Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Defense8:

    Name:automated protection checkers and setters

    Complexity: If proper protection settings can be decided by a fixed time algorithm, it takes linear time to check (and/or set) all of the protection bits in a system. Making a decision of the proper setting may be quite complex and may interact in non-trivial ways with the design of programs. In many cases, commonly used programs operate in such a way that it is impossible to set privileges properly with regard to the rest of the system - for example database engines may require unlimited read access to the database while internal database controls limit access by user. Since external programs can directly read the entire database, protection should prohibit access by non-privileged users, but since the database fails under this condition, protection has to be set incorrectly in order for other functions to work.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRDetect - Relates to Detect]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSLogical - Relates to Logical]
    [ManAlProcedures - Relates to Procedures]
    [ManAlTesting - Relates to Testing]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlIncident - Relates to Incident]
    [Attack1 - errors and omissions]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack15 - inadequate maintenance]
    [Attack16 - Trojan horses]
    [Attack19 - protection missetting exploitation]
    [Attack20 - resource availability manipulation]
    [Attack23 - infrastructure interference]
    [Attack31 - get a job]
    [Attack48 - data diddling]
    [Attack52 - audio/video viewing]
    [Attack62 - call forwarding fakery]
    [Attack67 - error-induced mis-operation]
    [Attack71 - false updates]
    [Attack86 - inappropriate defaults]