Part of the Attack.tex database ()

Focused On Your Success

The All.Net Security Database

Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism: Threat Profiles Attack Methods Defense Methods Process: Prevention Detection Reaction Impact: Integrity Availability Confidential Use Control	Other: Risk Management Database Description Domain: Physical Informational Systemic Sophistication: Theoretical Demonstrated Widespread	Perspectives: Management Policy Standards Procedures Documentation Audit Testing Technical Safeguards Personnel Incident Handling Legal Physical Awareness Training Education Organization
Brekne's Mechanistic: Input Output Storage Processing Transmission	Brekne's Causal: Accidental Malicious	Brekne's Method: Leakage Masquerade Denial Corruption Usage Mental

Attack16:

Name:Trojan horses

Unintended components or operations are placed in hardware, firmware, software, or wetware causing unintended and/or inappropriate behavior. Examples include time bombs, use or condition bombs, flawed integrated circuits, additional components on boards, additional instructions in memory, operating system modifications, name overloaded programs placed in an execution path, added or modified circuitry, mechanical components, false connectors, false panels, radios placed in network connectors, displays, wires, or other similar components. Complexity: Detecting Trojan horses is almost certainly an undecidable problem (although nobody has apparently proven this it seems clear) but inadequate mathematical analysis has been done in this subject to provide further clarification.

fc@red.a.net

Related Database Material

[TBVProcessing - Relates to Processing]
[TBVMalicious - Relates to Malicious]
[TBVLeakage - Relates to Leakage]
[TBVmasQuerade - Relates to masQuerade]
[TBVDenial - Relates to Denial]
[TBVUsage - Relates to Usage]
[PDRIntegrity - Relates to Integrity]
[PDRAvailability - Relates to Availability]
[PDRConfidentiality - Relates to Confidentiality]
[PDRUse - Relates to Use]
[PDRWidespread - Relates to Widespread]
[PLSSystemic - Relates to Systemic]
[Threat1 - insiders]
[Threat2 - private investigators]
[Threat3 - reporters]
[Threat4 - consultants]
[Threat5 - vendors]
[Threat6 - customers]
[Threat7 - Fraudsters]
[Threat8 - competitors]
[Threat10 - hackers]
[Threat11 - crackers]
[Threat12 - club initiates]
[Threat13 - cyber-gangs]
[Threat14 - tiger teams]
[Threat15 - maintenance people]
[Threat16 - professional thieves]
[Threat18 - vandals]
[Threat19 - activists]
[Threat20 - crackers for hire]
[Threat21 - deranged people]
[Threat22 - organized crime]
[Threat24 - terrorists]
[Threat25 - industrial espionage experts]
[Threat26 - foreign agents and spies]
[Threat28 - government agencies]
[Threat29 - infrastructure warriors]
[Threat30 - economic rivals]
[Threat31 - nation states]
[Threat32 - global coalitions]
[Threat33 - military organizations]
[Threat35 - information warriors]
[Threat36 - extortionists]
[Defense54 - accountability]
[Defense62 - analysis of physical characteristics]
[Defense32 - anomaly detection]
[Defense30 - audit analysis]
[Defense29 - auditing]
[Defense45 - augmented authentication devices time or use variant]
[Defense88 - authenticated information]
[Defense47 - authorization limitation]
[Defense8 - automated protection checkers and setters]
[Defense5 - background checks]
[Defense33 - capture and punishment]
[Defense57 - change management]
[Defense58 - configuration management]
[Defense96 - content checking]
[Defense114 - control physical access]
[Defense72 - detailed audit]
[Defense87 - disable unsafe features]
[Defense7 - effective mandatory access control]
[Defense18 - encryption]
[Defense56 - fine-grained access control]
[Defense14 - human intervention after detection]
[Defense34 - improved morality]
[Defense102 - independent computer and tool use by auditors]
[Defense109 - independent control of audit information]
[Defense74 - information flow controls]
[Defense116 - inspection of incoming and outgoing materials]
[Defense89 - integrity checking]
[Defense55 - integrity shells]
[Defense79 - inventory control]
[Defense10 - isolated sub-file-system areas]
[Defense53 - known-attack scanning]
[Defense37 - least privilege]
[Defense124 - legal agreements]
[Defense84 - limited function]
[Defense85 - limited sharing]
[Defense86 - limited transitivity]
[Defense59 - lockouts]
[Defense107 - minimizing copies of sensitive information]
[Defense31 - misuse detection]
[Defense43 - multi-version programming]
[Defense108 - numbering and tracking all sensitive information]
[Defense22 - out-of-range detection]
[Defense28 - procedures]
[Defense121 - program change logs]
[Defense104 - protection of data used in system testing]
[Defense122 - protection of names of resources]
[Defense11 - quotas]
[Defense16 - redundancy]
[Defense100 - retaining confidentiality of security status information]
[Defense51 - secure design]
[Defense80 - secure distribution]
[Defense83 - secure or trusted channels]
[Defense4 - sensors]
[Defense40 - separation of duties]
[Defense41 - separation of function]
[Defense1 - strong change control]
[Defense20 - temporary blindness]
[Defense52 - testing]
[Defense125 - time, location, function, and other similar access limitations]
[Defense106 - tracking, correlation, and analysis of incident reporting and response information]
[Defense9 - trusted applications]
[Defense78 - trusted repair teams]
[Defense97 - trusted system technologies]