Skip to content

Complete Systems Acronym Reference

Alphabetically organized reference covering OS/kernel, networking, security, cloud/distributed systems, performance, and hardware. Each entry gives the full expansion and a brief domain context note.

A

ABI — Application Binary Interface. The calling convention, data type sizes, and system call interface between compiled code and the OS or between libraries; changing an ABI breaks binary compatibility. (OS/kernel)

ACK — Acknowledgment. A TCP segment sent to confirm receipt of data; absence of ACK triggers retransmission. (Networking)

ACPI — Advanced Configuration and Power Interface. The firmware/OS interface for hardware discovery, power management, and thermal control; replaced APM. (OS/kernel, Hardware)

ALU — Arithmetic Logic Unit. The processor component that performs integer arithmetic and bitwise logical operations. (Hardware)

APIC — Advanced Programmable Interrupt Controller. x86 hardware that manages interrupt routing to CPU cores; the LAPIC is per-core, the IOAPIC is shared. (OS/kernel, Hardware)

ARP — Address Resolution Protocol. Maps IPv4 addresses to MAC addresses via broadcast on a local Ethernet segment. (Networking)

ASM — Assembly (language). Low-level programming language with a near-direct mapping to machine instructions; also the file extension for assembly source. (OS/kernel)

ASLR — Address Space Layout Randomization. Security mitigation that randomizes the base addresses of stack, heap, and libraries at load time, hindering memory exploitation. (Security)

AVX — Advanced Vector Extensions. Intel/AMD SIMD instruction set that operates on 256-bit (AVX) or 512-bit (AVX-512) vector registers. (Hardware)

AZ — Availability Zone. An isolated, independent data center facility within a cloud region; failures in one AZ should not affect others. (Cloud)

B

BGP — Border Gateway Protocol. The routing protocol of the Internet; exchanges reachability information between autonomous systems. (Networking)

BKL — Big Kernel Lock. A single, coarse-grained spinlock that serialized most Linux kernel operations prior to its removal in Linux 2.6.39. (OS/kernel)

BPF — Berkeley Packet Filter. Originally a packet filtering mechanism; extended as eBPF in Linux 3.18+ to a general-purpose kernel-safe bytecode VM. (OS/kernel, Networking)

BSS — Block Started by Symbol. ELF section for uninitialized (zero-initialized) global and static data; occupies no space in the binary file. (OS/kernel)

BTF — BPF Type Format. Metadata format for BPF programs and kernel data structures; enables CO-RE (Compile Once, Run Everywhere) for eBPF. (OS/kernel)

C

CAP — Consistency, Availability, Partition-tolerance. Brewer's conjecture that a distributed system can guarantee at most two of the three properties simultaneously. (Distributed systems)

CDN — Content Delivery Network. A geographically distributed network of caches that serves content from the node nearest the client, reducing latency. (Cloud, Networking)

CFS — Completely Fair Scheduler. Linux's default process scheduler (since 2.6.23), which uses a red-black tree ordered by virtual runtime to provide fair CPU allocation. (OS/kernel)

CFI — Control Flow Integrity. Security mitigation that restricts program control flow to a defined set of valid targets, mitigating ROP attacks. (Security)

CIDR — Classless Inter-Domain Routing. IP address allocation notation (e.g., 192.168.1.0/24) that replaced classful addressing and enables route aggregation. (Networking)

CNI — Container Network Interface. CNCF standard for Kubernetes network plugins; defines how pods receive IP addresses and how network policies are enforced. (Cloud, Networking)

CORS — Cross-Origin Resource Sharing. HTTP mechanism allowing a server to declare which origins may access its resources in browser cross-origin requests. (Networking, Security)

CoW — Copy-on-Write. Optimization where shared memory pages are not duplicated until one party writes; used in fork(), container layers, and QEMU's QCOW2 format. (OS/kernel)

CPI — Cycles Per Instruction. Performance metric measuring average processor cycles to execute one instruction; lower is faster. (Hardware, Performance)

CRD — Custom Resource Definition. Kubernetes extension mechanism allowing users to define new API object types without modifying the Kubernetes API server binary. (Cloud)

CRI — Container Runtime Interface. Kubernetes gRPC interface between the kubelet and container runtimes (containerd, CRI-O); replaced the Docker-shim. (Cloud)

CSI — Container Storage Interface. Kubernetes standard for storage plugins; allows persistent volumes from arbitrary storage backends to be provisioned without modifying Kubernetes core. (Cloud)

CSP — Content Security Policy. HTTP response header that restricts which scripts, styles, and frames a page may load, mitigating XSS and injection attacks. (Security)

CVE — Common Vulnerabilities and Exposures. The MITRE-maintained dictionary of publicly disclosed security vulnerabilities; each entry has a unique CVE-ID. (Security)

CXL — Compute Express Link. PCIe 5.0-based cache-coherent interconnect for CPUs, GPUs, and memory expanders; enables memory pooling and disaggregation. (Hardware)

D

DAC — Discretionary Access Control. Access control model where the resource owner controls permissions; contrasted with MAC where the OS enforces policy. (Security)

DDR — Double Data Rate (SDRAM). Synchronous DRAM that transfers data on both rising and falling clock edges; DDR4 and DDR5 are current generations. (Hardware)

DEP — Data Execution Prevention. Windows term for the NX (No-Execute) bit that prevents code execution in data pages. (Security)

DMA — Direct Memory Access. Hardware mechanism allowing peripherals to read/write system memory without CPU involvement; requires IOMMU protection. (OS/kernel, Hardware)

DNS — Domain Name System. Hierarchical distributed naming system that maps hostnames to IP addresses (and other record types). (Networking)

DPDK — Data Plane Development Kit. Intel-originated framework for user-space packet processing that bypasses the kernel networking stack for near-line-rate performance. (Networking, Performance)

DRAM — Dynamic Random Access Memory. Volatile main memory requiring periodic refresh; slower and cheaper per bit than SRAM. (Hardware)

DTB — Device Tree Blob. Binary representation of hardware description used on ARM and embedded platforms; loaded by the bootloader and parsed by the kernel. (OS/kernel)

DTS — Device Tree Source. Human-readable text format for hardware description, compiled into DTB by dtc. (OS/kernel)

E

EBS — Elastic Block Store. AWS's network-attached block storage service providing persistent volumes for EC2 instances. (Cloud)

ECMP — Equal-Cost Multi-Path routing. Forwarding technique that distributes traffic across multiple equal-cost routes; used in datacenter spine-leaf fabrics. (Networking)

ECN — Explicit Congestion Notification. TCP/IP extension that signals network congestion via IP header bits rather than requiring packet drops. (Networking)

ECC — Error Correcting Code (memory). DRAM that detects and corrects single-bit errors and detects double-bit errors; required in servers and safety-critical systems. (Hardware)

EFI — Extensible Firmware Interface. Successor to BIOS (see also UEFI); defines the firmware interface between OS and platform hardware. (OS/kernel, Hardware)

EKS — Elastic Kubernetes Service. AWS's managed Kubernetes control plane service. (Cloud)

EPT — Extended Page Tables. Intel VT-x feature that virtualizes guest physical addresses to host physical addresses, enabling efficient memory virtualization. (OS/kernel, Hardware)

ESP — EFI System Partition. FAT32 partition holding bootloaders, kernel images, and firmware drivers; required on GPT-partitioned UEFI systems. (OS/kernel)

ETCD — (not an acronym). A distributed key-value store using Raft consensus; the primary storage backend for Kubernetes cluster state. (Cloud, Distributed systems)

F

FaaS — Function as a Service. Cloud execution model where individual functions are invoked on demand with no persistent server; billed per invocation (AWS Lambda, GCP Cloud Functions). (Cloud)

FIB — Forwarding Information Base. The optimized routing table used by the kernel's packet forwarding path, derived from the RIB (Routing Information Base). (Networking)

FMA — Fused Multiply-Add. CPU instruction computing a * b + c in a single rounding step; increases floating-point throughput and precision in SIMD workloads. (Hardware)

FPU — Floating-Point Unit. CPU component dedicated to IEEE 754 floating-point arithmetic; on x86, context-switches save/restore FPU state (via FXSAVE/XSAVE). (Hardware, OS/kernel)

G

GDT — Global Descriptor Table. x86 data structure defining memory segments and privilege levels; in 64-bit mode mostly vestigial but still required for SYSCALL/SYSRET and TLS. (OS/kernel)

GFP — Get Free Pages. Linux kernel memory allocation flag prefix (e.g., GFP_KERNEL, GFP_ATOMIC) that controls allocator behavior and context. (OS/kernel)

GPL — GNU General Public License. Copyleft open-source license; Linux kernel is GPLv2. Kernel modules must be GPL-compatible or marked proprietary (with tainting implications). (OS/kernel)

GPT — GUID Partition Table. Modern partition table format (replaces MBR) supporting up to 128 partitions and disks > 2 TB; used with UEFI. (OS/kernel)

GPU — Graphics Processing Unit. Massively parallel processor originally for graphics; now also used for ML training and HPC workloads (NVIDIA CUDA, AMD ROCm). (Hardware)

GRE — Generic Routing Encapsulation. IP tunneling protocol that encapsulates arbitrary network-layer protocols inside IP; used in VPN and overlay networks. (Networking)

GRO — Generic Receive Offload. Linux networking optimization that merges incoming TCP segments in the NIC driver before handing them to the network stack, reducing per-packet overhead. (Networking, Performance)

GRUB — Grand Unified Bootloader. The most common Linux bootloader; loads the kernel image and initial ramdisk from disk. (OS/kernel)

GSO — Generic Segmentation Offload. Defers TCP segmentation to the NIC or just before transmission, reducing the number of iterations through the network stack. (Networking, Performance)

H

HAL — Hardware Abstraction Layer. OS layer that presents a uniform interface to hardware-specific code; Windows uses an explicit HAL; Linux embeds equivalent abstractions in drivers. (OS/kernel)

HBM — High Bandwidth Memory. 3D-stacked DRAM with a wide (1024-bit) bus providing very high bandwidth; used in GPUs and HPC accelerators (HBM2, HBM3). (Hardware)

HPA — Horizontal Pod Autoscaler. Kubernetes controller that automatically scales the number of pod replicas based on CPU/memory or custom metrics. (Cloud)

HSM — Hardware Security Module. Tamper-resistant hardware device for cryptographic operations and key storage; used in PKI, payment systems, and cloud KMS services. (Security)

HTTP — Hypertext Transfer Protocol. Application-layer protocol for the Web; HTTP/1.1 uses persistent connections, HTTP/2 adds multiplexing, HTTP/3 uses QUIC. (Networking)

I

IaaS — Infrastructure as a Service. Cloud service model providing raw compute, storage, and networking resources (EC2, GCE) — contrasted with PaaS and SaaS. (Cloud)

IDT — Interrupt Descriptor Table. x86 data structure mapping exception/interrupt vectors to handler function pointers; the hardware equivalent of a vector table. (OS/kernel)

ICMP — Internet Control Message Protocol. Network-layer protocol used for diagnostics (ping, traceroute) and error reporting (ICMP Unreachable, Time Exceeded). (Networking)

IOMMU — Input-Output Memory Management Unit. Hardware unit that maps device DMA addresses to physical memory, enforcing memory isolation for PCI devices; required for SR-IOV and safe device passthrough. (OS/kernel, Hardware)

IPC — Inter-Process Communication. Mechanisms for process data exchange: pipes, sockets, shared memory, message queues, signals. Also: Instructions Per Cycle (hardware performance metric). (OS/kernel, Hardware)

IRQ — Interrupt Request. Hardware or software signal that pauses CPU execution and transfers control to an interrupt handler; numbered and routed via the APIC. (OS/kernel)

ISA — Instruction Set Architecture. The contract between hardware and software defining available instructions and registers (x86-64, ARM64, RISC-V). Also: Industry Standard Architecture (legacy bus). (Hardware)

J

JIT — Just-In-Time (compilation). Dynamic compilation of bytecode or IR to native machine code at runtime; used in JVMs, V8, and the Linux eBPF verifier. (OS/kernel)

K

k8s — Kubernetes (the "8" replaces the 8 letters between K and s). Container orchestration system. (Cloud)

KSM — Kernel Samepage Merging. Linux feature that deduplicates identical anonymous memory pages across processes; useful in VM-dense deployments. (OS/kernel)

L

LLC — Last-Level Cache. The outermost CPU cache (typically L3) shared across all cores; cache misses at this level require DRAM accesses. (Hardware, Performance)

LKM — Loadable Kernel Module. Linux kernel code that can be dynamically inserted (insmod) or removed (rmmod) at runtime without rebooting. (OS/kernel)

LSM — Linux Security Module. Kernel hook framework for mandatory access control enforcement; SELinux, AppArmor, and seccomp are LSM implementations. (OS/kernel, Security)

M

MAC — Mandatory Access Control. Policy-enforced access control where the OS (not the resource owner) determines access, based on labels or rules (SELinux, AppArmor). Also: Media Access Control (Ethernet hardware address). (Security, Networking)

MCE — Machine Check Exception. x86 hardware error notification for uncorrectable CPU or memory errors; triggers mce kernel handling and may cause a kernel panic. (OS/kernel, Hardware)

MMIO — Memory-Mapped I/O. Hardware registers accessible via normal load/store instructions to specific physical address ranges; contrasted with port-mapped I/O (IN/OUT instructions). (OS/kernel, Hardware)

MSR — Model-Specific Register. x86 register accessed via RDMSR/WRMSR instructions; controls CPU features (SYSCALL entry point, power management, PMU configuration). (OS/kernel, Hardware)

N

NMI — Non-Maskable Interrupt. CPU interrupt that cannot be disabled by the IF flag; used for hardware watchdogs and perf counter overflow. (OS/kernel, Hardware)

NUMA — Non-Uniform Memory Access. Memory architecture where each CPU socket has local RAM accessed with lower latency than remote RAM on other sockets. (OS/kernel, Hardware, Performance)

NVMe — Non-Volatile Memory Express. PCIe-attached SSD protocol with very low latency (< 100 µs) and massive parallelism (64K queues of 64K commands each). (Hardware)

NX — No-Execute. CPU page-table bit (called XD on Intel) that prevents instruction execution in pages marked NX; the hardware basis for DEP/W^X security. (Security, Hardware)

O

OCI — Open Container Initiative. Linux Foundation project defining container image format and runtime spec (runc, containerd) interoperability standards. (Cloud)

OOM — Out-Of-Memory (killer). Linux kernel mechanism that kills processes when memory is exhausted to prevent system-wide deadlock; triggered when overcommit is exceeded. (OS/kernel)

OoO — Out-of-Order (execution). CPU design that executes instructions in an order different from program order to hide latency; results are committed in order via the ROB. (Hardware)

OSPF — Open Shortest Path First. Link-state interior gateway routing protocol that computes shortest paths via Dijkstra's algorithm. (Networking)

P

PaaS — Platform as a Service. Cloud service model providing a managed runtime environment for applications (Heroku, Google App Engine) — above IaaS, below SaaS. (Cloud)

PACELC — Partition-Availability-Consistency-Else-Latency-Consistency. Extension of CAP that also captures the latency vs consistency tradeoff during normal operation. (Distributed systems)

PCB — Process Control Block. Kernel data structure holding all state for a process: registers, open files, memory mappings, scheduling data. task_struct in Linux. (OS/kernel)

PCID — Process Context Identifier. x86 TLB tag that allows TLB entries from different processes to coexist, eliminating full TLB flushes on context switch; critical for KPTI performance. (OS/kernel, Hardware)

PCIe — Peripheral Component Interconnect Express. Serial interconnect bus for GPUs, NVMe SSDs, NICs, and other high-speed peripherals; PCIe 5.0 provides 32 GT/s per lane. (Hardware)

PFC — Priority Flow Control. Ethernet extension (802.1Qbb) that enables lossless operation for specific traffic classes; required for RoCE. (Networking)

PIE — Position-Independent Executable. Binary compiled to work at any load address (using relative addressing); required for ASLR to be effective. (Security)

PMU — Performance Monitoring Unit. CPU hardware counters for measuring cycles, instructions, cache misses, and other microarchitectural events; accessed via perf_event_open(). (Hardware, Performance)

PSI — Pressure Stall Information. Linux kernel metric exposing percentage of time processes stall waiting for CPU, memory, or I/O; used for cgroup resource pressure monitoring. (OS/kernel, Performance)

PFC — Priority Flow Control. IEEE 802.1Qbb Ethernet extension enabling lossless per-priority flow control; essential for RDMA over Converged Ethernet. (Networking)

Q

QoS — Quality of Service. Traffic management mechanisms (rate limiting, queuing, prioritization) that guarantee bandwidth or latency for specific traffic classes. (Networking)

R

RBAC — Role-Based Access Control. Access control model where permissions are assigned to roles, and users are assigned roles; used in Kubernetes, AWS IAM, and enterprise systems. (Security, Cloud)

RCU — Read-Copy Update. Linux kernel lock-free synchronization mechanism enabling concurrent reads with no blocking and deferred writer reclamation via grace periods. (OS/kernel)

RDMA — Remote Direct Memory Access. Network capability allowing a NIC to read/write remote system memory without involving the remote CPU; used in HPC and distributed databases. (Networking, Hardware)

RELRO — Relocation Read-Only. ELF binary hardening that marks the GOT (Global Offset Table) read-only after dynamic linking, preventing GOT overwrite attacks. (Security)

RISC — Reduced Instruction Set Computer. CPU architecture philosophy emphasizing a small, regular instruction set with load/store memory model (ARM, RISC-V, MIPS). (Hardware)

ROB — Reorder Buffer. CPU hardware buffer that tracks in-flight out-of-order instructions and ensures they commit to architectural state in program order. (Hardware)

RoCE — RDMA over Converged Ethernet. Protocol enabling RDMA over standard Ethernet hardware, requiring PFC for lossless operation. (Networking, Hardware)

ROP — Return-Oriented Programming. Exploitation technique that chains together "gadgets" (existing code sequences ending in RET) to bypass NX/DEP. Mitigated by CFI. (Security)

RPO — Recovery Point Objective. Maximum acceptable data loss measured as time; defines how frequently backups or replication must occur. (Cloud, Distributed systems)

RSS — Receive Side Scaling. NIC feature that distributes incoming packets across multiple CPU cores using a hash of packet header fields. (Networking, Performance)

RTO — Recovery Time Objective. Maximum acceptable time to restore a service after a failure; defines the target for failover and recovery procedures. (Cloud, Distributed systems)

RTT — Round-Trip Time. Time for a packet to travel from source to destination and back; the fundamental latency unit for network performance analysis. (Networking, Performance)

S

SaaS — Software as a Service. Cloud service model where fully managed applications are delivered over the internet (Gmail, Salesforce, Slack). (Cloud)

SDN — Software-Defined Networking. Network architecture separating the control plane (centralized) from the data plane (distributed), enabling programmatic network configuration (OpenFlow, P4). (Networking)

SELinux — Security-Enhanced Linux. NSA-developed LSM implementing Mandatory Access Control via detailed policy rules for process-to-resource interactions. (Security, OS/kernel)

SIMD — Single Instruction, Multiple Data. CPU execution model performing one operation on multiple data elements simultaneously (SSE, AVX, NEON). (Hardware)

SLA — Service Level Agreement. Contractual commitment about service availability/performance; typically less stringent than internal SLOs with penalty clauses for violation. (Cloud)

SLI — Service Level Indicator. A quantitative metric measuring service behavior (e.g., fraction of requests completing in < 200 ms). (Cloud, SRE)

SLO — Service Level Objective. An internal target for an SLI (e.g., 99.9% of requests complete in < 200 ms over a 28-day window). (Cloud, SRE)

SLUB — SLUB Allocator. Simplified slab allocator in Linux (default since 2.6.23); reduces metadata overhead and improves NUMA performance over the original SLAB. (OS/kernel)

SMAP — Supervisor Mode Access Prevention. Intel CPU feature that prevents kernel code from directly accessing user-space memory, requiring explicit STAC/CLAC instructions. Mitigates kernel privilege escalation via user-space pointer dereference. (Security, Hardware)

SMEP — Supervisor Mode Execution Prevention. Intel CPU feature that prevents the kernel from executing code in user-space pages; hardens against kernel exploits that redirect execution to user-space shellcode. (Security, Hardware)

SMP — Symmetric Multiprocessing. System architecture where multiple CPUs share a single memory address space and are treated equally by the OS scheduler. (OS/kernel, Hardware)

SMT — Simultaneous Multithreading. CPU feature running two hardware threads per physical core (Intel calls it Hyper-Threading); they share execution units and caches. (Hardware)

SR-IOV — Single Root I/O Virtualization. PCI standard that allows a single physical NIC or GPU to present multiple virtual functions (VFs), each assignable to a different VM or container. (Hardware, Cloud)

SRE — Site Reliability Engineering. Google-originated discipline applying software engineering principles to operations; quantifies reliability via SLIs/SLOs and error budgets. (Cloud)

SSP — Stack Smashing Protector. Compiler instrumentation (-fstack-protector) that places a canary value before the return address to detect stack buffer overflows at runtime. (Security)

T

TCP — Transmission Control Protocol. Reliable, ordered, connection-oriented transport protocol; provides byte-stream delivery with congestion control and flow control. (Networking)

TDP — Thermal Design Power. Maximum sustained power dissipation a CPU or GPU is designed to handle; determines cooling requirements. (Hardware)

TLB — Translation Lookaside Buffer. CPU cache for page table entries (virtual-to-physical address translations); TLB misses require a page table walk, which is expensive. (OS/kernel, Hardware)

TLS — Transport Layer Security. Cryptographic protocol providing authenticated, encrypted communication over TCP; TLS 1.3 is the current version. Also: Thread-Local Storage (per-thread variables in C/C++). (Networking, Security, OS/kernel)

TPM — Trusted Platform Module. Dedicated security chip (or firmware equivalent, fTPM) providing cryptographic key storage, attestation, and measured boot. (Security, Hardware)

TSO — Total Store Order. x86 memory consistency model that permits loads to bypass stores to different addresses; weaker than sequential consistency but stronger than ARM's weak model. (Hardware)

TTL — Time To Live. IP header field decremented by each router; when it reaches zero the packet is discarded (preventing routing loops). Also used in DNS records to specify cache lifetime. (Networking)

U

UAF — Use-After-Free. Memory safety vulnerability where a freed heap object is accessed; commonly exploited by overwriting the freed memory with attacker-controlled content before the dangling pointer is used. (Security, OS/kernel)

UDP — User Datagram Protocol. Connectionless, unreliable transport protocol with no ordering guarantees; low overhead makes it suitable for DNS, QUIC, gaming, and streaming. (Networking)

UEFI — Unified Extensible Firmware Interface. Modern firmware standard (successor to BIOS) providing a programmable pre-OS environment, GPT support, and Secure Boot. (OS/kernel, Hardware)

UTS — Unix Time-sharing System (namespace). Linux namespace that isolates hostname and NIS domain name; each container gets its own UTS namespace. (OS/kernel)

V

VDSO — Virtual Dynamic Shared Object. Small kernel-mapped shared library providing fast user-space implementations of syscalls like gettimeofday() without full syscall overhead. (OS/kernel)

VLAN — Virtual Local Area Network. IEEE 802.1Q standard for logically segmenting a single physical Ethernet network into multiple isolated broadcast domains. (Networking)

VMA — Virtual Memory Area. Linux kernel data structure (vm_area_struct) describing a contiguous range of virtual addresses in a process's address space with uniform permissions. (OS/kernel)

VMX — Virtual Machine Extensions. Intel x86 instruction set extensions (part of VT-x) enabling hardware-assisted virtualization; provides VMLAUNCH, VMRESUME, VMEXIT instructions. (OS/kernel, Hardware)

VPC — Virtual Private Cloud. Logically isolated cloud network with user-defined IP ranges, subnets, route tables, and security groups (AWS VPC, GCP VPC). (Cloud, Networking)

VPN — Virtual Private Network. Encrypted tunnel over a public network; WireGuard, OpenVPN, and IPsec are common implementations. (Networking, Security)

VXLAN — Virtual eXtensible LAN. Layer 2 overlay protocol encapsulating Ethernet frames in UDP/IP headers; used in container networking (Flannel, Calico VXLAN mode) and datacenter fabrics. (Networking, Cloud)

W

WAF — Web Application Firewall. Reverse proxy that inspects HTTP traffic and blocks requests matching attack signatures (SQLi, XSS, SSRF). (Security, Networking)

WAL — Write-Ahead Log. Durability technique where changes are written to a sequential log before being applied to primary storage; used in PostgreSQL, SQLite, Kafka, and Raft. (Distributed systems)

X

XDP — eXpress Data Path. Linux networking fast path for packet processing at the NIC driver level using eBPF programs; enables line-rate filtering without kernel network stack overhead. (Networking, OS/kernel)

XSS — Cross-Site Scripting. Web vulnerability where an attacker injects malicious scripts into content served to other users; mitigated by CSP and output encoding. (Security)

Appendix: Domain Quick-Reference

OS/Kernel

ABI, ACPI, APIC, ASM, BKL, BSS, BTF, CFS, CoW, CRI, CSI, DMA, DTB, DTS, EFI, FPU, GDT, GFP, GPL, GPT, GRUB, HAL, IDT, IPC, IRQ, ISA, IOMMU, JIT, KSM, LKM, LSM, MCE, MMIO, MSR, NMI, NUMA, OOM, PCB, PCID, PSI, RCU, SLUB, SMP, TLB, UTS, VDSO, VMA, VMX

Networking

ACK, ARP, BGP, BPF, CIDR, CNI, CORS, CSP, DNS, DPDK, ECMP, ECN, FIB, GRE, GRO, GSO, HTTP, ICMP, OSPF, PFC, QoS, RDMA, RoCE, RSS, RTT, SDN, SR-IOV, TCP, TLS, TTL, UDP, VLAN, VPN, VXLAN, XDP

Security

ASLR, CFI, CVE, DAC, DEP, HSM, MAC, NX, PIE, RBAC, RELRO, ROP, SELinux, SMAP, SMEP, SSP, TEE, TPM, UAF, WAF, XSS

Cloud and Distributed Systems

AZ, CAP, CDN, CRD, EBS, EKS, ETCD, FaaS, HPA, IaaS, k8s, OCI, PACELC, PaaS, RPO, RTO, SaaS, SLA, SLI, SLO, SRE, VPC, WAL

Hardware and Performance

ALU, AVX, CPI, CXL, DDR, DRAM, ECC, FMA, GPU, HBM, IPC, LLC, NVMe, OoO, PCIe, RISC, ROB, SIMD, SMT, TDP, TSO

Missing Entries — Additional Reference

EPT — Extended Page Tables (Intel VT-x feature for nested paging; listed above under E)

TEE — Trusted Execution Environment. Isolated secure processor environment for confidential computation (ARM TrustZone, Intel SGX, AMD SEV). (Security, Hardware)

ESP — Encapsulating Security Payload (IPsec protocol providing encryption and authentication). Also EFI System Partition (listed above). (Security, Networking)