Roles

A specialised type of router comprising part of a cellular network that provides a radio access network in a locality (a cell), and has its own connection to wide area network allowing communication from cell to cell or between cells and the Internet, etc.

An (abstract) network representing a cellular network, usually in patterns that include implementation in at least one location in the form of a related logical subnet.

An (abstract) network representing a cellular network, in this case the second such cellular network in a pattern.

A public cellular network.

A radio access network providing cellular network connectivity in a location.

A context in which access rights may be held or gained.

A context in which access rights are held and may be exploited.

A context in which access rights may be obtained.

A web browser.

A text editor process, i.e. one that allows user interactions with data via a non-graphical login shell.

A remote desktop client process.

A Data Field used as output.

A data asset that is a process output.

A process facilitating (possibly specialised to support) user interactions with data.

A desktop service, i.e. a service allowing access to a host via a remote desktop client.

An editor process, i.e. one that allows user interactions with data.

A process role, usually filled by a DB process supporting complex data queries.

A data service role.

A data role.

A data asset that is a process input.

A reverse proxy providing access to services that are deployed and managed automatically in a cloud data centre.

A cloud deployment context for one or more Containers, modelled as a type of host.

A virtual host configured to run a service that can be automatically deployed and managed in the cloud.

A reverse proxy providing access to virtual host login and admin functions in a cloud data centre.

An worker node in a virtual cluster supporting automated management of services in the cloud.

An master node in a virtual cluster supporting automated management of services in the cloud.

An overlay network connecting nodes in a virtual cluster supporting automated management of services in the cloud.

Role used for DebugMarker assets when diagnosing construction patterns.

A process from which data is flowing.

A process that is the destination for an outbound data flow.

A process to which data is flowing.

A data flow to a process.

A Data Asset that is inbound to a process.

A data flow from a process.

A data step from a process.

A DataAccess asset relating to a remote access client used to enable user interaction with a remote process.

A process from which data is transferred.

A process to which data is transferred.

Fulfilled by a process playing the role of key vault in relation to some data asset.

A data access role associated with data used by a process.

A Data Asset that is outbound from a Process.

A data access asset associated with data consumed and altered by a process.

A data step to a process.

A data access asset associated with a source process.

A data access asset associated with a source process.

A data access role.

A data asset role fulfilled by any serialised copy of data (i.e. data copy or data flow).

A stored data copy created as a data flow cache.

A data copy role.

A data access asset associated with a destination process.

A data access asset associated with a destination process.

A flow of data between processes.

A data access role associated with data consumed by a process.

A data access role associated with data produced by a process.

A data access role associated with data served by a process.

A data access role associated with data used by a process.

A data access role associated with data forwarding by a process.

A process-to-process data movement, forming one step in a data flow.

A data path used in construction patterns.

A data channel used in construction patterns.

A data path created in construction patterns.

A data path used in construction patterns.

A connection between processes indicating they can exchange data.

A data channel used in construction patterns.

A data channel created in construction patterns.

A field in a data schema or serialized data asset.

A Data Field used as input.

An IoT Thing.

An IoT Thing acting as a controller.

An IoT Thing acting as a sensor.

A jurisdiction (i.e. system of laws and regulations).

A jurisdiction (i.e. system of laws and regulations) applicable far away.

A natural or legal person responsible for collection and processing of personal data.

A subnet representing the connection between paired hosts.

A non-IP subnet representing a connection between paired hosts.

A device that can be plugged into a USB Host.

A host that has USB connectors into which USB devices may be plugged.

A subnet representing the connection between paired hosts.

A physical host.

A remote access service.

A remote access client.

A radio subnet.

A process.

A user role assigned to managing a process.

A host that is remote from some other asset or phenomenon.

A context for access rights of a process.

A physical subnet.

A network connectivity context for access rights of a process.

A remote access terminal process.

A user role assigned to managing a service.

A server.

A process acting as a service, i.e. open to communication requests from clients.

A host in a role where it supports a virtual host or service.

A simple host.

A simple process.

A smart phone.

A logical subnet.

A trivial host unable to support shell access, e.g. a removable storage device or an IoT device.

A process that is so trivial it is not subject to some types of threats.

A wired local area network.

A host acting as a router.

A host that is not the first one found in a pattern.

A WiFi network provided by a mobile device wherever it goes.

A process acting as a Mail User Agent.

A communication network that is implemented from a set of logical subnets.

A stakeholder role with legal responsibility for operation of part or all of a system.

A communication network that is accessible to attackers.

A process acting as an authentication client to gain access to a network or service.

A process providing authentication/authorisation services.

A host role, usually one running a client process.

A process acting as a client, i.e. initiating communication with a service.

A host role filled by some form of a cluster.

A host that users can log into and interacting with via a console.

A backbone network role.

A data centre role.

A host, which may or may not be its own physical host.

A general process.

A host that provides a subnet and/or acts as a router between subnets.

A mobile client supporting login (i.e. a notebook, tablet or smartphone).

A logical subnet (i.e. a subnet that can be used for direct communication between connected hosts).

A host that is local to some other asset or phenomenon.

The Internet.

A login service (i.e. a process that supports shell access to a host).

A network connectivity context for access rights on a host.

A user role assigned to managing a host.

A context for access rights on a host.

A host.

A pre-existing network path from which other paths will be contructed.

A host that is (or hosts) the destination of a message or data flow.

Role assigned to a subpath of some other network path.

A logical segment representing the return path for connections via a gateway.

A physical network path.

An interface via which communication enters a subnet from a host.

A subnet at the end of a network path or communication channel.

A constructed network path.

A network path which may or may not be physical.

A route through a gateway between subnets.

A logical segment representing a route via a gateway.

An interface between a host and a logical subnet.

An interface via which communication enters a host from a subnet.

A logical segment representing the forward path for connections via a gateway.

A subnet at the start of a network path or communication channel.

A host that is (or hosts) the source of a message or data flow.

A path through the network, usually between a subnet accessible to attackers and a subnet to which a target host is connected.

A logical network path terminator, whose relationships hold network connectivity construction state.

A physical network path terminator, whose relationships hold network connectivity construction state.

The (inferred) global public space.

A space.

A far away space.

A nearby space.

A space from which another space can be entered.

A second or subsequent space in a pattern.

A natural person who is the subject of personal data.

A client channel representing the relationship between a process and a key vault holding keys used by the process to access data.

A privileged communication path through the network between a client and a service.

A privileged path through the network to a service from a subnet accessible by attackers whose messages would be addressed in a way that is consistent with at least one client.

A process acting as a client to a reverse proxy.

A client-service trust relationship existing between a client or service and an intervening reverse proxy.

A process acting as a reverse proxy, relating requests between a client and a service.

A privileged path through the network to a service from a subnet accessible by attackers whose messages are addressed in a way that is consistent with a specific client, and are not rewritten by a NAT gateway.

Refers to a pre-existing subnet, which (if present) changes the significance of assets matching other roles in the same pattern.

A client service trust relationship in a chain between a client and a service via a reverse proxy.

A client service trust relationship between a client and a service that communicate indirectly.

A client service trust relationship in a chain between a client and a service via a reverse proxy.

A privileged path through the network to a service from a subnet accessible by attackers whose messages are addressed in a way that is consistent with at least one client, and are not rewritten by a NAT gateway.

A process acting as a service. This role name is chosen so alphanumeric sorting puts it between client-related roles and the network path used by those clients to communicate with the service.

The host of a service. This role name is chosen so alphanumeric sorting puts it between client-related roles and the network path used by those clients to communicate with the service.

A privileged path through the network to a service from a subnet accessible by attackers whose messages are rewritten by a NAT gateway in a way that is consistent with at least one client.

A privileged path through the network to a service from a subnet accessible by attackers whose messages are rewritten by a NAT gateway in a way that is consistent with a specific client.

A network path to a service from a subnet through which messages from a specific client would pass.

A trust relationship between a client and a service.

A privileged path through the network to a service from a subnet accessible by attackers whose messages would be addressed in a way that is consistent with a specific client.

A network path that provides a basis for attacks on services via NAT devices.

A trust relationship between a client and a service that relates to the use of that service to verify third party access rights.

A trust relationship between a client and a service that relates to the use of that service to authenticate the client and/or verify their access rights.

A privileged path through the network to a service from a subnet accessible by attackers .

A subnet on a path between client and service where messages from an attacker could join that path and benefit from newtork address translation en route to the service.

A stakeholder role fulfilled by an human or an organisation.

A stakeholder role fulfilled by an organisation, e.g. a company or a team.

A user role fulfilled by a human.

A user role fulfilled by a human.

A Human who is not an Adult.

A stakeholder that employs one or more individuals to act in one or more system roles.

A human who is not a Child.

A user role fulfilled by a human.

A virtual host.

A channel corresponding to a physical network path between two physical hosts, on which virtual network communication depends.

A virtual subnet implemented witin a host to connect virtual hosts provisioned there.

A role filled by a subnet that is an overlay of some other subnet(s).

A scalable (virtual) host.

A channel between two physical hosts connected by at least one physical network path, on which virtual network communication depends.

A virtual subnet.