An attacker exploits weaknesses in timing or state maintaining
functions to perform actions that would otherwise be prevented by the execution
flow of the target code and processes. An example of a state attack might
include manipulation of an application's information to change the apparent
credentials or similar information, possibly allowing the application to access
material it would not normally be allowed to access. A common example of a
timing attack is a test-action race condition where some state information is
tested and, if it passes, an action is performed. If the attacker can change the
state between the time that the application performs the test and the time the
action is performed, then they might be able to manipulate the outcome of the
action to malicious ends.
Virtually all applications can be subject to time or state attacks in some
form.
Resources Required
State attacks require the ability to manipulate the underlying state of an
application. If that state is stored in a simple file, this can be relatively
easy. If the state is stored internally, this can be more difficult. Timing
attacks rely on being able to control when an application's thread is
interrupted in order to insert the malicious action. Even then, if the actions
in the sequence happen quickly, then success can largely be a matter of luck. As
such, having many opportunities to attempt the attack is usually a requirement
since and individual attack may have a low probability of success.
Vision and Technical Leadership provided by Cigital, Inc.
This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.
Description
