CWE-653
Improper Isolation or Compartmentalization
Draft
2008-01-30 00:00 +00:00
2024-02-29 00:00 +00:00
Alerte pour un CWE
Stay informed of any changes for a specific CWE.
Improper Isolation or Compartmentalization
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.
Extended Description
When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.
Informations
Modes Of Introduction
Architecture and Design : COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic.Implementation
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Access Control | Gain Privileges or Assume Identity, Bypass Protection Mechanism Note: The exploitation of a weakness in low-privileged areas of the software can be leveraged to reach higher-privileged areas without having to overcome any additional obstacles. |
Observed Examples
| Reference | Description |
|---|---|
| Improper isolation of shared resource in a network-on-chip leads to denial of service | |
| Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC's physical address space from the host, and possibly the network [REF-1138]. |
Potential Mitigations
Phases : Architecture and DesignBreak up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them.
Detection Methods
Automated Static Analysis - Binary or Bytecode
According to SOAR, the following detection techniques may be useful:
Cost effective for partial coverage:
- Compare binary / bytecode to application permission manifest
Effectiveness : SOAR Partial
Manual Static Analysis - Source Code
According to SOAR, the following detection techniques may be useful:
Highly cost effective:
- Manual Source Code Review (not inspections)
Cost effective for partial coverage:
- Focused Manual Spotcheck - Focused manual analysis of source
Effectiveness : High
Architecture or Design Review
According to SOAR, the following detection techniques may be useful:
Highly cost effective:
- Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)
- Formal Methods / Correct-By-Construction
Cost effective for partial coverage:
- Attack Modeling
Effectiveness : High
Vulnerability Mapping Notes
Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Notes
There is a close association with CWE-250 (Execution with Unnecessary Privileges). CWE-653 is about providing separate components for each "privilege"; CWE-250 is about ensuring that each component has the least amount of privileges possible. In this fashion, compartmentalization becomes one mechanism for reducing privileges.The term "Separation of Privilege" is used in several different ways in the industry, but they generally combine two closely related principles: compartmentalization (this node) and using only one factor in a security decision (CWE-654). Proper compartmentalization implicitly introduces multiple factors into a security decision, but there can be cases in which multiple factors are required for authentication or other mechanisms that do not involve compartmentalization, such as performing all required checks on a submitted certificate. It is likely that CWE-653 and CWE-654 will provoke further discussion.
References
REF-196
The Protection of Information in Computer SystemsJerome H. Saltzer, Michael D. Schroeder.
http://web.mit.edu/Saltzer/www/publications/protection/
REF-535
Separation of PrivilegeSean Barnum, Michael Gegick.
https://web.archive.org/web/20220126060047/https://www.cisa.gov/uscert/bsi/articles/knowledge/principles/separation-of-privilege
REF-1138
CVE-2019-6260: Gaining control of BMC from the host processorStewart Smith.
https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/
Submission
| Name | Organization | Date | Date Release | Version |
|---|---|---|---|---|
| Pascal Meunier | Purdue University | Draft 8 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Alternate_Terms, Common_Consequences, Description, Relationships, Other_Notes, Weakness_Ordinalities | |
| CWE Content Team | MITRE | updated Name | |
| CWE Content Team | MITRE | updated Other_Notes, Relationship_Notes, Terminology_Notes | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Detection_Factors | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description, Name, Observed_Examples, References, Relationships | |
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Observed_Examples | |
| CWE Content Team | MITRE | updated Type |
2024©
tesweb SA
