Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack33:

    Name:invalid values on calls

    Complexity: In most cases, only a few hundred well-considered attempts are required to find a successful attack of this sort against a program. No mathematical theory exists for analyzing this in more detail, but a reasonable suspicion would be that several hundred common failings make up the vast majority of this class of attacks and that those sorts of flaws could be systematically attempted. There is some speculation that software testing techniques [Lyu95] could be used to discover such flaws, but no definitive results have been published to date.
    fc@red.a.net

    Related Database Material

    [TBVInput - Relates to Input]
    [TBVMalicious - Relates to Malicious]
    [TBVUsage - Relates to Usage]
    [PDRIntegrity - Relates to Integrity]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSLogical - Relates to Logical]
    [Threat1 - insiders]
    [Threat4 - consultants]
    [Threat6 - customers]
    [Threat10 - hackers]
    [Threat11 - crackers]
    [Threat12 - club initiates]
    [Threat13 - cyber-gangs]
    [Threat14 - tiger teams]
    [Threat18 - vandals]
    [Threat19 - activists]
    [Threat20 - crackers for hire]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat28 - government agencies]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Threat36 - extortionists]
    [Defense54 - accountability]
    [Defense135 - alarms]
    [Defense32 - anomaly detection]
    [Defense30 - audit analysis]
    [Defense88 - authenticated information]
    [Defense96 - content checking]
    [Defense13 - detection before failure]
    [Defense21 - fault isolation]
    [Defense138 - filtering devices]
    [Defense14 - human intervention after detection]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense89 - integrity checking]
    [Defense130 - internal control principle (GASSP)]
    [Defense10 - isolated sub-file-system areas]
    [Defense31 - misuse detection]
    [Defense43 - multi-version programming]
    [Defense22 - out-of-range detection]
    [Defense16 - redundancy]
    [Defense51 - secure design]
    [Defense1 - strong change control]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense52 - testing]