A behavioral discrepancy information leak occurs when the
product's actions indicate important differences based on (1) the internal state
of the product or (2) differences from other products in the same
class.
Extended Description
For example, attacks such as OS fingerprinting rely heavily on both
behavioral and response discrepancies.
Time of Introduction
Architecture and Design
Implementation
Applicable Platforms
Languages
All
Potential Mitigations
Phase
Description
Compartmentalize your system to have "safe" areas where trust
boundaries can be unambiguously drawn. Do not allow sensitive data to go
outside of the trust boundary and always be careful when interfacing
with a compartment outside of the safe area.
Description
