Common Architecture Flaws and Security Issues
Covert Channels - a method that is used to pass information over a path that
is not normally used for communication
Covert Timing Channel - conveys information by altering the performance of
a system component or modifying resources timing in a predictable manner
Covert Storage Channel - conveys information by writing data to a common
storage area where another process can read it
Poor design techniques
Questionable implementation
Inadequate testing
Back doors or mntc hooks
Programming - buffer overflow - when the programmer fails to check or
sanitize the format and size of input data
Timing, state changes, and communication disconnects - TOC or Time of
Check is the time at which a subject checks the status of the object
Time of User - TOU - is when the decision is made to access the object
TOCTOU attacks are also called race conditions because the attacker is
racing with the legitimate process to replace the object before it is used
Technology and Process Integration
Single points of failure are to be avoided - SOA or Service Oriented
Architecture constructs new applications or functions out of existing but
separate and distinct software services
Electromagnetic Radiation - the best way to prevent is through shielding,
blocking unauthorized personnel, tempest, and faraday cage
Covert Channels - a method that is used to pass information over a path that
is not normally used for communication
Covert Timing Channel - conveys information by altering the performance of
a system component or modifying resources timing in a predictable manner
Covert Storage Channel - conveys information by writing data to a common
storage area where another process can read it
Poor design techniques
Questionable implementation
Inadequate testing
Back doors or mntc hooks
Programming - buffer overflow - when the programmer fails to check or
sanitize the format and size of input data
Timing, state changes, and communication disconnects - TOC or Time of
Check is the time at which a subject checks the status of the object
Time of User - TOU - is when the decision is made to access the object
TOCTOU attacks are also called race conditions because the attacker is
racing with the legitimate process to replace the object before it is used
Technology and Process Integration
Single points of failure are to be avoided - SOA or Service Oriented
Architecture constructs new applications or functions out of existing but
separate and distinct software services
Electromagnetic Radiation - the best way to prevent is through shielding,
blocking unauthorized personnel, tempest, and faraday cage
