The previous paragraphs introduced the relevant terms according infor- mation system security. They provide a foundation for the discussion on distributed systems and their special security requirements. Furthermore, a categorization schema and an outlook listing the relation to several real world examples is given.
As this chapter serves as an introduction to the topic of security, there is no own contribution to the general discussion on security yet, moreover we follow a set of well-known definitions that are necessary to derive the relation between programming antipatterns and concrete security related vulnerabilities when applying the constructs of the JAVA programming language.
Disclosure Aspect Threat Example
Exposure data is directly made available to an unauthorized subject
Result of Hardware/Software Error or other sys- tem failures
Human Error, such as action or inaction result in conditions that expose private data Exhaustive searches through collections of data can result in unwanted disclosure, also called
Scavenging
Deliberate Exposure exposes actively private data to unauthorized subjects
Interception the data flowing between data source and destination is modified by a third party
Theft of a data media as USB stick can lead to unauthorized access of private information The monitoring of a communication channel via passive wiretapping allows observing and record- ing data
Analysis and Filtering of Emanation data may al- low the unauthorized acquisition of information
Inference may lead to indirect access to sensitive data by reasoning from characteristics or side effects of
communications
may lead to indirect access to sensitive data by reasoning from characteristics or side effects of communications
may lead to indirect access to sensitive data by reasoning from characteristics or side effects of communications
Intrusion describes an action, where unauthorized access is gained by bypassing or circumventing the protections of the system carrying the data
Trespassing provides physical access to protected resources
Penetration allows logical access to protected re- sources
Reverse Engineering allows acquiring knowl- edge about the inner and typically undocu- mented details of a system to find starting points for a subsequent attack
The methods of cryptoanalysis attempt to ac- quire the clear text of an encrypted message (typi- cally with zero-knowledge about the used encryp- tion characteristics)
Computer Security 63
Deception Aspect Threat Example
Masquerading malicious action or unauthorized access
The term spoofing is used, when the unautho- rized entity tries to take the identity of an autho- rized entity
Means of malicious logic may be exploited by an attacker to impersonate as an authorized entity
Falsification of data to present falsehoods to an authorized user
Substitution is used to replace valid data by false data
Insertion is used to place new false data into a system to represent false facts
Repudiation to present another entity being responsible for specific actions
False denial of origin, when the responsible actor denies his responsibility for his actions False denial of receipt, when the recipient of data or a message denies the reception
Disruption Aspect Threat Example
Incapacitation foils system operation by disabling critical components
Malicious logic like code bombs introduced into a system
Physical destruction of system components is a trivial method to disrupt system operation Unintentionally incidents caused by human er- rors or hard- or software defects have also the ef- fect to disable components
Natural disasters, extreme element force or cos- mic influence may influence system behavior (how external forces might affect mobile JAVA
virtual machines is shown by Govindavajhala and Appel (2003)).
Corruption alters functionality by tampering the codebase or data of systems
Tampering interrupts or prevents the desired valid operation of a system
Malicious logic can alter the codebase or data of a system (often called a virus when the malicious code tries to replicate to other systems) Unintentionally incidents
Natural disasters Obstruction delivery of system
services is blocked by hindering operation
Interference may block communication chan- nels that transfer data or control information so that the servicing of requests is not possible Overload occupy the capacities of
processing units, preventing scheduled tasks from operation
A Denial-of-Service attempt may infer the ap- propriate load state of a system by keeping the threads that are bound to the communication channels of a system under high load
Computer Security 65
Usurpation aspect Threat Example
Misappropriation unauthorized physical or logical control of a system, comparable to theft
Theft of services like an unauthorized triggering of a business transaction
Theft of functionality Theft of data
Misuse an unauthorized entity performs actions harmful to the protection level of a system
Tampering as alteration of the system logic is used to gain unauthorized control over a system Malicious logic like added code bombs or infil- trated devices to allow unauthorized access to the system
The violation of permissions of an entity ig- nores or actively bypasses a given (security) pol- icy which was expressed as organizational pro- tection to a resource
Category ID Description Insecure
interaction between components
CWE-20 Improper Input Validation
CWE-116 Improper Encoding or Escaping of Output
CWE-89 Failure to Preserve SQL Query Structure (aka 'SQL Injection') CWE-79 Failure to Preserve Web Page Structure (aka 'Cross-site Scripting') CWE-78 Failure to Preserve OS Command Structure (aka 'OS Command In-
jection')
CWE-319 Cleartext Transmission of Sensitive Information CWE-352 Cross-Site Request Forgery (CSRF)
CWE-362 Race Condition
CWE-209 Error Message Information Leak
Risky Resource Management
CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-642 External Control of Critical State Data CWE-73 External Control of File Name or Path CWE-426 Untrusted Search Path
CWE-94 Failure to Control Generation of Code (aka 'Code Injection') CWE-494 Download of Code Without Integrity Check
CWE-404 Improper Resource Shutdown or Release CWE-665 Improper Initialization
CWE-682 Incorrect Calculation
Porous Defenses CWE-285 Improper Access Control (Authorization)
CWE-327 Use of a Broken or Risky Cryptographic Algorithm CWE-259 Hard-Coded Password
CWE-732 Insecure Permission Assignment for Critical Resource CWE-330 Use of Insufficiently Random Values
CWE-250 Execution with Unnecessary Privileges CWE-602 Client-Side Enforcement of Server-Side Security
Component-based Systems 67