Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack79:

    Name:covert channels

    Complexity: It has been shown that in any system using shared resources in a non-fixed fashion, covert channels exist. They are typically easy to exploit using Shannon's communications theory to provide an arbitrary reliability at a given bandwidth based on the channel bandwidth and signal to noise ratio of the covert channel. Avoiding detection depends primarily on remaining below the detection threshold used by detection techniques to try to detect covert channel activity.
    fc@red.a.net

    Related Database Material

    [TBVStorage - Relates to Storage]
    [TBVProcessing - Relates to Processing]
    [TBVAccidental - Relates to Accidental]
    [TBVMalicious - Relates to Malicious]
    [TBVLeakage - Relates to Leakage]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [Threat1 - insiders]
    [Threat4 - consultants]
    [Threat5 - vendors]
    [Threat6 - customers]
    [Threat14 - tiger teams]
    [Threat26 - foreign agents and spies]
    [Threat28 - government agencies]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Defense135 - alarms]
    [Defense32 - anomaly detection]
    [Defense30 - audit analysis]
    [Defense35 - awareness of implications]
    [Defense57 - change management]
    [Defense91 - conservative resource allocation]
    [Defense99 - deceptions]
    [Defense3 - detect waste examination]
    [Defense13 - detection before failure]
    [Defense21 - fault isolation]
    [Defense6 - feeding false information]
    [Defense138 - filtering devices]
    [Defense65 - increased or enhanced perimeters]
    [Defense74 - information flow controls]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense10 - isolated sub-file-system areas]
    [Defense67 - jamming]
    [Defense66 - noise injection]
    [Defense69 - path diversity]
    [Defense12 - properly prioritized resource usage]
    [Defense11 - quotas]
    [Defense26 - rerouting attacks]
    [Defense100 - retaining confidentiality of security status information]
    [Defense51 - secure design]
    [Defense4 - sensors]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense20 - temporary blindness]
    [Defense95 - traps]
    [Defense97 - trusted system technologies]