Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack64:

    Name:illegal value insertion

    Complexity: Most such attacks are easily carried out once discovered, but systematically discovering such attacks is, in general, similar to the complexity of gray box testing until the first fault is found.
    fc@red.a.net

    Related Database Material

    [TBVInput - Relates to Input]
    [TBVAccidental - Relates to Accidental]
    [TBVMalicious - Relates to Malicious]
    [TBVUsage - Relates to Usage]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSLogical - Relates to Logical]
    [Threat1 - insiders]
    [Threat2 - private investigators]
    [Threat4 - consultants]
    [Threat6 - customers]
    [Threat8 - competitors]
    [Threat10 - hackers]
    [Threat11 - crackers]
    [Threat13 - cyber-gangs]
    [Threat14 - tiger teams]
    [Threat16 - professional thieves]
    [Threat19 - activists]
    [Threat20 - crackers for hire]
    [Threat23 - drug cartels]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat28 - government agencies]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Defense54 - accountability]
    [Defense135 - alarms]
    [Defense32 - anomaly detection]
    [Defense30 - audit analysis]
    [Defense88 - authenticated information]
    [Defense61 - authentication of packets]
    [Defense35 - awareness of implications]
    [Defense57 - change management]
    [Defense96 - content checking]
    [Defense99 - deceptions]
    [Defense72 - detailed audit]
    [Defense13 - detection before failure]
    [Defense7 - effective mandatory access control]
    [Defense63 - encrypted authentication]
    [Defense18 - encryption]
    [Defense138 - filtering devices]
    [Defense56 - fine-grained access control]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense136 - insurance]
    [Defense89 - integrity checking]
    [Defense84 - limited function]
    [Defense31 - misuse detection]
    [Defense42 - multi-person controls]
    [Defense43 - multi-version programming]
    [Defense22 - out-of-range detection]
    [Defense28 - procedures]
    [Defense121 - program change logs]
    [Defense16 - redundancy]
    [Defense140 - searches and inspections]
    [Defense51 - secure design]
    [Defense1 - strong change control]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense52 - testing]
    [Defense97 - trusted system technologies]