0

I am working on evaluating an unsecure protocol. I am trying to categorize the vulnerabilites according to some commonly accepted security elements like the ones specified in the CIA triad or the Parkerian hexad.

There are many vulnerabilites that i can relate to the Parkerian hexad, for example participants can fake their id which would relate to the authenticity element of the Parkerian hexad.

Another vulnerability is that the rules of the protocol can easily be broken, for example participants that follow the protocol aims to form groups and one rule is that participant should never be in more than one group at any given time. The rule is broken if malicious participants send join-requests to different groups.

Basically, i am looking for some security element like confidentiality in the CIA triad or authenticity in the Parkerian hexad that would relate to "breaking of protocol-rules". Are there any security element, for example in the parkerian hexad or other that relates to "breaking of protocol-rules"?

Parkerian hexad

Cia triad

Tagor
  • 115
  • 2
  • I figured out that the example i gave would relate to availability as a participant being a member of multiple groups would consume unnecessary resources. My guess is that if broken down enough the rules of the protocol would relate to elements of the parkerian hexad. – Tagor Apr 22 '19 at 12:11

1 Answers1

0

The concepts that affect information in CIA and the Parkerian hexad cannot be mapped to technical controls of a protocol at the protocol level. A protocol's controls are meant to enforce security elements.

What you can do is to relate the vulnerability to the effect on information. In your scenario, how is information at risk? Why is being a member of different groups an information security risk?

Breaking of the intent of a protocol's design is not inherently a security risk. There is just simply a violation of design intent.

schroeder
  • 123,438
  • 55
  • 284
  • 319