Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack41:

    Name:implied trust exploitation

    Complexity: In general, analyzing this problem would seem to require analyzing all of the interdependencies of programs. In today's networked environment, this would appear to be infeasible, but no detailed analysis has been published to date.
    fc@red.a.net

    Related Database Material

    [TBVTransmission - Relates to Transmission]
    [TBVAccidental - Relates to Accidental]
    [TBVMalicious - Relates to Malicious]
    [TBVmasQuerade - Relates to masQuerade]
    [TBVDenial - Relates to Denial]
    [PDRIntegrity - Relates to Integrity]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRWidespread - Relates to Widespread]
    [PLSSystemic - Relates to Systemic]
    [Threat1 - insiders]
    [Threat2 - private investigators]
    [Threat3 - reporters]
    [Threat4 - consultants]
    [Threat6 - customers]
    [Threat7 - Fraudsters]
    [Threat8 - competitors]
    [Threat9 - whistle blowers]
    [Threat10 - hackers]
    [Threat11 - crackers]
    [Threat13 - cyber-gangs]
    [Threat14 - tiger teams]
    [Threat15 - maintenance people]
    [Threat16 - professional thieves]
    [Threat20 - crackers for hire]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat28 - government agencies]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Threat36 - extortionists]
    [Defense131 - adversary principle (GASSP)]
    [Defense32 - anomaly detection]
    [Defense45 - augmented authentication devices time or use variant]
    [Defense88 - authenticated information]
    [Defense61 - authentication of packets]
    [Defense96 - content checking]
    [Defense63 - encrypted authentication]
    [Defense130 - internal control principle (GASSP)]
    [Defense53 - known-attack scanning]
    [Defense37 - least privilege]
    [Defense84 - limited function]
    [Defense31 - misuse detection]
    [Defense42 - multi-person controls]
    [Defense22 - out-of-range detection]
    [Defense16 - redundancy]
    [Defense51 - secure design]
    [Defense83 - secure or trusted channels]
    [Defense1 - strong change control]
    [Defense52 - testing]
    [Defense9 - trusted applications]
    [Defense97 - trusted system technologies]