Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Defense12:

    Name:properly prioritized resource usage

    Complexity: The resource allocation problem is well known to be at least NP-complete, and in practice, optimal resource allocation is not feasible. Resource limitations are usually addressed by providing more and more resources until the problems go away - but under malicious attack, this rarely works.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRAvailability - Relates to Availability]
    [PDRUse - Relates to Use]
    [PDRTheoretical - Relates to Theoretical]
    [PLSSystemic - Relates to Systemic]
    [ManAlManagement - Relates to Management]
    [ManAlPolicy - Relates to Policy]
    [ManAlProcedures - Relates to Procedures]
    [ManAlProcedures - Relates to Procedures]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlIncident - Relates to Incident]
    [ManAlPhysical - Relates to Physical]
    [Attack20 - resource availability manipulation]
    [Attack23 - infrastructure interference]
    [Attack28 - sympathetic vibration]
    [Attack29 - cascade failures]
    [Attack40 - simultaneous access exploitations]
    [Attack42 - interrupt sequence mishandling]
    [Attack50 - electronic interference]
    [Attack68 - audit suppression]
    [Attack79 - covert channels]
    [Attack80 - error insertion and analysis]
    [Attack82 - dependency analysis and exploitation]
    [Attack83 - interprocess communication attacks]