Table 4. Template for identifying IFBs.
Template for identifying insecure function behaviors with three guide words.
| Function (F) | GW: Not being Executed Causes Vulnerabilities (NECV)1 | GW: being Executed Causes Vulnerabilities (ECV)2 | GW: being executed but Exceeding Time Limits causes vulnerabilities (ETL)3 |
|---|---|---|---|
| S_Fn | S_Fn_IFB_m4 | S_Fn_IFBm + 1 | S_Fn_IFBm + 2 |
| (e.g.) “Encrypt data” function | Function is bypassed but returns a fake OK result. | Data is encrypted by a forged key (provided by attacker). | Data encryption violated the process time limit. |
Notes:
1
Adapted from the STPA UCA guide word “not providing causes hazard”.
2
Adapted from the STPA UCA guide word “providing causes hazard”.
3
Adapted from the STPA UCA guide words “too early, too late, out of order” and “stopped too soon, applied too long”.
4
S_Fn_IFBm is the IFB label, in which S represents the subject of the function.