Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack82:

    Name:dependency analysis and exploitation

    Complexity: The analysis of dependencies appears to require substantial detailed knowledge of an operation or similar operations. Finding common critical dependencies appears to be straightforward, but producing desired and controllable effects may be more complex. Mathematical analysis of this issue has not been published to date. Common mode faults and systemic flaws are of particular utility in this sort of attack.
    fc@red.a.net

    Related Database Material

    [TBVMalicious - Relates to Malicious]
    [TBVBrain - Relates to Brain]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [Threat4 - consultants]
    [Threat6 - customers]
    [Threat7 - Fraudsters]
    [Threat8 - competitors]
    [Threat14 - tiger teams]
    [Threat16 - professional thieves]
    [Threat26 - foreign agents and spies]
    [Threat28 - government agencies]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Threat36 - extortionists]
    [Defense131 - adversary principle (GASSP)]
    [Defense35 - awareness of implications]
    [Defense57 - change management]
    [Defense105 - Chinese walls]
    [Defense120 - clear line of responsibility for protection]
    [Defense94 - concealed services]
    [Defense58 - configuration management]
    [Defense91 - conservative resource allocation]
    [Defense96 - content checking]
    [Defense132 - continuity principle (GASSP)]
    [Defense99 - deceptions]
    [Defense3 - detect waste examination]
    [Defense13 - detection before failure]
    [Defense87 - disable unsafe features]
    [Defense76 - effective protection mind-set]
    [Defense21 - fault isolation]
    [Defense6 - feeding false information]
    [Defense138 - filtering devices]
    [Defense93 - fire doors, fire walls, asbestos suits and similar fire-limiting items]
    [Defense14 - human intervention after detection]
    [Defense65 - increased or enhanced perimeters]
    [Defense74 - information flow controls]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense89 - integrity checking]
    [Defense130 - internal control principle (GASSP)]
    [Defense10 - isolated sub-file-system areas]
    [Defense67 - jamming]
    [Defense37 - least privilege]
    [Defense84 - limited function]
    [Defense86 - limited transitivity]
    [Defense59 - lockouts]
    [Defense42 - multi-person controls]
    [Defense43 - multi-version programming]
    [Defense126 - multidisciplinary principle (GASSP)]
    [Defense66 - noise injection]
    [Defense22 - out-of-range detection]
    [Defense19 - over-damped protocols]
    [Defense69 - path diversity]
    [Defense98 - perception management]
    [Defense36 - periodic reassessment]
    [Defense112 - place equipment and supplies out of harms way]
    [Defense25 - policies]
    [Defense28 - procedures]
    [Defense12 - properly prioritized resource usage]
    [Defense122 - protection of names of resources]
    [Defense11 - quotas]
    [Defense16 - redundancy]
    [Defense101 - regular review of protection measures]
    [Defense51 - secure design]
    [Defense40 - separation of duties]
    [Defense115 - separation of equipment so as to limit damage from local events]
    [Defense41 - separation of function]
    [Defense133 - simplicity principle (GASSP)]
    [Defense103 - standby equipment]
    [Defense1 - strong change control]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense20 - temporary blindness]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense128 - timeliness principle (GASSP)]
    [Defense106 - tracking, correlation, and analysis of incident reporting and response information]
    [Defense24 - training and awareness]
    [Defense95 - traps]
    [Defense9 - trusted applications]
    [Defense78 - trusted repair teams]
    [Defense97 - trusted system technologies]
    [Defense2 - waste data destruction]