12-10-2010, 10:54 AM
[attachment=5642]
Database Management System
Protection Profile
lowing threats are countered by the DBMS.
T.ACCESS Unauthorised Access to the Database. An outsider or system user who is not (currently)
an authorised database user accesses the DBMS. This threat includes: Impersonation -
a person, who may or may not be an authorised database user, accesses the DBMS, by
impersonating an authorised database user (including an authorised user impersonating
a different user who has different - possibly more privileged - access).
T.DATA Unauthorised Access to Information. An authorised database user accesses information
contained within a DBMS without the permission of the database user who owns or
who has responsibility for protecting the data.
32 This threat includes unauthorised access to DBMS information, residual information
held in memory or storage resources managed by the TOE, or DB control data.
T.RESOURCE Excessive Consumption of Resources. An authenticated database user consumes global
database resources, in a way which compromises the ability of other database users to
access the DBMS.
33 This represents a threat to the availability of the information held within a DBMS. For
example, a database user could perform actions which could consume excessive
resources, preventing other database users from legitimately accessing data, resources
and services in a timely manner. Such attacks may be malicious, inconsiderate or
careless, or the database user may simply be unaware of the potential consequences of
his actions. The impact of such attacks on system availability and reliability would be
greatly amplified by multiple users acting concurrently.
T.ATTACK Undetected Attack. An undetected compromise of the DBMS occurs as a result of an
attacker (whether an authorised user of the database or not) attempting to perform
actions that the individual is not authorised to perform.
34 This threat is included because, whatever countermeasures are provided to address the
other threats, there is still a residual threat of a violation of the security policy occurring
by attackers attempting to defeat those countermeasures.
T.ABUSE.USER Abuse of Privileges. An undetected compromise of the DBMS occurs as a result of a
database user (intentionally or otherwise) performing actions the individual is
authorised to perform.
35 This threat is included because, whatever countermeasures are provided to address the
other threats, there is still a residual threat of a violation of the security policy occurring,
or the database being placed at risk, as a result of actions taken by authorised
database users. For example a database user may grant access to a DB object they are
responsible for to another database user who is able to use this information to perform
a fraudulent action.
36 Note that this threat does not extend to highly trusted database users: see the assumption
A.MANAGE below.
Database Management System
Protection Profile
lowing threats are countered by the DBMS.
T.ACCESS Unauthorised Access to the Database. An outsider or system user who is not (currently)
an authorised database user accesses the DBMS. This threat includes: Impersonation -
a person, who may or may not be an authorised database user, accesses the DBMS, by
impersonating an authorised database user (including an authorised user impersonating
a different user who has different - possibly more privileged - access).
T.DATA Unauthorised Access to Information. An authorised database user accesses information
contained within a DBMS without the permission of the database user who owns or
who has responsibility for protecting the data.
32 This threat includes unauthorised access to DBMS information, residual information
held in memory or storage resources managed by the TOE, or DB control data.
T.RESOURCE Excessive Consumption of Resources. An authenticated database user consumes global
database resources, in a way which compromises the ability of other database users to
access the DBMS.
33 This represents a threat to the availability of the information held within a DBMS. For
example, a database user could perform actions which could consume excessive
resources, preventing other database users from legitimately accessing data, resources
and services in a timely manner. Such attacks may be malicious, inconsiderate or
careless, or the database user may simply be unaware of the potential consequences of
his actions. The impact of such attacks on system availability and reliability would be
greatly amplified by multiple users acting concurrently.
T.ATTACK Undetected Attack. An undetected compromise of the DBMS occurs as a result of an
attacker (whether an authorised user of the database or not) attempting to perform
actions that the individual is not authorised to perform.
34 This threat is included because, whatever countermeasures are provided to address the
other threats, there is still a residual threat of a violation of the security policy occurring
by attackers attempting to defeat those countermeasures.
T.ABUSE.USER Abuse of Privileges. An undetected compromise of the DBMS occurs as a result of a
database user (intentionally or otherwise) performing actions the individual is
authorised to perform.
35 This threat is included because, whatever countermeasures are provided to address the
other threats, there is still a residual threat of a violation of the security policy occurring,
or the database being placed at risk, as a result of actions taken by authorised
database users. For example a database user may grant access to a DB object they are
responsible for to another database user who is able to use this information to perform
a fraudulent action.
36 Note that this threat does not extend to highly trusted database users: see the assumption
A.MANAGE below.