|
The threats to our products April 1, 1999 By Loren Kohnfelder and Praerit Garg
|
bet | 3/15 | Sana | 30.03.2021 | Hajmi | 58,92 Kb. | | #13786 |
The S.T.R.I.D.E. model
Security threats fall into the six major categories listed below. In addition to describing each general threat and the kind of software products or services it typically applies to, we offer a few examples to convey the varying character of the threat. Some of the examples may be specific to certain products or technologies; it is important to understand the threats themselves but not necessarily all of the examples given.
Spoofing of user identity
What's the threat? Breaching the user's authentication information. In this case, the hacker has obtained the user's personal information or something that enables him to replay the authentication procedure. Spoofing threats are associated with a wily hacker being able to impersonate a valid system user or resource to get access to the system and thereby compromise system security.
What do these threats have in common?
Ability to change the identity associated with an object.
Subversion of secure logon mechanism.
Successful use of false credentials.
Examples
A malicious impersonator (man-in-the-middle) spoofs IP (Internet Provider) packets to hijack a connection to the server. The vulnerability here is that the communication protocol does not incorporate confidentiality and integrity.
Authentication protocols that use passwords without encrypting them disclose credential information to an eavesdropper, who can then use this information to impersonate the user. The vulnerability here is the credential information not being properly encrypted.
The "Trojan horse" attack is the classic spoof. For example, on a browser, a Web page might manage to construct an exact visual duplicate of the system log on and trick users into typing their name and password, not suspecting they were actually giving the information to a Web site.
Replay where an eavesdropper can replay a client/server exchange to the server, such as a debit transaction on a bank account. The vulnerability here is missing sequence detection.
Forging e-mail. The vulnerability in this case is lack of confidentiality and integrity in email messages.
DNS poisoning. The vulnerability here is ability to do untrusted updates to the DNS database.
|
| |