CWE-514 隐蔽通道
Covert Channel
结构: Simple
Abstraction: Class
状态: Incomplete
被利用可能性: unkown
基本描述
A covert channel is a path that can be used to transfer information in a way not intended by the system's designers.
扩展描述
Typically the system has not given authorization for the transmission and has no knowledge of its occurrence.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 668 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 912 cwe_View_ID: 699
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Confidentiality', 'Access Control'] | ['Read Application Data', 'Bypass Protection Mechanism'] |
检测方法
Architecture or Design Review
According to SOAR, the following detection techniques may be useful:
Cost effective for partial coverage:
- Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)
Notes
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| Landwehr | Covert Channel |
相关攻击模式
- CAPEC-463