CAPEC-518: Documentation Alteration to Produce Under-performing Systems
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An attacker with access to a manufacturer's documentation alters the descriptions of system capabilities with the intent of causing errors in derived system requirements, impacting the overall effectiveness and capability of the system, allowing an attacker to take advantage of the introduced system capability flaw once the system is deployed.
前提条件
- Advanced knowledge of software and hardware capabilities of a manufacturer's product.
- Access to the manufacturer's documentation.
所需技能
缓解措施
Digitize documents and cryptographically sign them to verify authenticity.
Password protect documents and make them read-only for unauthorized users.
Avoid emailing important documents and configurations.
Ensure deleted files are actually deleted.
Maintain backups of the document for recovery and verification.
Separate need-to-know information from system configuration information depending on the user.
示例实例
A security subsystem involving encryption is a part of a product, but due to the demands of this subsystem during operation, the subsystem only runs when a specific amount of memory and processing is available. An attacker alters the descriptions of the system capabilities so that when deployed with the minimal requirements at the victim location, the encryption subsystem is never operational, leaving the system in a weakened security state.