Package Application

URI: Application

Description: Model of application data and processes

R-CP

Finds a solo Console Process.

R-D

Finds a solo Data asset.

R-HD

Finds Data stored at a Host.

R-HHuWE

Finds a Human using both an email client and a web browser on the same host.

R-HHuWSMS

Finds a Human using both an SMS client and a web browser on the same host.

R-HIP

Finds a solo interactive process and its host.

R-HPrD

Finds a Process relaying Data and the process host.

R-HPsD

Finds a Process serving Data and the process host.

R-HuaD

Finds a Human interactively amending Data.

R-HuaDPH

Finds a Human amending Data by interacting (possibly remotely) with a Process that processes the Data, and the process Host.

R-HuaDRAC

Finds a Human interacting with Data remotely via a Remote Access Client.

R-HuaID

Finds a Human interactively entering Data, where this is expressed as a single relationship and labelled as having been asserted.

R-HuaUD

Finds a Human interactively amending Data, where this is expressed as a single relationship and labelled as having been asserted.

R-HuaVD

Finds a Human interactively viewing Data, where this is expressed as a single relationship and labelled as having been asserted.

R-HuHWES

Finds a Human using a web browser running on a host to access email.

R-HuiCHDtS

Finds a human interacting with a console host and a desktop service running on a possibly remote host.

R-HuiD

Finds a Human entering Data.

R-HuiDPH

Finds a Human entering Data by interacting (possibly remotely) with a Process that processes the Data, and the process Host.

R-HuiPiDCHS

Finds a user interacting directly with a process to enter data using a console host located in a space.

R-HuiRACHSPiD

Finds a user entering data via remote interaction with a process using a remote access client on a console host located in a space.

R-HuirEcD

Find a Human interacting (possibly remotely) with an Editor that creates Data.

R-HuirErD

Finds Human interacting (possibly remotely) with an Editor process that receives data.

R-HuirIPaD

Finds Human interacting (possibly remotely) with an Interactive Process that amends data.

R-HuirIPpD

Finds Human interacting (possibly remotely) with an Interactive Process that processes data.

R-HuirPaD+eUI

Finds Human interacting (possibly remotely) with a process that amends (creates and receives) data, and enables user input of the data.

R-HuirPcD

Finds Human interacting (possibly remotely) with a process that creates data.

R-HuirPeID

Finds a human interacting (possibly remotely) with a process that enables user entry of some Data.

R-HuirPeOD

Finds a human interacting (possibly remotely) with a process that enables user access to some Data.

R-HuirPeUD

Finds a human interacting (possibly remotely) with a process that enables user update of some Data.

R-HuirPrD

Finds Human interacting (possibly remotely) with a process that receives data.

R-HuirPsD

Finds Human interacting (possibly remotely) with a process that serves data. This conflicts with domain model assumptions.

R-HuuD

Finds a Human interactively amending Data, where this is expressed as a single relationship.

R-HuvD

Finds a Human viewing Data.

R-HuWES

Finds a Human using a web browser to access email.

R-PaD

Finds a Process that is amending data, using separate creates and receives links in case they were added separately.

R-PaDH

Finds a Host running a Process that is amending data.

R-PcDH

Finds a Host running a Process that is creating data.

R-PpD+noDU

Finds a Process that is processing Data, where the Process has a self-referential noDU link indicating it should not be processing data.

R-PrDH

Finds a Host running a Process that is receiving data stored on the same host.

R-RDuHP

Finds a Host running a Process used remotely by a Remote Desktop client.

R-RDuRDuS

Finds a remote desktop using remotely another remote desktop which is using remotely a third process.

R-RDuRTuS

Finds a remote desktop using remotely a remote terminal which is using remotely a third process.

MP-CP

Finds a solo Control Process.

MP-D

Finds a solo Data asset that is not unsolicited email.

MP-HHuWE

Finds a Human using both an email client and a web browser on the same host.

MP-HHuWSMS

Finds a Human using both an SMS client and a web browser on the same host.

MP-HIP-Hu

Finds a host running an interactive process that doesn't have a user.

MP-HuaID

Finds a Human interactively entering Data, where this is expressed as a single relationship and labelled as having been asserted.

MP-HuaUD

Finds a Human interactively amending Data, where this is expressed as a single relationship and labelled as having been asserted.

MP-HuaVD

Finds a Human interactively viewing Data, where this is expressed as a single relationship and labelled as having been asserted.

MP-HuHWES

Finds a Human using a web browser running on a host to access email.

MP-HuiCHDtS-AC

Finds a human interacting with a console host and a desktop service running on a remote host, where the user does not interact with a desktop client that uses the desktop service.

MP-HuiPiDCHS

Finds a user interacting directly with a process to enter data using a console host located in a space.

MP-HuiRACHSPiD

Finds a user entering data via remote interaction with a process using a remote access client on a console host located in a space.

MP-HuirEc-rD

Finds a Human interacting (possibly remotely) with an Editor that creates but does not receive Data.

MP-HuirEr-vD-cC-iHu-DS

Finds Human interacting remotely with an Editor that receives Data that is not viewed by the Human, and which is not created by any process, stored on any Host, nor input by any Human.

MP-HuirIPaD

Finds Human interacting remotely with an Interactive Process that amends data.

MP-HuirIPp-iD

Finds Human interacting (possibly remotely) with an Interactive Process that processes Data, where the Human does not enter the Data.

MP-HuirIPp-xD

Finds Human interacting (possibly remotely) with an Interactive Process that processes Data, where the Human does not interact with the Data.

MP-HuirPaD+eUI-O

Finds Human interacting (possibly remotely) with a process that amends (creates and receives) data, and enables user input but not output of the data.

MP-HuirPc-iD-rC-vHu-DS

Finds a Human interacting (possibly remotely) with a process that creates data, where the data is not stored on any host, used by any process nor viewed by any user, and the Human does not enter the Data.

MP-HuirPeID

Finds a human interacting (possibly remotely) with a process that enables user entry of some Data.

MP-HuirPeI-OD-p

Finds a human interacting (possibly remotely) with a process that enables user entry of some Data, but does not process the data.

MP-HuirPeI-OD-p-cC-iHu-DS

Finds a human interacting (possibly remotely) with a process that enables user access to some Data, but does not process the data, and where the Data is not an input from any user, an output of any process, and is not stored, i.e., the data has no source.

MP-HuirPeOD

Finds a human interacting (possibly remotely) with a process that enables user access to some Data.

MP-HuirPeO-ID-p

Finds a human interacting (possibly remotely) with a process that enables user access to some Data, but does not process the data.

MP-HuirPeUD

Finds a human interacting (possibly remotely) with a process that enables user update of some Data.

MP-HuirPeUD-a

Finds a human interacting (possibly remotely) with a process that enables user update of some Data, but does not yet amend the data.

MP-HuirPr-iD-cD

Finds Human interacting remotely with a Process that receives Data, but does not create any output, and the Human does not enter the Data.

MP-HuirPr-vD-cC-iHu-DS

Finds Human interacting remotely with a Process that receives Data that is not viewed by the Human, and which is not created by any process, stored on any Host, nor input by any Human.

MP-HuirPsD

Finds Human interacting (possibly remotely) with a process that serves data. This conflicts with domain model assumptions.

MP-Hui-uD

Finds a Human entering Data, but not implied by an amends relationship.

MP-HuuD

Finds a Human interactively amending Data, where this is expressed as a single relationship.

MP-Huv-iD-P

Finds a Human viewing but not entering Data, where the Data is not Spam, and there is no interactive process mediating the interaction.

MP-Huv-uD

Finds a Human viewing Data, but not implied by an amends relationship.

MP-HuWES

Finds a Human using a web browser to access email.

MP-PpD+noDU

Finds a Process that is processing Data, where the Process has a self-referential noDU link indicating it should not be processing data.

MP-RDuHP-iPL-RAS

Finds a Host running a Process that is not a remote access service or reverse proxy, but is used remotely by a Remote Desktop client, not mediated by a collocated remote access service, nor by a reverse proxy.

MP-RDuRDuS-uR

Finds a remote desktop using remotely another remote desktop which is using remotely a third process that is not yet remotely used by the first.

MP-RDuRTuS-uR

Finds a remote desktop using remotely a remote terminal which is using remotely a third process that is not yet remotely used by the first.

CP-HuiCHDtS-AC+AC

Finds a human managing but not interacting directly with a host that has a desktop service, and interacting with a console host but not with a client of the desktop service. Adds a Remote Desktop client enabling remote access to manage the host.

CP-RDuHP-iPL-RAS+DtS

Finds a Host running a Process that is neither a remote access service nor a reverse proxy, but is used by a Remote Desktop client, not mediated by a collocated remote access service. Adds an inferred mediating Desktop Service.

CP-RTuHP-iPL-RAS+LnS

Finds a Host running a Process that is neither a remote access service nor a reverse proxy, but is used by a Remote Terminal client, not mediated by a collocated remote access service. Adds an inferred mediating Login Service.

CP-RDuRDuS-uR+uR

Finds a remote desktop using remotely another remote desktop which is using remotely a third process that is not yet remotely used by the first, adds a link specifying that the third process is used by the first.

CP-RTuRTuS-uR+uR

Finds a remote terminal using remotely another remote terminal which is using remotely a third process that is not yet remotely used by the first, adds a link specifying that the third process is used by the first.

CP-RDuRTuS-uR+uR

Finds a remote desktop using remotely a remote terminal which is using remotely a third process that is not yet remotely used by the first, adds a link specifying that the third process is used by the first.

CP-RAS+noDU

Finds a remote access service, and adds a self referential link indicating the process cannot process data.

CP-RAC+noDU

Finds a remote access client, and adds a self referential link indicating the process cannot process data.

CP-HuuD+aUD

Finds a Human interactively amending Data, where this is expressed as a single relationship. At this stage in the sequence, the relationship must have been asserted, but it is now deprecated, so a marker relationship is added.

CP-Hui-uD+aID

Finds a Human interactively entering Data, where this is expressed as a direct relationship. At this stage in the sequence, the relationship must have been asserted, but it is now deprecated, so a marker relationship is added.

CP-Huv-uD+aVD

Finds a Human interactively viewing Data, where this is expressed as a direct relationship. At this stage in the sequence, the relationship must have been asserted, but it is now deprecated, so a marker relationship is added.

CP-HuirPeUD+aD

Finds a human interacting (possibly remotely) with a process that enables user update of some Data. Adds a link to say the Human amends the Data.

CP-HuirPeID+iD

Finds a human interacting (possibly remotely) with a process that enables user entry of some Data. Adds a link to say the Human enters the Data.

CP-HuirPeOD+vD

Finds a human interacting (possibly remotely) with a process that enables user access to some Data. Adds a link to say the Human views the Data.

CP-HuirPeUD-a+a

Finds a human interacting (possibly remotely) with a process that enables user update of some Data, but does not yet amend the data. Adds a link to say the process amends the data.

CP-HuirPeI-OD-p+r

Finds a human interacting (possibly remotely) with a process that enables user entry of some Data, but does not process the data. Adds a link to say the process receives the data.

CP-HuirPeI-OD-p-cC-iHu-DS+c

CP-HuirPeO-ID-p+r

Finds a human interacting (possibly remotely) with a process that enables user access to some Data, but does not process the data. Adds a link to say the process receives the data.

CP-HuirIPaD+aD

Finds Human interacting remotely with a process that amends data, and adds a link to say that the Human amends the data.

CP-HuirEc-rD+iD

Finds a Human interacting (possibly remotely) with an Editor that creates but does not receive Data, and adds a link to specify that the Human enters the data.

CP-HuirEr-vD-cC-iHu-DS+iD

Finds Human interacting (possibly remotely) with an Editor that receives Data that is not viewed by the Human, and which is not created by any process, stored on any Host, nor input by any Human, and adds a link specifying that the Human inputs the Data.

CP-HuirPr-vD-cC-iHu-DS+iD

Finds Human interacting remotely with a Process that receives Data that is not viewed by the Human, and which is not created by any process, stored on any Host, nor input by any Human, and adds a link specifying that the Human inputs the Data.

CP-HuirIPp-iD+vD

Finds Human interacting (possibly remotely) with an Interactive Process that processes Data, where the Human does not enter the Data, and adds a link to say that the Human views the Data.

CP-HuirPc-iD-rC-vHu-DS+vD

CP-HuirPr-iD-cD+vD

Finds Human interacting remotely with a Process that receives Data, but does not create any output, and the Human does not enter the Data, and adds a link to specify that the Human views the data.

CP-HuirPaD+eUI-O+vD

Finds Human interacting (possibly remotely) with a process that amends (creates and receives) data, and enables user input but not output of the data, and adds a link to specify that the Human views the data.

CP-HuWES+e

Finds a Human using a web browser running on a host to access email, and tags the user as having access to email by creating a self-referential link.

CP-CP+hCLI

Finds a solo Control Process, and adds a self-referential link labelling it as such.

D.C.HuiPiDCHS.3

Data Data entered via Process leaks by shoulder surfing Human in space Space: if Human is not careful, someone with access to space Space could shoulder surf a session during which Human enters Data via the user interface of Process on host device Host.

D.C.HuiRACHSPiD.3

Data Data entered via Process leaks by shoulder surfing Human in space Space: if Human is not careful, someone with access to space Space could shoulder surf a session in which Human enters Data via the user interface of Process accessed from remote access client RemoteAccessClient on host device Host.

D.E.HuaID.9

Deprecated enters relationship between Human and Data: this relationship was asserted, but it is now an inferred relationship. The interaction between Human and Data should be expressed via an enablesUserInput relationship between a Process used by Human and the data Data.

D.E.HuaUD.9

Deprecated amends relationship between Human and Data: this relationship was asserted, but it is now an inferred relationship. The interaction between Human and Data should be expressed via an enablesUserUpdate relationship between a Process used by Human and the data Data.

D.E.HuaVD.9

Deprecated views relationship between Human and Data: this relationship was asserted, but it is now an inferred relationship. The interaction between Human and Data should be expressed via an enablesUserOutput relationship between a Process used by Human and the data Data.

D.E.Huv-iD-P.9

User Human cannot view data Data: the model specifies that Human is viewing Data, but Human is not using interacting with any process that processes Data and supports interactive output. To fix this, either (a) add a Process-receives-Data link from a process used by Human to view Data, (b) add an interaction (possibly via a remote access client) between Human and a process that is processing Data, or (c) remove the views relationship from Human to Data. The first two options may involve adding a suitable process if none has yet been included in the model.

H.W.HuHWES.3

Malware infection at Host due to execution of viral email attachment at WebBrowser on Host: the user Human runs a malicious file sent as an email attachment via webmail service MUA, infecting their client device Host.

P.E.HIP-Hu.9

Interactive process InteractiveProcess has no user: since InteractiveProcess is a specialised type of process designed to be user-driven, it cannot function without a user (a Human). This situation usually arises because either (a) the user of this process has been omitted, (b) the relationship of the user to InteractiveProcess has been omitted, whether direct or via a remote access client, or (c) access is remote but there is some inconsistency in the types of remote access clients and services used (which should be flagged as separate modelling errors).

P.E.HuirIPp-xD.9

User Human of interactive process InteractiveProcess has no interaction with data Data used by InteractiveProcess: process InteractiveProcess is specialised to support user interaction with data, and cannot process data without inolving the user. The domain model infers the user interaction where possible, but in this case there is some ambiguity so you must specify whether Human enters, views or amends Data. If Human really does not interact with Data then either delete the relationship of InteractiveProcess to Data, or change the type of InteractiveProcess to a less specialised type of process.

P.E.HuirPsD.9

Data Data is both served by interactive process Process used by Human: this is not supported by the domain model as it leads to ambiguous dependencies. Please replace Process by two distinct processes, one used by Human and the other that serves Data, then specify which uses the other (usually the interactive process would use the data service, but this cannot be inferred automatically since it may not always be the case).

P.E.PpD+noDU.9

Process Process should not process data Data: process Process is in one of the restricted classes that may not process data, i.e. an authentication client or service, a specialised reverse proxy service or a remote access client or service. If the relationship between Process and Data is not an error, then the type of Process should be changed to a less restricted class.

LossOfAuthenticity	Forging or alteration of data (which may be embedded in an IoT device) in a way designed to induce false behaviour in other assets consuming the data.
LossOfConfidentiality	Disclosure of data (which may be embedded in an IoT device) to unauthorised parties, or a state where prevention or detection of such a disclosure cannot be ensured.
LossOfIntegrity	Alteration or corruption of data (which may be embedded in an IoT device) such that its use will produce incorrect outputs or outcomes, but which may or may not be malicious and designed to subvert assets consuming the data.
LossOfTimeliness	Represents a state in which a data asset is somewhat out of date, or a process or human has outdated or (temporarily) unavailable inputs.

CSG-DataAccessControl	The host device *Host* enforces an access control policy for a stored copy of *Data*.
CSG-DataBaseAccessControl	The data service *Service* enforces an access control policy for a stored copy of *Data*.
CSG-StaticSystemData	Data *Data* is static data inserted into the system on deployment and not altered subsequently by any process in the system. This control strategy is used to negate modelling error threats that detect cases where data is not created by any process.

AccessPolicy	There is an access policy associated with data specifying who is authorised to access the data.
StaticData	This control signifies that data is static, i.e. inserted into the system during deployment and never changed.

Role_Data	A data role.
Role_DataService	A data service role.
Role_DB	A process role, usually filled by a DB process supporting complex data queries.
Role_DesktopService	A desktop service, i.e. a service allowing access to a host via a remote desktop client.
Role_Editor	An editor process, i.e. one that allows user interactions with data.
Role_Input	A data asset that is a process input.
Role_InteractiveProcess	A process facilitating (possibly specialised to support) user interactions with data.
Role_Output	A data asset that is a process output.
Role_OutputField	A Data Field used as output.
Role_RemoteDesktop	A remote desktop client process.
Role_TextEditor	A text editor process, i.e. one that allows user interactions with data via a non-graphical login shell.
Role_WebBrowser	A web browser.

ApplicationProcess	A process with significant complexity unable to run on a specialised device.
CmdLineProcess	A program that can be launched from a command line and used interactively by a possibly remote user via keyboard and screen only.
ConsoleProcess	An interactive process that can be launched via a shell command line and used with a text interface, i.e., using a remote terminal client or a text editor.
Data	Represents a class of data items that can be stored on Hosts, or processed and exchanged by Processes. Note that this asset represents the presence of data in the system. Physical copies of the data are represented by inferred assets linked with Processes that serve or use them, hosts where they are stored.
DataLifecycleAsset	Base class for all assets describing data lifecycle states, excluding overlay parent classes.
DataPalette	An overlay parent class descended from Palette Type, to be used to control the grouping of assertable assets in the SSM GUI Asset Palette.
DataService	A process that provides remote access to data stored on a local disk (just block or file access, no data queries).
DB	A process that allows data to be stored and accessed using a well known query language.
DesktopService	Supports remote access to graphical desktop functionality on its host. If the service controls the host, it has root privileges, enabling remote system admin. If the service controls other processes running on the host, it has the privileges assigned to those processes, and users can interact via a remote desktop client with those processes and any data used by them. This is distinct from a simple login service which also provides access to the shell, but users can only interact with command line processes. A desktop service may be configured as a restricted workspace by enabling security controls such that it does not allow the user unrestricted access to the shell, but only to processes that are specified as being available to the desktop service.
Editor	A program whose only function is to view and alter stored data. Use a TextEditor asset for such a program that can be used with a simple text-based interface, i.e. without a GUI. If an Editor receives data, it will be assumed that the user views the data (or creates it if the data has no other source). If an Editor amends data, the user is assumed to be making the changes.
EmailMX	Represents an ESMTP Mail Exchange (MX) process, which listens for and responds to requests sent using ESMTP.
InteractiveApplication	An application process with a graphical user interface, but not specifically for data viewing and data entry.
InteractiveProcess	A process with a user interface specialised to support user interactions with data. If an Interactive Process amends data, the user is assumed to be responsible. If an Interactive Process creates or receives data that the user inputs, it is assumed the user does so via the Interactive Process unless another process is already being used for this.
RemoteDesktop	Provides a means to interact with processes running on a remote host via a desktop service running on that host.
SensitiveData	A type of data whose compromise has a higher impact than other types of data.
SpamData	Represents data whose original source is outside the model, delivered via unsolicited email.
TextEditor	A program that can be launched from a command line and used interactively by a possibly remote user via keyboard and screen only to view and alter stored data displayed in textual form.
TypeOverlayData	A base class for data type classification overlay parent classes.
WebApp	An interactive HTTP client process, which uses HTTP including REST, associated with a specific web application service. If your process is a general purpose interactive web client (a browser), use a WebBrowser asset instead.
WebBrowser	An WebBrowser represents an interactive HTTP browser process, used by a human to access online applications and to navigate the Web, and supporting active rendering of a user interface specified by HTML or embedded scripting languages.
WebClient	An WebClient represents a general HTTP client process, which uses HTTP including REST, associated with a specific web application service. It includes interactive clients (e.g. browsers and apps) and non-interactive services. If your process is a general purpose interactive web client supporting access to arbitrary services using dynamic HTML and scripting (a browser), or an app for accessing one or more predefined services, use the relevant specialised subclass.

Authenticity	The data (which may be embedded in an IoT device) is what it claims to be, i.e. it is neither forged nor altered in a way designed to induce false behaviour in other assets consuming the data.
Confidentiality	Signifies that data (which may be embedded in an IoT device) is only accessible to authorised users.
Integrity	The data (which may be embedded in an IoT device) is correct and fit for purpose.
Timeliness	Represents a state in which a data asset is up to date, or a process or human has up to date inputs.