Home > CAPEC List > CAPEC-184: Software Integrity Attack (Version 2.9)  

CAPEC-184: Software Integrity Attack

 
Software Integrity Attack
Definition in a New Window Definition in a New Window
Attack Pattern ID: 184
Abstraction: Meta
Status: Draft
Completeness: Complete
Presentation Filter:
+ Summary

An attacker initiates a series of events designed to cause a user, program, server, or device to perform actions which undermine the integrity of software code, device data structures, or device firmware, achieving the modification of the target's integrity to achieve an insecure state.

+ Typical Severity

Low

+ Attacker Skills or Knowledge Required

Manual or user-assisted attacks require deceptive mechanisms to trick the user into clicking a link or downloading and installing software. Automated update attacks require the attacker to host a payload and then trigger the installation of the payload code.

+ Resources Required

Software Integrity Attacks are usually a late stage focus of attack activity which depends upon the success of a chain of prior events. The resources required to perform the attack vary with respect to the overall attack strategy, existing countermeasures which must be bypassed, and the success of early phase attack vectors.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated Activation_Zone, Injection_Vector, Payload, Payload_Activation_Impact, Related_Attack_PatternsInternal
Previous Entry Names
DatePrevious Entry Name
2015-11-09Software Integrity Attacks

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015