Logic/Time BombID: 511 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: INCOMPLETE |
Abstraction Type: Base |
Description
The software contains code that is designed to disrupt the
legitimate operation of the software (or its environment) when a certain time
passes, or when a certain logical condition is met.
Extended DescriptionWhen the time bomb or logic bomb is detonated, it may perform a denial of
service such as crashing the system, deleting critical data, or degrading
system response time. This bomb might be placed within either a replicating
or non-replicating Trojan horse.
Applicable PlatformsLanguage Class: All
Time Of Introduction
Common Consequences
Scope | Technical Impact | Notes |
---|
OtherIntegrity | Varies by contextAlter execution
logic | |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Installation | | Always verify the integrity of the software that is being
installed. | | |
Implementation | | Conduct a code coverage analysis using live testing, then closely
inspect the code that is not covered. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-511 ChildOf CWE-904 | Category | CWE-888 | |
Demonstrative Examples (Details)
- Typical examples of triggers include system date or time mechanisms,
random number generators, and counters that wait for an opportunity to
launch their payload. When triggered, a time-bomb may deny service by
crashing the system, deleting files, or degrading system
response-time.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
Landwehr | | Logic/Time Bomb | |
References:None