Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Defense85:

    Name:limited sharing

    Complexity: Effectively limiting sharing with other than purely physical means has proven to be a highly complex issue. For example, more than 20 years of effort has been put forth in the design of trusted systems to try to achieve this goal and it appears that another 20 years will be required before the goal is actually realized.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRReact - Relates to React]
    [PDRIntegrity - Relates to Integrity]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlIncident - Relates to Incident]
    [ManAlPhysical - Relates to Physical]
    [Attack1 - errors and omissions]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack16 - Trojan horses]
    [Attack19 - protection missetting exploitation]
    [Attack20 - resource availability manipulation]
    [Attack22 - spoofing and masquerading]
    [Attack23 - infrastructure interference]
    [Attack26 - observation in transit]
    [Attack27 - modification in transit]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack36 - excess privilege exploitation]
    [Attack37 - environment corruption]
    [Attack45 - imperfect daemon exploits]
    [Attack47 - viruses]
    [Attack48 - data diddling]
    [Attack63 - input overflow]
    [Attack65 - residual data gathering]
    [Attack66 - privileged program misuse]
    [Attack67 - error-induced mis-operation]
    [Attack83 - interprocess communication attacks]