The introduction of multiple errors is used to cause otherwise
reliable software to fail in unanticipated ways. Examples include the
creation of an input syntax error with a previously locked error-log file
resulting in inconsistent data state, the premature termination of a
communications protocol during an error recovery process - possible causing
a cascade failure, and the introduction of simultaneous interleaved attack
sequences causing normal detection methods to fail.
[Hecht93][Thyfault92]
Complexity: The limited work on multiple error effects
indicates that even the most well-designed and trusted system fail
unpredictably under multiple error conditions. This problem appears to be
even more complex than proving program correctness, perhaps even falling
into the factorial time and space realm. For an attacker, producing multiple
errors is often straightforward, but for a defender to analyze them all is
essentially impossible under current theory.
fc@red.a.net