英文文献导读作业.docx

Computer Security: The Good, the Bad, and the UglyCatherine MeadowsCode 5543Naval Research LaboratoryWashington, DC 20375meadows@itd.nrl.navy.milAbstractIn this paper we discuss and characterize differenttypes of solutions to computer security problems interms of bad (theoretically sound, but expensive andimpractical), ugly (practical, but messy and of doubtfulassurance), and good (theoretically sound and practical).We also attempt to characterize the different approachesand problems in computer security that wouldlead to these different types of solutions.摘要在这篇论文里，我们将要讨论和描绘不同类型的计算机安全问题的解决方法，分为三类：不错的（健全，但是昂贵且实操性不强），无用的（有实用性但是凌乱且不保险）以及良好的（健全且实用）。我们还尝试描述这些导致这些不同解决方法的途径和问题。KeywordComputer security, solution, bad, ugly, good关键词计算机安全，解决方法，不错的，无用的，良好的Security of a system can be loosely defined as theassurance of correct operation in face of hostile attack.The fact that the threat is a hostile, intelligent, attackerhas a number of ramifications:系统的安全性可以大致定义为在面对恶意攻击下保证正确的操作。事实上，这种攻击是恶意的，智能的，并且攻击者有很多表现形式：1.How the system performed historically may havelittle bearing on how it will perform in the future.Although a system may have suffered few securityproblems in the past, this does not mean that thiswill always be the case. New applications of thesystem may make it a more attractive target forbreak-ins. New attacks and security holes may befound.1.系统在历史上的意义一定程度上来说和其在未来的表现有关。目前看来，系统在过去遇到的问题不值一提，但这并不意味着以后也总是如此。随着系统功能的发展，新的应用的出现，它对那些乐于非法闯入的人来说会成为一个非常有诱惑力的目标。新的攻击手段和安全漏洞将被发现。2. It is not always possible to predict what the securityneeds of a system will be, since it is notalways possible to predict how the system will beused. For example, the Internet was originally intended to be a system by which a relatively small numberof researchers could share resources, buthas evolved into a communications system used bymillions of people.2.一个系统所需要的安全需求保障总是难以预料的，因为总是难以预料系统会被用于何处。例如，最初互联网被设定为一个提供给相对少量研究员互相分享资源的平台，但是之后却发展成了一个容纳数以百万计人的通讯系统。3. The benefits of security are usually invisible. Sec