Fri Apr 8 06:51:39 PDT 2016

Risk Management: Threats: What attack mechanisms are considered?


Options:

Select the attack mechanisms based on the identified design basis threat. Start by removing irrelevant attack mechanisms from the provided table, then add as / if appropriate. If useful, an analysis of threat types to attack mechanisms can be generated from the http://all.net/ "Database" mechanism (select "Analyze From Threats")

Decision:

Produce the identified attack mechanisms list based on the minimum consequence level by removing rows with consequences higher than the highest consequence of the situation at hand, then adjust per the design basis threat by removing irrelevant and adding additional mechanisms as appropriate based on expert judgement.

Attack method Minimum consequence level
audio/video viewing Low
audit suppression Med
backup theft, corruption, or destruction Low
below-threshold attacks Med
breaking key management systems High
bribes and extortion Med
cable cuts Low
call forwarding fakery Med
cascade failures Med
collaborative misuse Med
combinations and sequences Med
content-based attacks Low
covert channels High
cryptanalysis High
data aggregation Low
data diddling Low
dependency analysis and exploitation Med
desynchronization and time-based attacks Med
device access exploitation Med
distributed coordinated attacks Med
dumpster diving Low
earth movement Low
electronic interference Med
emergency procedure exploitation Med
environmental control loss Med
environment corruption High
error-induced mis-operation High
error insertion and analysis High
errors and omissions Low
excess privilege exploitation Low
false updates Med
fictitious people Med
fire Low
flood Low
get a job Med
hangup hooking Low
hardware failure - system flaw exploitation High
illegal value insertion Low
imperfect daemon exploits Low
implied trust exploitation Low
inadequate maintenance Low
inadequate notice exploitation Low
inappropriate defaults Low
induced stress failures Med
infrastructure interference Med
infrastructure observation Low
input overflow Low
insertion in transit Low
interprocess communication attacks High
interrupt sequence mishandling High
invalid values on calls Med
kiting Med
man-in-the-middle Med
modeling mismatches High
modification in transit Med
multiple error inducement High
network service and protocol attacks Low
observation in transit Low
password guessing Low
PBX bugging Low
peer relationship exploitation Low
perception management a.k.a. human engineering Low
piggybacking Low
power failure Low
privileged program misuse Low
process bypassing Low
protection missetting exploitation Low
race conditions Med
reflexive control High
relocation Low
repair-replace-remove information Med
replay attacks Low
repudiation Med
residual data gathering High
resource availability manipulation Med
restoration process corruption or misuse High
salami attacks Med
selected plaintext High
severe weather Low
shoulder surfing Low
simultaneous access exploitations Med
solar flares Low
spoofing and masquerading Low
static Low
strategic or tactical deceptions Med
sympathetic vibration High
system maintenance Low
testing Med
Trojan horses Low
undocumented or unknown function exploitation High
van Eck bugging High
viruses Low
volcanos Low
wire closet attacks Low
Consequence level at which to consider attack mechanisms

Basis:

The following table outlines a set of attack mechanisms commonly used over the years.

Attack mechanism Additional details
audio/video viewingAudio and video input devices connected to computers for multi-media applications are exploited to allow attackers to look at and listen to events at remote locations. Examples include most versions of video and audio equipment currently connected to multi-media workstations and some video-phone systems.
audit suppression Audit trails are prevented from operating properly. Examples include overloading audit mechanisms with irrelevant data so as to prevent proper recording of malicious behavior, network packet corruption to prevent network-based audit trails from being properly recorded, and consuming some resource critical to the auditing process so as to prevent audit from being generated or kept.
backup theft, corruption, or destruction Backups protected less comprehensively than on-line copies of information are attacked. Examples include the placement of magnetic devices in backup storage areas in order to erase or corrupt magnetic backups, the infection of backup media by computer viruses, and the theft of backup media being disposed near the end of its life-cycle.
below-threshold attacks Attack detection based on thresholds of activity that differentiate between attacks and similar non-malicious behaviors is exploited by launching attacks that operate below the detection threshold. Examples include breadth-first password guessing attacks, breadth-first port scanning attacks, and low bandwidth covert channel exploitations.
breaking key management systems Keys in cryptographic systems are managed by imperfect management systems that are attacked in order to gain access to keying materials. Examples include attacks based on inadequate randomness in key generation techniques, exploitation of selected plaintext attacks against inadequately implemented automated encryption systems, and breaking into computers housing keying materials.
bribes and extortion Promises or threats that cause trusted parties to violate their trust. Examples include bribing a guard to gain entry into a building, kidnaping a key employee's family members to gain access to a computer system, and using sexually explicit photographs to convince a trusted employee to provide insider information.
cable cuts A cable is cut resulting in disrupted communications, usually requiring emergency response, and otherwise disrupting normal operations.
call forwarding fakery Call forwarding capabilities are abused. Examples include the use of computer controlled call forwarding to forward calls from call-back modems to that attackers get the call-backs, forwarding calls to illegitimate locations so as to intercept communications and provide false or misleading information, and the use of programmable call forwarding to cause long distance calls to be billed to the forwarding party's account.
cascade failures Design flaws in tightly coupled systems that cause error recovery procedures to induce further errors under select conditions. Examples include the electrical cascade failures in the U.S. power grid, [WSCC96] telephone system cascade failures causing widespread long distance service outages, [Pekarske90] and inter-system cascades such as power failures bringing down telephone switches required to bring back up power stations.
collaborative misuse Collaboration of several parties or identities in order to misuse a system. Examples include creation of a false identity by one party and entry of that identity into a computer database by a second party, provision of attack software by an outsider to an insider who is participating in an information theft, partitioning of elements of an attack into multiple parts for coordinated execution so as to conceal the fact of or source of an attack, and the providing of alibis by one party to another when the collaborated in a crime.
combinations and sequences Many attacks combine several techniques synergistically in order to affect their goal. Examples include exploiting an emergency response to a flood to gain entry into a terminal room where password guessing gains entry into a system and subsequent data diddling alters billing records, the use of a virus to create protection missetting which are subsequently exploited by planting a Trojan horse to allow reentry and the creation of fictitious people in key offices who are automatically granted access to appropriate systems (process bypassing) to allow the attacker access to other systems, and the creation of an attractive Web site designed to exploit users who visit it by sending their browsers content-based attacks that set up covert channels through firewalls and extend access through peer network relationships to other systems within the victim's network.
content-based attacks The content sent to an interpretive mechanism causes that mechanism to act inappropriately. Examples include Web-based URLs that bypass firewalls by causing the browser within the firewall to launch attacks against other inside systems, macros written in spreadsheet or word processing languages that cause those programs to perform malicious acts, and compressed archives that contain files with name clashes causing key system files to be overwritten when the archive is decompressed.
covert channels Channels not normally intended for information flow are used to flow information. Examples include widely known covert channels in secure operating systems, time-based covert channel exploitation in encryption engines, and covert channels created by the association of movements of people with activities.
cryptanalysis Cryptographic techniques are analyzed so as to find methods to break codes used to secure information. Examples include frequency analysis for breaking mono-alphabetic substitution ciphers, index of coincidence analysis for breaking polyalphabetic substitution ciphers, the breaking of the Enigma cipher in World War II through mathematical and optical techniques combined with knowledge of keys and key usage, exhaustive attacks on the DES encryption standard, code-listeners for breaking many analog speech encoding systems, and improved factoring for breaking cryptosystems based on modular arithmetic.
data aggregation Legitimately accessible data is aggregated to derive unauthorized information. Examples include getting the total departmental salary figures just before and after a new employee is hired to derive the salary of the new hire, attending a wide range of unclassified but private meetings in a particular area in order to gain an overall picture of what work a group is doing, and tracking movements of many people from a particular organization and correlating that information with job titles and other events to derive intelligence indicators.
data diddling Modification of data through unauthorized means. Examples include non-database manipulation of database files accessible to all users, modification of configuration files used to setup further machines, and modification of data residing in temporary files such as intermediate files created during compilation by most compilers.
dependency analysis and exploitation Interdependencies of systems and components are analyzed so as to determine indirect effects and attack weak points upon which strong points depend. Examples include attacking medical information systems in order to disrupt armed forces deployments, attacking the supply chain in order to corrupt information within an organization, and attacking power grid elements in order to disrupt financial systems.
desynchronization and time-based attacks Systems that depend on synchronization are desynchronized causing them to fail or operate improperly. Examples include DCE servers that may deny services network-wide when caused to become desynchronized beyond some threshold, cryptographic systems which, once desynchronized may take a substantial amount of time to resynchronize, automated software and systems maintenance tools which may make complex decisions based on slight time differences, and time-based locks which may be caused to open or close at the wrong times.
device access exploitation Access to a device is exploited to alter its function or cause its function to be used in unanticipated ways. Examples include removing shielding from a wire so as to cause more easily received electromagnetic emanations, reprogramming a bus device to deny services at a hardware level, and altering microcode so as to associate attacker-defined hardware functions with otherwise unused operation codes.
distributed coordinated attacks A set of attackers use a set of vulnerable intermediary systems to attack a set of victims. Examples include a Web-based attack causing thousands of browsers used by users at sites all around the world to attack a single victim site, a set of simultaneous attacks by a coordinated group of attackers to try to overwhelm defenses, and an attack where thousands of intermediaries were fooled into trying to gain access to a victim site.
dumpster diving Waste product is examined to find information that might be helpful to the attacker.
earth movement The Earth moves causing physical damage and permanent as well as temporary faults, requiring emergency response, and otherwise disrupting normal operations.
electronic interference Jamming signals are introduced to cause failures in electronic communications systems. Examples include the method and apparatus for altering a region in Earth atmosphere, ionosphere, and/or magnetosphere, and common radio jamming techniques.
emergency procedure exploitation An emergency condition is induced resulting in behavioral changes that reduce or alter protection to the advantage of the attacker. Examples include fires, during which access restrictions are often changed or less rigorously enforced, power failures during which many automated alarm and control systems fail in a safe mode with respect to some - possibly exploitable - criteria, and computer incident response during which systems administrators commonly deviate - perhaps exploitably - from their normal behavioral patterns.
environmental control loss Environmental controls required to maintain proper operating conditions for equipment fails causing disruption of services. Examples causes include air conditioning failures, heating failures, temperature cycling, smoke, dust, vibration, corrosion, gases, fumes, chemicals.
environment corruption The computing environment upon which programs or people depend for proper operation is corrupted so as to cause those other programs to operate incorrectly. Examples include manipulating the Unix FS environment variable so as to cause command interpretation to operate unusually, altering the PATH (or similar) variable in multi-user systems to cause unintended programs to be used, and manipulation of a paper form so as to change its function without alerting the person filling it out. In the physical domain, this includes the introduction of gases, dust, or other particles, chemicals, or elements into the physical environment. In the electromagnetic realm, it includes waveforms. In the human sense, sound, smell, feel, and other sensory input corruption is included.
error-induced mis-operation Errors caused by the attacker induce incorrect operations. Examples include the creation of a faulty network connection to deny network services, the intentional introduction of incorrect data resulting in incorrect output (i.e., garbage in - garbage out), and the use of a scratched and bent diskette in a disk drive to cause the drive to permanently fail.
error insertion and analysis Errors are induced into systems to reveal values stored in those systems. Examples include recent demonstrations of methods for inducing errors so as to reveal keys stored in smart-cards and other similar key-transportation devices, the introduction of multiple errors into redundant systems so as to cause the redundancy to fail, and the introduction of errors designed to cause systems to no longer be used in critical applications.
errors and omissions Erroneous entries or missed entries by designers, implementer, maintainers, administrators, and/or users create vulnerabilities exploited by attackers. Examples include forgetting to eliminate default accounts and passwords when installing a system, incorrectly setting protections on network services, and a wide range of other minor mistakes that can lead to disaster.
excess privilege exploitation A program, device, or person is granted privileges not strictly required in order to perform their function and the excess privilege is exploited to gain further privilege or otherwise attack the system. Examples include Unix-based SetUID programs granted root access exploited to grant attackers unlimited access, access to unauthorized need-to-know information by a systems administrator granted too-flexible maintenance access to a network control switch, and user-programmable DMA devices reprogrammed to access normally unauthorized portions of memory.
false updates Causing illegitimate updates to be made. Examples include sending a forged update disk containing attack code to a victim, interrupting the normal distribution channel and introducing an intentionally flawed distribution tape to be delivered, and substituting a false update disk for a real one at the vendor or customer site.
fictitious people Impersonations or false identities are used to bypass controls, manage perception, or create conditions amenable to attack. Examples include spies, impersonators, network personae, fictional callers, and many other false and misleading identity-based methods.
fire A fire occurs causing physical damage and permanent as well as temporary faults, requiring emergency response, and otherwise disrupting normal operations.
flood A flood occurs causing physical damage and permanent as well as temporary faults, requiring emergency response, and otherwise disrupting normal operations.
get a job An attacker gets a job in order to gain insider access to a facility. Examples include getting a maintenance job by under-bidding opponents and then stealing and selling inside information to make up for the cost difference, the planting of spies in intelligence agencies of competitors, and other similar sorts of moles.
hangup hooking Activity termination protocols fail or are interrupted so that termination does not complete properly and the protocol is taken over by the attacker. Examples include modem hangup failures leaving logged-in terminal sessions open to abuse, interrupted telnet sessions taken over by attackers, preventing proper protocol completion as in the Internet SYN attacks so as to deny subsequent services, and refusing to completely disconnect from a call-back modem at the CO, causing the call-back mechanism to become ineffective.
hardware failure - system flaw exploitation Known hardware or system flaws are exploited by the attacker. Examples include a hardware flaw permitting a power-down instruction to be executed by a non-privileged user, causing an operating system to use results of a known calculation error in a particular microprocessor for a key decision, and sending a packet with a parameter that is improperly handled by a network component.
illegal value insertion Values not permitted by the specification but allowed to pass the implementation are used to cause abnormal results. Examples include negative dates producing negative interest which accrues to the benefit of the attacker, cash withdrawal values which overflow signed integers in balance adjustment causing large withdrawals to appear as large deposits, and pointer values sent to system calls that point to areas outside of authorized address space for the calling party.
imperfect daemon exploits Daemon programs designed to provide privileged services upon request have imperfections that are exploited to provide privileges to the attacker. Examples include Web, Gopher, Sendmail, FTP, TFTP, and other server daemons exploited to gain access to the server from over a network, internal use only daemons such as the Unix cron facility exploited to gain root privileges by otherwise unprivileged users, and automated backup and recovery daemons exploited to overwrite current versions of programs with previous - more vulnerable - versions.
implied trust exploitation Programs operating in a shared environment inappropriately trust the information supplied to them by untrustworthy programs. Examples include forged data from Domain Name Servers in the Internet used to reroute information through attackers, forged replies from authentication daemons causing untrusted software to be run by access control software, forged Network Information Service packets causing wrong password entries to be used in authenticating attackers, and network-based administration programs that can be fooled into forwarding incorrect administrative controls.
inadequate maintenance Inadequate maintenance results in uncovered failures over extended periods of time, possibly inducing a period of time when systems operate differently than normal and may result in temporary or permanent inappropriate or unsafe configurations.
inadequate notice exploitation Lack of adequate notice is used as an excuse to do things that notice would normally have prohibited or warned against. Examples include unprosecutable entry via normally unused services, password guessing through an interface not providing notice, and Web server attacks which bypass any notice provided on the home page.
inappropriate defaults Unchanged default values set into systems at the factory or in a standard distribution process are known to and exploited by attackers to gain unauthorized access. Example include default passwords, default accounts, and default protection settings.
induced stress failures Stresses induced on a system cause it to fail. Examples include paging monsters that result in excessive paging and reduced performance, process viruses that consume various system resources, and large numbers of network packets per unit time which tie up systems by forcing excessive high-priority network interrupt processing.
infrastructure interference Interfering with infrastructure so as to disrupt services and/or redirect activities. Examples include creating an accident on a particular road at a particular place and time in order to cause a shipment to be rerouted through a checkpoint where components are changed, taking down electrical power in order to deny information services, modifying a domain name server on the Internet in order to alter the path through which information flows from point to point, and cutting a phone line in order to sever communications.
infrastructure observation Examining the infrastructure in order to gain information. Examples include watching air ticketing information in order to see when particular people go to particular places and using this as an intelligence indicator, tapping a PBX system in order to record key telephone conversations, and watching for passwords on the Internet in order to gain identification and authentication information to multiple computers.
input overflow Excessive input is used to overrun input buffers, thus overwriting program or data storage so as to grant the attacker undesired access. Examples include sendmail overflows resulting in unlimited system access from attackers over the Internet, Web server overflows granting Internet attackers unlimited access to Web servers, buffer overruns in privileged programs allowing users to gain privilege, and excessive input used to overrun input buffers causing loss of critical data so as to deny services or disrupt operations.
insertion in transit Insertion of information in transit so as to forge desired communications. Examples include adding transactions to a transaction sequence, insertion of routing information packets so as to reroute information flow, and insertion of shipping address information to replace an otherwise defaulted value.
interprocess communication attacks Interprocess communications channels are attacked in order to subvert normal functioning. Examples include the introduction of false interprocess signals in a network interprocess communications protocol causing misbehavior of trusted programs, the disruption of interprocess communications by resource exhaustion so as to prevent proper checking or reduce or eliminate functionality, and observation of interprocess communications stored in shared temporary data files so as to gain unauthorized information.
interrupt sequence mishandling Unanticipated or incorrectly handled interrupt sequences cause system operation to be altered unpredictably. Examples include stack frame errors induced by incorrect interrupt handling, the incorrect swapping out of the swapping daemon on unanticipated conditions, and denial of services resulting from improper prioritization of interrupts.
invalid values on calls Invalid values are used to cause unanticipated behavior. Examples include system calls with pointer values leading to unauthorized memory areas and requests for data from databases using system escape characters to cause interprocess communications to operate improperly.
kiting Inherent delays are exploited by creating a ring of events that chase each others' tails, thus creating the dynamic illusion that things are different the static case would support. Examples include check kiting schemes where delays in processing checks causes temporary conditions where the sum of the balances indicated in a set of accounts is far greater than the total amount of money actually invested, techniques for avoiding payments of debts for a long time based on legally imposed delays in and rules regarding the collection of debts by third parties, and the use of revoked keys in key management systems without adequate revocation protocols.
man-in-the-middle The attacker positions forces between two communicating parties and both intercepts and relays information between the parties so that each believes they are talking directly to the other when, in fact, both are communicating through the attacker. Examples include attacks on public key cryptosystems permitting a man-in-them-middle to fool both parties, attacks wherein an attacker takes over an ongoing telecommunications session when one party decides to terminate it, and attacks wherein an attacker inserts transactions and prevents responses to those transactions from reaching the legitimate user.
modeling mismatches Mismatches between models and the realities they are intended to model cause the models to break down in ways exploitable by attackers. Examples include use of the Bell-LaPadula model of security [Bell73] as a basis for designing secure operating systems - thus leaving disruption uncovered, modeling attacks and defenses as if they were statistically independent phenomena for risk analysis - thus ignoring synergistic effects, and modeling misconfigurations as mis-set protection bits - when the content of configuration files remains uncovered.
modification in transit Modification of information in transit so as to modify communications as desired. Examples include removing end-of-session requests and providing suitable replies, then taking over the unterminated communications link, modification of an amount in an electronic funds transfer request, and rewriting Web pages so as to reroute subsequent traffic through the attacker's site.
multiple error inducement The introduction of multiple errors is used to cause otherwise reliable software to fail in unanticipated ways. Examples include the creation of an input syntax error with a previously locked error-log file resulting in inconsistent data state, the premature termination of a communications protocol during an error recovery process - possible causing a cascade failure, and the introduction of simultaneous interleaved attack sequences causing normal detection methods to fail. [Hecht93] [Thyfault92]
network service and protocol attacks Characteristics of network services are exploited by the attacker. Examples include the creation of infinite protocol loops which result in denial of services (e.g., echo packets under IP), the use of information packets under the Network News Transfer Protocol to map out a remote site, and use of the Source Quench protocol element to reduce traffic rates through select network paths.
observation in transit Examination of information in transit. Examples include telephone tapping, network tapping, and I/O buffer watching.
password guessing Sequences of passwords are tried against a system or password repository in order to find a valid authentication. Examples include running the program "crack" on a stolen password file, guessing passwords on network routers and PBX switches, and using well-known maintenance passwords to try to gain entry.
PBX bugging Point Branch eXchanges or similar switching centers are attacked in order to exploit weaknesses in their design allowing connected telephone instruments to be tapped. Examples include on-hook bugging of hand-held instruments, open microphone listening, and exploitation of silent conference calling features.
peer relationship exploitation The transitive trust relationships created by peer-networking are exploited so as to expand privileges to the transitive closure of peer trust. Examples include the activities carried out by the Morris Internet virus in 1988, the exploitation of remote hosts (.rhosts) files in many networks, and the exploitation of remote software distribution channels as a channel for attack.
perception management a.k.a. human engineering Causing people to believe things that forward the goal. Examples include tricking a person into giving you their password or changing their password to a particular value for a period of time, talking your way into a facility, and causing people to believe in religious doctrine in order to get them to behave as desired.
piggybacking Exploiting a (usually false) association to gain advantage. Examples include walking into a secure facility with a group of other people as one of the crowd, acting like an ex-policeman to gain intelligence about ongoing police activities, and adding a floppy disk to a series of floppy disks delivered as part of a normal update process.
power failure Failure of electrical power causes computer and peripheral failures leading to loss of availability, sometimes requiring emergency response, and otherwise disrupting normal operations. [Winkelman95] [Agudo96] [NSTAC96] [Dagle96]
privileged program misuse Programs with privilege are misused so as to provide unauthorized privileged functions. Examples include the use of a backup restoration program by an operator to intentionally restore the wrong information, misuse of an automated script processing facility by forcing it to make illicit copies of legitimate records, and the use of configuration management tools to create vulnerabilities.
process bypassing Bypassing a normal process in order to gain advantage. Examples include retail returns department employees entering false return data in order to generate refund checks, use of computer networks to generate additional checks after the legitimate checks have passed the last integrity checks, and altering pricing records to reflect false inventory levels to cover up thefts.
protection missetting exploitation Mis-set protections on files, directories, systems, or components are exploited to examine, modify, delete, or otherwise disrupt normal operation.
race conditions Interdependent sequences of events are interrupted by other sequences of events that destroy critical dependencies. Examples include the change of conditions tested in one step and depended upon for the next step (e.g., checking for the existence of a file before creating it interrupted by the creation of a file of the same name by another owner), changes between one step in a process and another step assuming that no such change has been made (e.g., the replacement of a mounted file system previously loaded with data in a start-up process), and waiting for non-locked resources available in one step but not in the next (e.g., the mounting of a different tape between an initial read-through and a subsequent restoration).
reflexive control Reflexive reactions are exploited by the attacker to induce desired behaviors. Examples include the creation of attacks that appear to come from a friend so as to cause automated response systems to shut down friendly communication, induction of select flaws into the power grid so as to cause SCADA systems to reroute power to the financial advantage of select suppliers, and the use of forged or interrupted signals so as to cause friendly fire incidents.
relocation Relocation of equipment causes physical harm to equipment and different exposures of equipment to physical and environmental vulnerabilities.
repair-replace-remove information Repair processes are exploited to extract, modify, or destroy information. Examples include computer repair shops copying information and reselling it and maintenance people introducing computer viruses.
replay attacks Communicated information is replayed and causes unanticipated side effects. Examples include the replay of encrypted funds transfer transmissions so as to cause multiples of an original sum of money to be transferred, replay of coded messages causing the repeated movement of troops, replay of transaction sequences that simulate behavior so as to cover up actual behavior, and the delayed replay of events such as races so as to deceive a victim.
repudiation A transaction or other operation is repudiated by the party recorded as initiating it. Examples include repudiating a stock trade, claiming your account was broken into and that you didn't do it, and asserting that an electronic funds transfer was not done.
residual data gathering Data left as a result of incomplete or inadequate deletion is gathered. Examples include object reuse attacks like the DOS undelete command in insecure operating systems, electromagnetic analysis of deleted media to regain deleted bits, and electron microscopy techniques used to extract overwritten data.
resource availability manipulation Resources are manipulated so as to make functions requiring those resources operate differently than normal. Examples include e-mail overflow used to disrupt system operation, [Cohen93] file handle consumption used to prevent audits from operating, [Cohen91] and overloading unobservable network paths to force communications to use observable paths.
restoration process corruption or misuse The process used to restore information from backup tapes is corrupted or misused to the attackers advantage. Examples include the creation of fake backups containing false information, alteration of tape head alignments so that restoration fails, and the use of privileged restoration programs to grant privilege by restoring protection settings or ownerships to the wrong information.
salami attacks Many small transactions are used together for a larger aggregated effect. Examples include taking round-off error amounts from financial interest computations and adding them to the thief's account balance (resulting in no net loss to the system), the slow leakage of information through covert channels at rates below normal detection thresholds, and economic intelligence gathering efforts involving the aggregation of small amounts of information from many sources to derive an overall picture of an organization.
selected plaintext The attacker gets one of the parties to encrypt or sign one or more messages of the attacker's choosing, thus causing information about the victim's system to be revealed. Examples include causing a user of the RSA signature system to reveal their secret key through a series of signatures, the introduction of malicious commands into the data entry stream of a victim who is blindly following directions of a remote person claiming to be assisting them, and inducing a bank to make a series of attacker-specified transactions so as to cause cryptographic protocols, methods, or keys to be revealed.
severe weather Severe weather conditions (e.g., hurricane, tornado, winter storm) occur causing physical damage and permanent as well as temporary faults, requiring emergency response, and otherwise disrupting normal operations.
shoulder surfing Watching over peoples' shoulders as they use information or information systems. Examples include watching people as they enter their passwords, watching air travelers as they use their computers and review documents while in flight, and observing users in normal operations to understand standard operating procedures.
simultaneous access exploitations Two or more simultaneous or split multi-part access attempts are made, resulting in an improper decision or loss of audit information. Examples include the use of large numbers of access attempts over a short period of time so as to cause grant/refuse decision software to act in a previously unanticipated and untested fashion, the execution of sequences of operations required for system takeover by multiple user identities, and the holding of a resource required for some other function to proceed so as to deny completion of that service.
solar flares Changes on the surface of the sun cause excessive amounts of radiation to be delivered, typically resulting in noise bursts on radio communications, disrupted communications, and other changed physical conditions.
spoofing and masquerading Creating false or misleading information in order to fool a person or system into granting access or information not normally available. Examples include operator spoofing to trick the operator into making an error or giving away a password, location spoofing to trick a person or system into believing a false location, login spoofing which creates a fictitious login screen to get users to provide identification and authentication information, email spoofing which forges email to generate desired results, and time spoofing which creates false impressions of relative or absolute time in order to gain advantage.
static Static electricity builds up on surfaces and causes transient or permanent failures in components.
strategic or tactical deceptions Deceptions are generally categorized as comprising of concealment, camouflage, false and planted information, reuses, displays, demonstrations, feints, lies, and insight (as described in [Dunnigan95] Jim (James F.) Dunnigan and Albert A. Nofi, Victory and Deceit - Dirty Tricks at War, William Morrow and Co., 1995.) Examples include the creation of a questionnaire asking for detailed information security backgrounds under the auspices of a possible contract used to determine what expertise is available at a particular company to defend against a particular type of attack (a ruse), the creation of a false front organization such as a garbage collection business in order to gain access to valuable information often placed in the trash (camouflage) and the claim of having special capabilities in your upcoming product in order to force other vendors to work in that area even though you never intend to enter into it (a feint).
sympathetic vibration Creating or exploiting positive feedback loops or under-damped oscillatory behaviors so as to overload a system. Examples include electrical or acoustic wave enhancement, the creation of packets in the Internet which form infinite communications loops, and protocol errors causing cascade failures in telephone systems.
system maintenance System maintenance causes period of time when systems operate differently than normal and may result in temporary or permanent inappropriate or unsafe configurations. Maintenance can also be exploited by attackers to create forgeries of sites being maintained, to exploit temporary openings in systems created by the maintenance process, or other similar purposes. Maintenance can accidentally result in the introduction of viruses, by leaving improper settings, and by other similar accidental events.
testing Testing stresses systems inducing a period of time when systems operate differently than normal and may result in temporary or permanent inappropriate or unsafe configurations.
Trojan horses Unintended components or operations are placed in hardware, firmware, software, or wetware causing unintended and/or inappropriate behavior. Examples include time bombs, use or condition bombs, flawed integrated circuits, additional components on boards, additional instructions in memory, operating system modifications, name overloaded programs placed in an execution path, added or modified circuitry, mechanical components, false connectors, false panels, radios placed in network connectors, displays, wires, or other similar components.
undocumented or unknown function exploitation Functions not included in the documentation or unknown to the system owners or operators are exploited to perform undesirable actions. Examples include back doors placed in systems to facilitate maintenance, undocumented system calls commonly inserted by vendors to enable special functions resulting in economic or other market advantages, and program sequences accessible in unusual ways as a result of improperly terminated conditionals.
van Eck bugging Electromagnetic emanations are observed from afar. Examples include the tapping of Scotland Yard by a reporter to demonstrate a remote tapping device and observed emanations from financial institutions indicative of pending trades.
viruses Programs that reproduce and possibly evolve. Examples include the 11,000 or so known viruses, custom file viruses designed to act against specific targets, and process viruses that cause denial of service or thrashing within a single system.
volcanos A volcano erupts causing physical damage and permanent as well as temporary faults, requiring emergency response, and otherwise disrupting normal operations.
wire closet attacks Break into the wire closet and alter the physical or logical network so as to grant, deny, or alter access. Examples include wire tapping techniques, malicious destruction of wiring causing service disruption, and the introduction of video tape players into surveillance channels to hide physical access.
Anticipated attack mechanisms based on the design basis threat
Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved