Specifications
34
4.2 Threats
Table 10 lists the threats addressed by the TOE and the IT Environment. The threats are
identical to the threats identified in [WLANPP]. For the threats below, attackers are assumed
to be of low attack potential.
Table 9 Threats
Threat Name
Threat Definition
T.ACCIDENTAL_ADMIN_ERROR
An administrator may incorrectly install or configure the TOE
resulting in ineffective security mechanisms.
T.ACCIDENTAL_
CRYPTO_COMPROMISE
A user or process may cause key, data or executable code
associated with the cryptographic functionality to be
inappropriately accessed (viewed, modified, or deleted), thus
compromising the cryptographic mechanisms and the data
protected by those mechanisms.
T.MASQUERADE
A user or process may masquerade as another entity in order to
gain unauthorized access to data or TOE resources.
T.POOR_DESIGN
Unintentional errors in requirements specification or design of
the TOE may occur, leading to flaws that may be exploited by
a casually mischievous user or program.
T.POOR_IMPLEMENTATION
Unintentional errors in implementation of the TOE design may
occur, leading to flaws that may be exploited by a casually
mischievous user or program.
T.POOR_TEST
The developer or tester performs insufficient tests to
demonstrate that all TOE security functions operate correctly
(including in a fielded TOE) may occur, resulting in incorrect
TOE behavior being undiscovered leading to flaws that may be
exploited by a mischievous user or program.
T.RESIDUAL_DATA
A user or process may gain unauthorized access to data
through reallocation of TOE resources from one user or
process to another.
T.TSF_COMPROMISE
A user or process may cause, through an unsophisticated
attack, TSF data, or executable code to be inappropriately
accessed (viewed, modified, or deleted).
T.UNATTENDED_SESSION
A user may gain unauthorized access to an unattended session.