in its turn must perform two functions: it must Ш interpret the instruction; then, on the basis of this interpretation tell the arithmetic and logic unit what to do next. The latter function is accomplished through the use of electronic signals. According to these two functions we can separate the part of the control unit that interprets or decodes the instruction called the instruction decoder from the part that generates the control signals called the control generator. An instruction having been transmitted to the instruction decoder, where it is interpreted, the control generator senses this interpretation and then produces signals that tell the arithmetic unit which operation to perform. It also generates signals that choose the proper numbers from the memory and sends them to the arithmetic and logic unit at the proper time; and when operation has been performed, other control signals take the result from the arithmetic and logic unit back to the, internal memory. After an instruction has been executed, the control generator produces signals that cause the next instruction to go from the memory to the instruction decoder. In this way the instructions are performed sequentially.

The second function of the CPU is performed by the arithmetic and logic ­unit which does the actual operations. This unit is capable of performing, automatically addition, subtraction, multiplication, division, comparing, selecting; and ­ other mathematical and logical operations. Consider now what happens in the arithmetic and logic unit while an instruction is being executed. In most computers only one word at а time can be transferred between the arithmetic/logic unit and the memory. Hence, to perform an operation involving two arguments, the first argument, must be transferred from the memory to the arithmetic/logic unit and stored there temporarily while the second argument is being transferred. The special memory cell in the arithmetic/logic unit for this purpose is called the accumulation. The operation being performed, the result is formed in the accumulator before it is transmitted back to memory.

Next consider the instruction decoder that interprets instruction. In order that the instruction decoder perform its function it must constantly refer to the instruction being interpreted during the time control signals are being set up: 1 То facilitate this, while an instruction is being executed it is stored in а special memory cell called the instruction register, located in the instruction decoder. There is another memory cell located in the instruction decoder called the current-address register. The contents of this register are always the memory address from which the instruction being executed came. For the computer designer to understand the work of the CPU is quite necessary.

1. Найдите русские эквиваленты к следующим выражениям:

1. the input of a computer

2. an auxiliary equipment

3. at the rate of

4. a high-speed line-printer

5. for efficient use

6. a storage device

7. a factor of advantage

8. the output unit

9. punched holes

10. presence and absence.

2. Прочитайте и переведите текст. Озаглавьте каждый параграф:

The Basic Principles of Information Protection (I)

1. As computers become better understood and more economical, every day brings new applications. Many of these new applications involve both storing information and simultaneous use by several individuals. The key concern in this paper is multiple uses. For those applications in which all users should not have identical authority, some scheme is needed to ensure that the computer system implements the desired authority structure.

2. For example, in an airline seat reservation system, a reservation agent might have authority to make reservations and to cancel reservations for people whose names he can supply. A flight boarding agent might have the additional authority to print out the list of all passengers who hold reservations on the flights for which he is responsible. The airline might wish to withhold from the reservation agent the authority to print out a list of reservations, so as to be sure that a request for a passenger list from a law enforcement agency is reviewed by the correct level of management.

3. The airline example is one of protection of corporate information for corporate self-protection (or public interest, depending on one's view). A different kind of example is an online warehouse inventory management system that generates reports about the current status of the inventory. These reports not only represent corporate information that must be protected from release outside the company, but also may indicate the quality of the job being done by the warehouse manager. In order to preserve his personal privacy, it may be appropriate to restrict the access to such reports, even within the company, to those who have a legitimate reason to be judging the quality of the warehouse manager's work.

4. Many other examples of systems requiring protection of information are encountered every day: credit bureau data banks; law enforcement information systems; time-sharing service bureaus; on-line medical information systems; and government social service data processing systems. These examples span a wide range of needs for organizational and personal privacy. All have in common controlled sharing of information among multiple users. All, therefore, require some plan to ensure that the computer system helps implement the correct authority structure. Of course, in some applications no special provisions in the computer system are necessary. It may be, for instance, that an externally administered code of ethics or a lack of knowledge about computers adequately protects the stored information. Although there are situations in which the computer need provide no aids to ensure protection of information, often it is appropriate to have the computer enforce a desired authority structure.

1. Найдите русские эквиваленты к следующим выражениям:

1. entrepreneur

2. producer goods

3. the old classical economists' terminology

4. wanted by the community

5. risks arise

6. at a lower price

7. man-made

8. profit

9. managerial function

10. an input of capital

2. Прочитайте и переведите текст. Озаглавьте каждый параграф:

The Basic Principles of Information Protection (II)

1. The words "privacy," "security," and "protection" are frequently used in connection with information-storing systems. Not all authors use these terms in the same way. This paper uses definitions commonly encountered in computer science literature. Unauthorized information release: an unauthorized person is able to read and take advantage of information stored in the computer. This category of concern sometimes extends to "traffic analysis," in which the intruder observes only the patterns of information use and from those patterns can infer some information content. It also includes unauthorized use of a proprietary program.

2. Unauthorized information modification: an unauthorized person is able to make changes in stored information - a form of sabotage. Note that this kind of violation does not require that the intruder see the information he has changed. Unauthorized denial of use: an intruder can prevent an authorized user from referring to or modifying information, even though the intruder may not be able to refer to or modify the information. Causing a system "crash," disrupting a scheduling algorithm, or firing a bullet into a computer are examples of denial of use. This is another form of sabotage.

3. The term "unauthorized" in the three categories listed above means that release, modification, or denial of use occurs contrary to the desire of the person who controls the information, possibly even contrary to the constraints supposedly enforced by the system. The biggest complication in a general-purpose remote-accessed computer system is that the "intruder" in these definitions may be an otherwise legitimate user of the computer system. The security techniques applied to computer systems:

• labeling files with lists of authorized users,

• verifying the identity of a prospective user by demanding a password,

• shielding the computer to prevent interception and subsequent interpretation of electromagnetic radiation,

• enciphering information sent over telephone lines,

• locking the room containing the computer,

• controlling who is allowed to make changes to the computer system (both its hardware and software),

• using redundant circuits or programmed cross-checks that maintain security in the face of hardware or software failures,

• certifying that the hardware and software are actually implemented as intended.

4. It is apparent that a wide range of considerations are pertinent to the engineering of security of information. Historically, the literature of computer systems has more narrowly defined the term protection to be just those security techniques that control the access of executing programs to stored information. An example of a protection technique is labeling of computer-stored files with lists of authorized users. Similarly, the term authentication is used for those security techniques that verify the identity of a person (or other external agent) making a request of a computer system. An example of an authentication technique is demanding a password. This paper concentrates on protection and authentication mechanisms, with only occasional reference to the other equally necessary security mechanisms. One should recognize that concentration on protection and authentication mechanisms provides a narrow view of information security, and that a narrow view is dangerous. The objective of a secure system is to prevent all unauthorized use of information, a negative kind of requirement.

1. Найдите русские эквиваленты к следующим выражениям:

1. "traffic analysis"

2. hardware

3. redundant circuits

4. to prevent interception

5. electromagnetic radiation

6. authentication mechanisms

7. a secure system

8. a system "crash"

9. legitimate user

10. information-storing systems.

2. Прочитайте и переведите текст:

An Isolated Virtual Machine (I)

A typical computer consists of a processor, a linearly addressed memory system, and some collection of input/output devices associated with the processor. It is relatively easy to use a single computer to simulate several, each of which is completely unaware of the existence of the others, except that each runs more slowly than usual. Such a simulation is of interest, since during the intervals when one of the simulated (commonly called virtual) processors is waiting for an input or output operation to finish; another virtual processor may be able to progress at its normal rate. Thus a single processor may be able to take the place of several. Such a scheme is the essence of a multiprogramming system.

To allow each virtual processor to be unaware of the existence of the others, it is essential that some isolation mechanism be provided. One such mechanism is a special hardware register called a descriptor. In this figure, all memory references by the processor are checked by an extra piece of hardware that is interposed in the path to the memory. The descriptor register controls exactly which part of memory is accessible. The descriptor register contains two components: a base value and a bound value. The base is the lowest numbered address the program may use, and the bound is the number of locations beyond the base that may be used. We will call the value in the descriptor register a descriptor, as it describes an object (in this case, one program) stored in memory. The program controlling the processor has full access to everything in the base-bound range, by virtue of possession of its one descriptor. As we go on, we shall embellish the concept of a descriptor: it is central to most implementations of protection and of sharing of information.

So far, we have not provided for the dynamics of a complete protection scheme: we have not discussed who loads the descriptor register. If any running program could load it with any arbitrary value, there would be no protection. The instruction that loads the descriptor register with a new descriptor must have some special controls - either on the values it will load or on who may use it. It is easier to control that may use the descriptor, and a common scheme is to introduce an additional bit in the processor state. This bit is called the privileged state bit. All attempts to load the descriptor register are checked against the value of the privileged state bit; the privileged state bit must be ON for the register to be changed. One program (named the supervisor - program S runs with the privileged state bit ON, and controls the simulation of the virtual processors for the other programs. All that is needed to make the scheme complete is to ensure that the privileged state bit cannot be changed by the user programs except, perhaps, by an instruction that simultaneously transfers control to the supervisor program at a planned entry location. (In most implementations, the descriptor register is not used in the privileged state.)

1. Найдите русские эквиваленты к следующим выражениям:

1. the simulation of the virtual processors

2. a new descriptor

3. register

4. supervisor

5. value of the privileged state bit

6. sharing of information

7. running program

8. base-bound range

9. controlling the processor

10. part of memory.

2. Прочитайте и переведите текст:

An Isolated Virtual Machine (II)

One might expect the supervisor program to maintain a table of values of descriptors, one for each virtual processor. When the privileged state bit is OFF, the index in this table of the program currently in control identifies exactly which program--and thus which virtual processor - is accountable for the activity of the real processor. For protection to be complete, a virtual processor must not be able to change arbitrarily the values in the table of descriptors. If we suppose the table to be stored inside the supervisor program, it will be inaccessible to the virtual processors. We have here an example of a common strategy and sometime cause of confusion: the protection mechanisms not only protect one user from another, they may also protect their own implementation. We shall encounter this strategy again.

So far, this virtual processor implementation contains three protection mechanisms that we can associate with our abstractions. For the first, the information being protected is the distinct programs of the guard are represented by the extra piece of hardware that enforces the descriptor restriction. The impenetrable wall with a door is the hardware that forces all references to memory through the descriptor mechanism. The authority check on a request to access memory is very simple. The requesting virtual processor is identified by the base and bound values in the descriptor register, and the guard checks that the memory location to which access is requested lies within the indicated area of memory.

The second mechanism protects the contents of the descriptor register. The wall, door, and guard are implemented in hardware, as with the first mechanism. An executing program requesting to load the descriptor register is identified by the privileged state bit. If this bit is OFF, indicating that the requester is a user program, then the guard does not allow the register to be loaded. If this bit is ON, indicating that the requester is the supervisor program, then the guard does allow it.

The third mechanism protects the privileged state bit. It allows an executing program identified by the privileged state bit being OFF (a user program) to perform the single operation "turn privileged state bit ON and transfer to the supervisor program." An executing program identified by the privileged state bit being ON is allowed to turn the bit OFF. This third mechanism is an embryonic form of the sophisticated protection mechanisms required to implement protected subsystems. The supervisor program is an example of a protected subsystem, of which more will be said later.

The supervisor program is part of all three protection mechanisms, for it is responsible for maintaining the integrity of the identifications manifest in the descriptor register and the privileged state bit. If the supervisor does not do its job correctly, virtual processors could become labeled with the wrong base and bound values, or user programs could become labeled with a privileged state bit that is ON, The supervisor protects itself from the user programs with the same isolation hardware that separates users, an example of the "economy of mechanism" design principle.

1. Найдите русские эквиваленты к следующим выражениям:

1. an embryonic form

2. executing program identified

3. virtual processor

4. with the wrong base

5. for maintaining the integrity

6. "economy of mechanism"

7. indicated area of memory

8. distinct programs

9. protection mechanisms

10. transfer to the supervisor program.

2. Прочитайте и переведите текст:

Computer Design Principles

Whatever the level of functionality provided, the usefulness of a set of protection mechanisms depends upon the ability of a system to prevent security violations. In practice, producing a system at any level of functionality (except level one) that actually does prevent all such unauthorized acts has proved to be extremely difficult. Sophisticated users of most systems are aware of at least one way to crash the system, denying other users authorized access to stored information. Penetration exercises involving a large number of different general-purpose systems all have shown that users can construct programs that can obtain unauthorized access to information stored within. Even in systems designed and implemented with security as an important objective, design and implementation flaws provide paths that circumvent the intended access constraints. Design and construction techniques that systematically exclude flaws are the topic of much research activity, but no complete method applicable to the construction of large general-purpose systems exists yet.

Economy of mechanism: Keep the design as simple and small as possible. This well-known principle applies to any aspect of a system, but it deserves emphasis for protection mechanisms for this reason: design and implementation errors that result in unwanted access paths will not be noticed during normal use (since normal use usually does not include attempts to exercise improper access paths). As a result, techniques such as line-by-line inspection of software and physical examination of hardware that implements protection mechanisms are necessary. For such techniques to be successful, a small and simple design is essential.

Fail-safe defaults: Base access decisions on permission rather than exclusion. This principle, suggested by E. Glaser in 1965, means that the default situation is lack of access, and the protection scheme identifies conditions under which access is permitted. The alternative, in which mechanisms attempt to identify conditions under which access should be refused, presents the wrong psychological base for secure system design. A conservative design must be based on arguments why objects should be accessible, rather than why they should not. In a large system some objects will be inadequately considered, so a default of lack of permission is safer. A design or implementation mistake in a mechanism that gives explicit permission tends to fail by refusing permission, a safe situation, since it will be quickly detected. On the other hand, a design or implementation mistake in a mechanism that explicitly excludes access tends to fail by allowing access, a failure which may go unnoticed in normal use. This principle applies both to the outward appearance of the protection mechanism and to its underlying implementation.

1. Найдите русские эквиваленты к следующим выражениям:

1. line-by-line inspection of software

2. a default of lack of permission

3. wrong psychological base

4. general-purpose systems

5. to crash the system

6. to stored information

7. outward appearance of the protection mechanism

8. unauthorized acts

9. physical examination of hardware

10. to prevent security violations.

2. Прочитайте и переведите текст:

Computer Design Principles (II)

Every access to every object must be checked for authority. This principle, when systematically applied, is the primary underpinning of the protection system. It forces a system-wide view of access control, which in addition to normal operation includes initialization, recovery, shutdown, and maintenance. It implies that a foolproof method of identifying the source of every request must be devised. It also requires that proposals to gain performance by remembering the result of an authority check be examined skeptically. If a change in authority occurs, such remembered results must be systematically updated. The design should not be secret. The mechanisms should not depend on the ignorance of potential attackers, but rather on the possession of specific, more easily protected, keys or passwords. This decoupling of protection mechanisms from protection keys permits the mechanisms to be examined by many reviewers without concern that the review may itself compromise the safeguards. In addition, any skeptical user may be allowed to convince himself that the system he is about to use is adequate for his purpose. Finally, it is simply not realistic to attempt to maintain secrecy for any system which receives wide distribution.

Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key. The relevance of this observation to computer systems was pointed out by R. Needham in 1973. The reason is that, once the mechanism is locked, the two keys can be physically separated and distinct programs, organizations, or individuals made responsible for them. From then on, no single accident, deception, or breach of trust is sufficient to compromise the protected information. This principle is often used in bank safe-deposit boxes. It is also at work in the defense system that fires a nuclear weapon only if two different people both give the correct command. In a computer system, separated keys apply to any situation in which two or more conditions must be met before access should be permitted. For example, systems providing user-extendible protected data types usually depend on separation of privilege for their implementation.

Every program and every user of the system should operate using the least set of privileges necessary to complete the job. Primarily, this principle limits the damage that can result from an accident or error. It also reduces the number of potential interactions among privileged programs to the minimum for correct operation, so that unintentional, unwanted, or improper uses of privilege are less likely to occur. Thus, if a question arises related to misuse of a privilege, the number of programs that must be audited is minimized. Put another way, if a mechanism can provide "firewalls," the principle of least privilege provides a rationale for where to install the firewalls. The military security rule of "need-to-know" is an example of this principle.

1. Найдите русские эквиваленты к следующим выражениям:

1. separation of privilege

2. potential interactions

3. "firewalls"

4. "need-to-know"

5. feasible

6. ignorance

7. recovery

8. keys or passwords

9. access

10. maintenance.