lec2-security-THREATS, ATTACKS, AND ASSETS

THREATS, ATTACKS, AND ASSETS
An attack is a threat that is carried out (threat action) and, if successful, leads to an undesirable violation انتهاك of security.
The agent carrying out the attack is referred to as an attacker, or threat agent .
We can distinguish two types of attacks:
• Active attack: An attempt to alter system resources or affect their operation.
• Passive attack: An attempt to learn or make use of information from the system that does not affect system resources.
Threats and Attacks
Table 1.2 , based on , describes four kinds of threat consequences and lists
the kinds of attacks that result in each consequence.
Table 1.2 Threat Consequences, and the Types of Threat Actions that Cause Each Consequence.
Threat Consequence
Threat Action (attack)
Unauthorized Disclosure
A circumstance ظرف or event an entity gains access to data for which the entity is not authorized
1-Exposure التعرض : Sensitive data are directly released to an unauthorized
entity.
2-Interception اعتراض : An unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations.
3-Inference الاستدلال : A threat action an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or by-products of communications.
4-Intrusion التسلل : An unauthorized entity gains access to sensitive data by circumventing التحايل على a system’s security protections.
Deception الخداع
A circumstance or event that may result in an authorized entity receiving false data and believing it to be true.
1-Masqueradeقناع : An unauthorized entity gains access to a system or performs a malicious act by posing الانتحال as an authorized entity.
2-Falsification تزوير : False data deceive تخدع an authorized entity.
3-Repudiationرفض : An entity deceives another by falsely denying
responsibility for an act.