Part of the Attack.tex database ()

Focused On Your Success

The All.Net Security Database

Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism: Threat Profiles Attack Methods Defense Methods Process: Prevention Detection Reaction Impact: Integrity Availability Confidential Use Control	Other: Risk Management Database Description Domain: Physical Informational Systemic Sophistication: Theoretical Demonstrated Widespread	Perspectives: Management Policy Standards Procedures Documentation Audit Testing Technical Safeguards Personnel Incident Handling Legal Physical Awareness Training Education Organization
Brekne's Mechanistic: Input Output Storage Processing Transmission	Brekne's Causal: Accidental Malicious	Brekne's Method: Leakage Masquerade Denial Corruption Usage Mental

Attack56:

Name:data aggregation

Legitimately accessible data is aggregated to derive unauthorized information. Examples include getting the total departmental salary figures just before and after a new employee is hired to derive the salary of the new hire, attending a wide range of unclassified but private meetings in a particular area in order to gain an overall picture of what work a group is doing, and tracking movements of many people from a particular organization and correlating that information with job titles and other events to derive intelligence indicators. Complexity: Data aggregation can be quite complex both to perform and to protect against. Some work on protecting against these attacks has led to identifying NP-complete problems, while gathering information through this technique may involve solving a large number of equations in a large number of unknowns and is similar to integer programming problems in complexity.

fc@red.a.net

Related Database Material

[TBVStorage - Relates to Storage]
[TBVAccidental - Relates to Accidental]
[TBVMalicious - Relates to Malicious]
[TBVLeakage - Relates to Leakage]
[PDRConfidentiality - Relates to Confidentiality]
[PDRDemonstrated - Relates to Demonstrated]
[PLSLogical - Relates to Logical]
[Threat1 - insiders]
[Threat2 - private investigators]
[Threat3 - reporters]
[Threat4 - consultants]
[Threat5 - vendors]
[Threat6 - customers]
[Threat7 - Fraudsters]
[Threat8 - competitors]
[Threat9 - whistle blowers]
[Threat10 - hackers]
[Threat14 - tiger teams]
[Threat16 - professional thieves]
[Threat23 - drug cartels]
[Threat25 - industrial espionage experts]
[Threat26 - foreign agents and spies]
[Threat27 - police]
[Threat28 - government agencies]
[Threat30 - economic rivals]
[Threat31 - nation states]
[Threat32 - global coalitions]
[Threat33 - military organizations]
[Threat35 - information warriors]
[Threat36 - extortionists]
[Defense131 - adversary principle (GASSP)]
[Defense30 - audit analysis]
[Defense49 - classifying information as to sensitivity]
[Defense96 - content checking]
[Defense18 - encryption]
[Defense6 - feeding false information]
[Defense138 - filtering devices]
[Defense56 - fine-grained access control]
[Defense66 - noise injection]
[Defense48 - security marking and/or labeling]
[Defense20 - temporary blindness]