Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Defense51:

    Name:secure design

    Complexity: It's much harder to make things secure than to make them functional. Nobody knows exactly how much harder, but there is some notion that making something secure might imply verifying the security properties, and this is known to be at least NP-complete.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRTheoretical - Relates to Theoretical]
    [PLSSystemic - Relates to Systemic]
    [ManAlStandards - Relates to Standards]
    [ManAlProcedures - Relates to Procedures]
    [ManAlDocumentation - Relates to Documentation]
    [ManAlAudit - Relates to Audit]
    [ManAlTesting - Relates to Testing]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlPersonnel - Relates to Personnel]
    [ManAlIncident - Relates to Incident]
    [ManAlPhysical - Relates to Physical]
    [Attack1 - errors and omissions]
    [Attack13 - system maintenance]
    [Attack16 - Trojan horses]
    [Attack19 - protection missetting exploitation]
    [Attack22 - spoofing and masquerading]
    [Attack23 - infrastructure interference]
    [Attack24 - infrastructure observation]
    [Attack27 - modification in transit]
    [Attack28 - sympathetic vibration]
    [Attack29 - cascade failures]
    [Attack31 - get a job]
    [Attack33 - invalid values on calls]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack36 - excess privilege exploitation]
    [Attack37 - environment corruption]
    [Attack38 - device access exploitation]
    [Attack40 - simultaneous access exploitations]
    [Attack41 - implied trust exploitation]
    [Attack42 - interrupt sequence mishandling]
    [Attack44 - desychronization and time-based attacks]
    [Attack45 - imperfect daemon exploits]
    [Attack46 - multiple error inducement]
    [Attack48 - data diddling]
    [Attack51 - PBX bugging]
    [Attack52 - audio/video viewing]
    [Attack57 - process bypassing]
    [Attack58 - content-based attacks]
    [Attack63 - input overflow]
    [Attack64 - illegal value insertion]
    [Attack65 - residual data gathering]
    [Attack66 - privileged program misuse]
    [Attack67 - error-induced mis-operation]
    [Attack68 - audit suppression]
    [Attack72 - network service and protocol attacks]
    [Attack78 - breaking key management systems]
    [Attack79 - covert channels]
    [Attack80 - error insertion and analysis]
    [Attack81 - reflexive control]
    [Attack82 - dependency analysis and exploitation]
    [Attack83 - interprocess communication attacks]
    [Attack85 - peer relationship exploitation]
    [Attack89 - race conditions]
    [Attack91 - combinations and sequences]