Lesson 2.3 Cybersecurity and Cryptography
Key Terms
Term
Definition
Adware
Undesired software intended to advertise product to the user.
Software that searches for code snippets known to be contained
in malware; these code snippets are listed in a definitions file
that must be updated to include new malware.
Antivirus
Software
Association for
Computing
Machinery (ACM)
Black-Hat
Penetration
Testing
Blacklist and
Whitelist
Botnet
Brute Force
Attack
Computable
Computer
Emergency
Readiness Team
(CERT)
Constant
Function
Cyber Hygiene
Denial of Service
(DoS) Attack
Distributed
Denial of Service
(DDoS) Attack
Efficiency
Empirical
Efficiency
Enumeration
The leading professional organization for computing specialists.
Testing the vulnerability of a network without written
permission; permanently excludes a person from penetration
testing professions.
A list of addresses, ports, or applications that should be denied
(blacklist) or allowed (whitelist) by a firewall, spam filter, or
other software.
Malware that "calls home" to a command and control center for
further instructions after it infects a computer.
An attack on passwords or encryption that tries every possible
password or encryption key.
A problem is computable if an algorithm can be used to solve it;
uncomputable problems might cause any algorithm solving the
problem to go on forever.
Though the acronym is used by many organizations, CERT began
at Carnegie Mellon University and continues there as the CERT
Coordination Center (CERT/CC); the Department of Homeland
Security uses the acronym US-CERT and now issues the official
weekly CERT Bulletins summarizing new vulnerabilities.
A function like f(x) = y = 5 that is the same regardless of the
independent variable; graph is horizontal line.
Routine practices that protect against data loss and cyber
intrusion.
Preventing a target from fulfilling its intended function, typically
by keeping the target busy or causing it to crash.
Many computers collaborate to shut down a target, usually by
keeping it busy or overwhelming it with incoming requests.
Describes how quickly an algorithm executes.
How quickly an algorithm executes, measured by timing the
execution with a clock.
To obtain a list. Attackers often try to enumerate usernames or
© 2014 Project Lead The Way, Inc.
Computer Science Principles Lesson 2.3 Cybersecurity and Cryptography Key Terms – Page 1
Escalation of
Privileges
Exploit
Exponential
Function
Firewall
Hacking
Inverses
Keystroke Logger
Linear Function
Malware
Noise
Obscurity
One-Way
Function
Open Data
Movement
P and NP
Problems
Patch
Payload
Penetration
Testing
Permission
Privileges
open ports on a machine, or IP addresses in a network;
countered by obscurity.
A strategy for a cyber intruder, using whatever access has been
gained to gain additional access to data or processing power.
A method to take advantage of vulnerability by delivering input
to gain unintended access or deny service.
A function like f(x) = y = 2x that has the independent variable in
the exponent; exponential functions will always "outpace"
polynomial functions.
Software or hardware that limits network traffic based on the
packets' source and destination address and port and/or source
and destination application on a computer.
Figuring out ways to use hardware and software that was
unintended by the engineers who created it, usually used in the
context of cybersecurity.
A pair of functions that, when performed one after another,
return to the starting data.
Malware that detects and reports keystrokes.
A function like f(x) = y = 3x + 4 that has an x-term and a constant
term; graph is a line.
The broadest category of software installed or intended to be
installed on a target computer, with an intentional negative
effect.
Unintentional variation in data, contrasted with signal, which is
the variation between one data set and another data set collected
under intentionally different circumstances for comparison.
Protecting a computer by hiding details like software version
number.
A function like multiplying two large prime numbers that takes a
small amount of time to compute an output from an input but a
large amount of time to recover an input from the output.
A movement to make raw data available to users in standardized
formats so that third parties can create applications that link to
the data for users to consume.
P problems can be solved in polynomial time; solutions to NP
problems can be verified in polynomial time, but it is unknown if
that implies they can be solved in polynomial time.
An update to software that repairs one or more bugs, often
including security vulnerabilities.
Malware delivered by social engineering and/or by exploiting
vulnerability in software.
Professional hacking to access data and computing power
without being granted access; professional pen-testers are hired
to identify and repair vulnerabilities and only work once, given
written permission to obtain ungranted access.
Privileges are rights granted to a user, often specific to a file or a
directory, and often categorized as granting permission to read
data, modify data, and/or execute data.
© 2014 Project Lead The Way, Inc.
Computer Science Principles Lesson 2.3 Cybersecurity and Cryptography Key Terms – Page 2
Polynomial
Function
Polynomial Time
Quadratic
Function
Rogue Security
Software
Rootkit
RSA Algorithm
Script Kiddie
Social
Engineering
Spam Filter
Spyware
Theoretical
Efficiency
Time Complexity
Tractable
Trojan Horse
User Account
Control
Virus
Vulnerability
A function like f(x) = y = 7x100 + 5x34 + 12x7 + 6 that has any
number of terms in which x is raised to a power. Polynomial
functions include quadratic, linear, and constant functions.
Problems can be solved in polynomial time if the time for an
algorithm to solve the problem increases as a power of the bytes
of the input, and not exponentially with the length of the input.
A function like f(x) = y = 5x2 + 7x +3 that has an x2 term but no
power higher than two.
Software that claims to detect or remove malware, adware, or
spyware but actually installs it.
A tool that obtains the highest level of privilege on a device,
sometimes used intentionally by a mobile device owner to
override the protections installed by the service provider.
Named after inventors Rivest, Shamir, and Adelman, RSA is a
system for encrypting and decrypting a message using a pair of
keys, both of which contain the product of two prime numbers.
A black-hat "penetration tester" with limited computer science
knowledge that uses instructions and tools from other people to
exploit vulnerable computer systems.
A broad category for techniques that aim to psychologically
manipulate a person's trust to gain access to data or computing
resources, usually by being tricked into clicking on a link,
opening a file, or answering a question.
Software that limits email traffic based on the email's content,
attachments, or sender's address.
Undesired software intended to collect information, including
installed software, browsing history, or keystroke logging.
How quickly an algorithm will execute, predicted by counting the
number of operations that will be executed by the processor.
Describes how much more time an algorithm will need if
provided a longer string of input, emphasizing the worst-case
scenario and the limiting trend when the input string is long.
A problem is tractable if it can be solved in polynomial time; it is
untractable if the worst-case time to execute any solution grows
exponentially with the length of the input.
Software or application data that seems useful but that actually
delivers a malware payload.
MS Windows-based methods that limit software exploitation of a
user's privileges by prompting the user to confirm that they want
to allow the software to continue with specific privileges.
Malware that spreads by inserting itself into files, spreading to
other computers when humans move files or connect devices.
A flaw in software, including a website, a protocol, an operating
system, programming languages, or hardware drivers, that
allows unexpected input to gain unintended access to computing
resources or to deny service to legitimate users.
© 2014 Project Lead The Way, Inc.
Computer Science Principles Lesson 2.3 Cybersecurity and Cryptography Key Terms – Page 3
Wildcard
Worm
Worst-Case
Running Time
A special character used in a query string pattern, matching any
character or characters in search results.
Malware that spreads by sending itself to other computers.
The time that an algorithm will take to execute input of a given
length if the input is specially chosen to take a long time.
Includes only the time for the processor to complete the
algorithm with this worst-case input, and does not include
variation from the processor performing unrelated tasks.
© 2014 Project Lead The Way, Inc.
Computer Science Principles Lesson 2.3 Cybersecurity and Cryptography Key Terms – Page 4