Security Vulnerability Domains and Technical Analysis

Posted by Anonymous and classified in Computers

Written on May 1, 2026 in English with a size of 3.94 KB

Security Vulnerability Domains

This table outlines critical domains in security, detailing their underlying assumptions, common flaws, and defensive strategies.

Domain	Definition	Purpose	Root Assumption	Typical Flaw	Exploited by	Attacker Needs	Observable Effect	Consequence	Difficulty	Main Defenses	Exam Trigger Words
Certification	Third-party statement of compliance	Build trust	Requirements well-defined	Wrong scope	Compliance gaming	Docs, audits	“Certified but insecure”	False sense of security	Medium	ISO 17000 family	attestation, conformity
Repeatability	Same tester, same setup	Reliability	Operator consistency	Human variance	Poor testing	Same lab	Inconsistent results	Invalid cert	Low	Calibration	same setup
Reproducibility	Different testers, same result	Objectivity	Method independence	Weak method	Lab mismatch	Multiple labs	Divergent results	Unusable cert	Medium	Standardized methods	different setups
Microarchitecture	ISA implementation details	Performance	Isolation holds	Shared resources	Side-channels	Local execution	Timing/cache leaks	Secret exposure	High	HW+SW patches	cache, OoO
Speculation	Execute before checks	Speed	Wrong paths invisible	Speculative state	Spectre	Misprediction	Cache pollution	Isolation break	Very high	Fences	branch predictor
Side-Channel	Physical leakage	Unavoidable physics	No observable diff	Timing diff	Prime+Probe	Measurement	Key recovery	Crypto break	High	Noise, isolation	timing
Race Condition	Timing-dependent logic	Parallelism	Atomicity	TOCTOU	Retry abuse	Timing control	State desync	Privilege escalation	Medium	Locks	window
Window of Vulnerability	Gap between A and B	Scheduling	No interference	Assumption gap	Symlink swap	Many retries	Wrong object used	Root access	Low	Atomic ops	A→B
Low-Level Memory	Code & data as bytes	Flexibility	Correct addressing	Pointer confusion	Overwrite	Memory access	Control flow change	RCE	Medium	Memory safety	pointer
Memory Corruption	Invalid memory access	Unsafe languages	Bounds respected	Overflow/UAF	ROP	Bug trigger	Crash or hijack	Full compromise	Medium	ASLR, NX	buffer
Trusted Computing	Verify system integrity	Malware stealth	Measurement truthful	Cheating prover	State forgery	Control system	Fake “clean” state	Undetected malware	High	TPM	root of trust
Kernel	Privileged OS core	Resource control	Bug-free code	NULL deref	Kernel exploit	User access	Ring-0 execution	Total takeover	Very high	SMEP/SMAP	privilege

Related entries:

Tags:

vulnerability analysis trusted computing memory corruption race conditions kernel security speculative execution side-channel attacks cybersecurity system integrity information security compliance standards