Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Defense22:

    Name:out-of-range detection

    Complexity: In properly designed systems, legitimate ranges for values should be known and violations should be detectable. Many systems with limited detection capability turn off bounds and similar checking for performance reasons, but few make the implications explicit.
    fc@red.a.net

    Related Database Material

    [PDRDetect - Relates to Detect]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSLogical - Relates to Logical]
    [ManAlProcedures - Relates to Procedures]
    [ManAlAudit - Relates to Audit]
    [ManAlTesting - Relates to Testing]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlPhysical - Relates to Physical]
    [Attack1 - errors and omissions]
    [Attack15 - inadequate maintenance]
    [Attack16 - Trojan horses]
    [Attack19 - protection missetting exploitation]
    [Attack23 - infrastructure interference]
    [Attack27 - modification in transit]
    [Attack28 - sympathetic vibration]
    [Attack29 - cascade failures]
    [Attack33 - invalid values on calls]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack37 - environment corruption]
    [Attack38 - device access exploitation]
    [Attack41 - implied trust exploitation]
    [Attack42 - interrupt sequence mishandling]
    [Attack44 - desychronization and time-based attacks]
    [Attack45 - imperfect daemon exploits]
    [Attack46 - multiple error inducement]
    [Attack48 - data diddling]
    [Attack58 - content-based attacks]
    [Attack62 - call forwarding fakery]
    [Attack63 - input overflow]
    [Attack64 - illegal value insertion]
    [Attack67 - error-induced mis-operation]
    [Attack70 - hardware failure - system flaw exploitation]
    [Attack80 - error insertion and analysis]
    [Attack82 - dependency analysis and exploitation]
    [Attack83 - interprocess communication attacks]