Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Defense96:

    Name:content checking

    Complexity: In a limited function system, content checking is limited by the ability to differentiate between correct and incorrect values within the valid input range, while in systems with unlimited function, most of the key things we commonly wish to verify about content are undecidable.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRDetect - Relates to Detect]
    [PDRReact - Relates to React]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSLogical - Relates to Logical]
    [ManAlPolicy - Relates to Policy]
    [ManAlProcedures - Relates to Procedures]
    [ManAlAudit - Relates to Audit]
    [ManAlTesting - Relates to Testing]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlIncident - Relates to Incident]
    [ManAlLegal - Relates to Legal]
    [ManAlPhysical - Relates to Physical]
    [ManAlOrganization - Relates to Organization]
    [Attack1 - errors and omissions]
    [Attack10 - static]
    [Attack12 - relocation]
    [Attack13 - system maintenance]
    [Attack15 - inadequate maintenance]
    [Attack16 - Trojan horses]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack22 - spoofing and masquerading]
    [Attack23 - infrastructure interference]
    [Attack25 - insertion in transit]
    [Attack27 - modification in transit]
    [Attack28 - sympathetic vibration]
    [Attack33 - invalid values on calls]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack36 - excess privilege exploitation]
    [Attack37 - environment corruption]
    [Attack38 - device access exploitation]
    [Attack39 - modeling mismatches]
    [Attack41 - implied trust exploitation]
    [Attack44 - desychronization and time-based attacks]
    [Attack45 - imperfect daemon exploits]
    [Attack47 - viruses]
    [Attack48 - data diddling]
    [Attack56 - data aggregation]
    [Attack58 - content-based attacks]
    [Attack59 - backup theft, corruption, or destruction]
    [Attack60 - restoration process corruption or misuse]
    [Attack63 - input overflow]
    [Attack64 - illegal value insertion]
    [Attack66 - privileged program misuse]
    [Attack67 - error-induced mis-operation]
    [Attack71 - false updates]
    [Attack72 - network service and protocol attacks]
    [Attack76 - replay attacks]
    [Attack80 - error insertion and analysis]
    [Attack82 - dependency analysis and exploitation]
    [Attack83 - interprocess communication attacks]
    [Attack85 - peer relationship exploitation]
    [Attack88 - collaborative misuse]
    [Attack90 - strategic or tactical deceptions]