Difference between revisions of "Attack Obfuscation"
m (1 revision imported: Import from WS-Attacks) |
m (1 revision imported: Import from WS-Attacks) |
(No difference)
| |
Latest revision as of 11:26, 31 October 2015
Contents
Attack description
"Attack Obfuscation" is not an attack itself. However, it is an attack enabler. "Attack Obfuscation" describes all techniques to hide the attack from the components designed to detect the attack.
A typical example is "Attack Obfuscation by Cryptography". Usually when trying to execute DOS attacks such as Coercive Parsing the attack is not successful when strict schema validation is performed. However, when the Coercive Parsing attack payload is hidden by encryption the payload gets executed since schema validation usually is always performed prior to decryption.
Attack subtypes
There are no attack subtypes.
Prerequisites for attack
In order for this attack to work the attacker has to have knowledge about the following thinks:
- Attacker knows endpoint of web service. otherwise he is not able to reach the web service.
- Attacker can reach endpoint from its location. Access to the attacked web service server is possible for the attacker. This prerequisite is important if the web service is only available to users within a certain network.
- Attacker knows if the obfuscation strategy works on the attacked web service
Graphic representation of attack
"Attack Obfuscation" doesn't aim at any special web service component. It always depends on what attack is hidden as payload. Therefore no specific component is marked only the web service in general.
- Red = attacked web service component
- Black = location of attacker
- Blue = web service component not directly involved in attack.
Attack example
No attack example available/necessary.
Attack mitigation / countermeasures
Countermeasures are hard to find. They always depend on the attack hidden by the attack obfuscation.
When going back to the example from above, the mitigation strategy is as follows: The easiest way of countering the attack is applying strict schema validation to decrypted data, even if schema validation was performed on the encrypted data prior to decryption.
When trying to use as few resources as possible, one should perform decryption and validation step by step.
Attack categorisation
Categorisation by violated security objective
The attack aims at exhausting the system resources, therefore it violates the security objective Availability.
- Category:Attack_Categorisation_By_Violated_Security_Objective_OTHER
- Category:Attack_Categorisation_By_Violated_Security_Objective
Categorisation by number of involved parties
- Category:Attack_Categorisation_By_Number_Of_Involved_Parties:1_-_0_-_1
- Category:Attack_Categorisation_By_Number_Of_Involved_Parties
Categorisation by attacked component in web service architecture
- Category:Attack_Categorisation_By_Attacked_Web_Service_Component:_No_Specific_Component
- Category:Attack_Categorisation_By_Attacked_Web_Service_Component
Categorisation by attack spreading
- Category:Attack_Categorisation_By_Attack_Spreading
- Category:Attack_Categorisation_By_Attack_Spreading:Conceptual_Flaws
References
- Meiko Jensen, Nils Gruschka, and Ralph Herkenh ̈ner. A survey of attacks on web services. Springer-Verlag, 2009.
- Meiko Jensen.Attacking webservices.http://www.nds.rub.de/media/nds/downloads/ws0910/AttackingWebServices.pdf, 2010. Accessed 01 July 2010.
- Attack Categorisation By Violated Security Objective OTHER
- Attack Categorisation By Violated Security Objective
- Attack Categorisation By Number Of Involved Parties:1 - 0 - 1
- Attack Categorisation By Number Of Involved Parties
- Attack Categorisation By Attacked Web Service Component: No Specific Component
- Attack Categorisation By Attacked Web Service Component
- Attack Categorisation By Attack Spreading
- Attack Categorisation By Attack Spreading:Conceptual Flaws
