search

OS-IS / ai201-evchev

0 stars 0 forks source link

CW2 #9

Closed EvchevDenis closed 2 days ago

EvchevDenis commented 2 days ago

Таблиця опису рішення усіх загроз

No загрози MTMT-рекомендації з усунення загроз
1 File System may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of File System. Consider using a standard authentication mechanism to identify the destination data store.
2 Does Data Processing or File System take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.
3 File System may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of File System. Consider using a standard authentication mechanism to identify the destination data store.
4 Improper data protection of File System can allow an attacker to read information not intended for disclosure. Review authorization settings.
5 Human User claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.
6 An external agent interrupts data flowing across a trust boundary in either direction. Reliable error handling and recovery of critical processes must be ensured.
7 User Interface may be spoofed by an attacker and this may lead to information disclosure by Human User. Consider using a standard authentication mechanism to identify the destination process.
8 User Interface crashes, halts, stops or runs slowly; in all cases violating an availability metric. Multithreading and interface error recovery mechanisms should be used for protection.
9 Human User may be able to remotely execute code for User Interface. Need to implement permissions and validate all data entry.
10 An attacker may pass data into User Interface in order to change the flow of program execution within User Interface to the attacker's choosing. Consider validating input data and using code integrity control mechanisms.
oleksandrblazhko commented 2 days ago

2 бали