Home Computer Science Securing Systems Applied Security Architecture and Threat Models
List the System-Level Objectives of Threat Agents Using Their Attack Methods
In order to properly defend the attack surfaces, one must understand the intermediate, cyber, digital, or system objectives of the attack methods. For instance, looking once more at XSS attacks, we know that the ultimate objective of a cyber criminal is to extract money from the victim. Of course, there are a multitude of ways that an XSS can be used to do that, from fake product sales (illegal or pirated pharmaceuticals) to theft of personal information like payment card numbers, account information, or an entire identity. But how does the attacker get from the XSS vulnerability to the objective?
But for other attackers, the system objective is the steppingstone to an ultimate goal, whatever that goal may be. System-level privileges allow the attacker to “own,” that is, completely control the attacked machine. From there, all information on the machine can be stolen. With superuser privileges, the attacker can install software that listens to and records every entry on the machine. If a spy, the attacker could turn on the machine’s video camera and microphone, thus eaves dropping on conversations had within the vicinity of the machine. And, of course, an owned machine can be used to stage further attacks against other machines or send spam email. Essentially, a completely compromised machine can be used for the malicious and abusive purposes of the attacker. Hence, the term “owned.”
System-level objectives are tied closely to attack methods. Table 5.3 is not intended to be exhaustive. There are plenty of more extensive lists elsewhere, the most complete probably being CAPEC™ at Mitre.org or the lists of attack methods at OWASP.org. Nevertheless, we are studying the ARA/threat modeling process in this chapter. The following is offered as an example of a technique for understanding how the prioritized threats are most likely to misuse attack surfaces.
The first three entries in Table 5.3 are purposely difficult enough to execute that these would not be a consideration for most well-managed websites. Unless there is a serious, unauthenticated, remotely executable vulnerability available via an HTTP request or message into a vulnerable application server or Web server, all the other interfaces should be protected in such a way that getting sufficient privileges to perform one of these first three attacks should be extremely difficult. In order to highlight security researcher “stunt hacks,” the first three entries specifically require high privileges or wide access, or both.
The subsequent entries in Table 5.3 are drawn from OWASP.org Top 103 In order to gain a place in the list, an attack method has to be one of the most popularly executed as
Table 5.3 System-Level Attack Objectives
SQL = Structured Query Language; LDAP = Lightweight Directory Access Protocol.
Source: Data set in italics is from the Open Web Application Security Project (OWASP) (2013). OWASP Top 10 List.3 well as used on a regular and continuing basis. When we analyzed cyber criminals, we noted their predilection for well-known and proven attack methods. The OWASP Top 10 list is representative of the most often used attacks on the Internet. Since the Web- Sock-A-Rama site is a typical web store, it will be subjected to attacks drawn from the OWASP Top 10 list, at the very least. Security researchers will also attempt well-known attack methods in order to find and report vulnerabilities.
|< Prev||CONTENTS||Next >|