Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack81:

    Name:reflexive control

    Complexity: The concept of reflexive control is easily understood, and for simplistic automated response systems, finding exploitations appears to be quite simple, but there has been little mathematical work in this area (other than general work in control theory) and it is premature to assess a complexity level at this time. In general, it appears that this problem may be related to the problems in producing and analyzing cascade failures in that causing desired reflexive reaction with a reasonable degree of control may be quite complex.
    fc@red.a.net

    Related Database Material

    [TBVInput - Relates to Input]
    [TBVTransmission - Relates to Transmission]
    [TBVMalicious - Relates to Malicious]
    [TBVUsage - Relates to Usage]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [Threat1 - insiders]
    [Threat2 - private investigators]
    [Threat3 - reporters]
    [Threat5 - vendors]
    [Threat6 - customers]
    [Threat7 - Fraudsters]
    [Threat14 - tiger teams]
    [Threat16 - professional thieves]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat27 - police]
    [Threat28 - government agencies]
    [Threat29 - infrastructure warriors]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Defense131 - adversary principle (GASSP)]
    [Defense35 - awareness of implications]
    [Defense91 - conservative resource allocation]
    [Defense132 - continuity principle (GASSP)]
    [Defense99 - deceptions]
    [Defense13 - detection before failure]
    [Defense87 - disable unsafe features]
    [Defense76 - effective protection mind-set]
    [Defense21 - fault isolation]
    [Defense6 - feeding false information]
    [Defense14 - human intervention after detection]
    [Defense65 - increased or enhanced perimeters]
    [Defense74 - information flow controls]
    [Defense127 - integration principle (GASSP)]
    [Defense10 - isolated sub-file-system areas]
    [Defense67 - jamming]
    [Defense59 - lockouts]
    [Defense66 - noise injection]
    [Defense19 - over-damped protocols]
    [Defense69 - path diversity]
    [Defense98 - perception management]
    [Defense28 - procedures]
    [Defense70 - quad-tri-multi-angulation]
    [Defense16 - redundancy]
    [Defense26 - rerouting attacks]
    [Defense100 - retaining confidentiality of security status information]
    [Defense51 - secure design]
    [Defense133 - simplicity principle (GASSP)]
    [Defense103 - standby equipment]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense20 - temporary blindness]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense128 - timeliness principle (GASSP)]
    [Defense106 - tracking, correlation, and analysis of incident reporting and response information]
    [Defense24 - training and awareness]
    [Defense2 - waste data destruction]