Package DataLifecycle

URI: DataLifecycle

Description: Model of data processing, movement and persistence.

R-CSDFDA2

Finds two process participating in a data flow.

R-DADBsDA

Finds a DB processing data queries using a data asset.

R-DADS

Finds a Data Access fulfilling a Data Copy.

R-DADU

Finds a service controlling access to a data access, which fulfils a data use.

R-DAPpDA

Finds a Process processing data using a data asset.

R-DAVPDA

Finds a Process consuming a data asset controlled by a vault.

R-DBsDADA

Finds a DB processing queries to create a data asset.

R-DBsDRDF

Finds a DB serving data that is stored on a separate Host and supplied to the DB in a data flow.

R-DCDFcV

Finds a Data Flow controlled by a key Vault for which there is a Data Cache.

R-DSDA

Finds a Data Access fulfilled by a Data Copy.

R-DSPDFDB

Finds a DB serving data obtained via a data flow from a remote data store.

R-DSPDFVDB

Finds a DB serving data obtained via a data flow from a remote data store, where the stored data is encrypted with keys from a vault.

R-DUDA

Finds a service controlling access to a data access, which is fulfilled by a data use.

R-HDBDRDF

Finds a Host running a DB process acting as a Data Relay for a Data Flow to a destination process.

R-HDBDSDF

Finds a Host running a DB process acting as a Stored Data Pool for a Data Flow to a destination process.

R-HDBsD

Finds a Host running a Database process that serves a stored DataCopy, and the associated DataPool.

R-HDBsDV

Finds a Host running a Database process that serves a stored DataCopy encrypted with keys from a vault, and the associated DataPool.

R-HDCDF

Finds a Data Flow for which there is a Data Cache on the Host of a sending or receiving process.

R-HDS

Finds a stored copy of Data on a Host, and its Physical Host.

R-HDSV

Finds a copy of Data encrypted with a key from a vault, stored on a Host, and its Physical Host.

R-HPDAcDS

Finds a Host running a Process that CRUD creates locally stored Data.

R-HPDAdDS

Finds a Host running a Process that CRUD deletes locally stored Data.

R-HPDADF

Finds a Host running a Process that sends a Data Flow to a destination process, plus the associated Data and Data Access assets.

R-HPDADS

Finds a Host storing a Data Copy fulfilled by a local process.

R-HPDADS2DO

Finds a Host running a Process that writes to a local stored Data Copy, and sources data from two data producers.

R-HPDADSDU

Finds a Host storing a Data Copy fulfilled by a Data Access that sources data from a Data Update (from a process on any Host).

R-HPDAuDS

Finds a Host running a Process that CRUD updates locally stored Data.

R-HPDDR

Finds a Host running a Process relaying Data.

R-HPdDS

Finds a host running a Process with write/delete access (crudd) to a locally stored data copy, plus the data access asset representing the data deserialization.

R-HPDFDADS

Finds a Host running a Process that receives an incoming Data Flow and writes the data to local storage. The Process is matched twice, so it can be referred to by either role name.

R-HPDFDAuDS

Finds a Host running a Process that CRUD updates locally stored Data by saving an incoming Data Flow.

R-HPDFDI

Finds a Host running a Process that receives an incoming Data Flow and uses it as input. The Process is matched twice, so it can be referred to by either role name.

R-HPDOcDS

Finds a Host running a Process that CRUD creates locally stored Data which it produces as output.

R-HPDOdDS

Finds a Host running a Process that CRUD deletes locally stored Data which it produces as output.

R-HPDODF

Finds a Host running a Process that creates a Data Flow to a destination process, plus the associated Data and Data Output assets.

R-HPDODS

Finds a Host running a Process that creates locally stored Data which it produces as output.

R-HPDOuDS

Finds a Host running a Process that CRUD updates locally stored Data which it produces as output.

R-HPdpDS

Finds a host running a Process with write/delete access (crudd) to a locally stored data copy, which it also processes, plus the data access asset representing the data deserialization.

R-HPDS

Finds a Host running a process that stores a local copy of some data.

R-HPDSDA

Finds a Host storing a Data Copy that fulfils a Data Access for a Process on the same Host.

R-HPDSDADF

Finds a Host storing a Data Copy that is read and sent in a data flow by a Process on the same Host.

R-HPDSDI

Finds a stored data input to a process, plus the process and data host.

R-HPDS-fDI

Finds a Host with a stored Data Copy, running a Process that has a Data Input asset for the same Data that may or may not be fulfilled by the stored Data Copy.

R-HPDSrDI

Finds a Host running a Process that CRUD reads a locally stored copy of Data it uses as input.

R-HPeD

Finds a Host for a Process that appends to locally stored Data.

R-HPrDS

Finds a host running a Process with read access (crudr) to a locally stored data copy, plus the data access asset representing the data deserialization.

R-HPrpDS

Finds a host running a Process with read access (crudr) to a locally stored data copy, which it also processes, plus the data access asset representing the data deserialization.

R-HPsDPDFDS

Finds a Host that stores a copy of Data served by and sent to a Process on the same Host, plus the associated Data Flow and Data Pool.

R-HPsDPDSDF

Finds a Host that stores a copy of Data served by and sent from a Process on the same Host, plus the associated Data Flow and Data Access.

R-HPuDSDI

Finds a stored data input needed by a process, plus the process and data host.

R-HuaDSPH

Finds a Human amending Data by interacting (possibly remotely) with a Process that processes the Data, of which there is a copy on the same Host.

R-HuiDSPH

Finds a Human entering Data by interacting (possibly remotely) with a Process that processes the Data, of which there is a copy on the same Host.

R-HuiPvDCHS

Finds a user interacting directly with a process to view data using a console host located in a space.

R-HuiPvDFCHS

Finds a user interacting directly with a process to view data using a console host located in a space, where the data comes from an inbound data flow.

R-HuiRACvDFCHS

Finds a user interacting directly with a process to view data using a remote access client on a console host located in a space.

R-HuirPD

Finds a Human interacting (possibly remotely) with a Process that is using Data.

R-HuirPiD

Finds Human interacting (possibly remotely) with and entering Data via a Process.

R-HuirPiDF

Finds a (possibly remote) user of an interactive process that inputs data sent from the process in a data flow.

R-HuirPiDS

Finds a (possibly remote) user of an interactive process that inputs data stored from the process in a local data copy.

R-HuirPvD

Finds a (possibly remote) user of an interactive process that views data created by the process.

R-HuirPvDF

Finds a (possibly remote) user of an interactive process that views data received by the process in a data flow.

R-HuirPvDS

Finds a (possibly remote) user of an interactive process that views data loaded by the process from a local data copy.

R-HuWEDF

Finds a Human using a web browser and an email client on the same host, accessing URLs from emails via the browser.

R-HuWESDF

Finds a Human using a web browser to access email, including URLs contained in emails.

R-HuWSMSDF

Finds a Human using a web browser and an SMS client on the same host, accessing URLs from SMS messages via the browser.

R-PaDSH

Finds a Process that is amending data of which there is a copy stored on the same host.

R-PcDSH

Finds a Process that is creating data of which there is a copy stored on the same host.

R-PcPrDS

Finds two processes accessing the same stored copy of data, one of which receives the data (processes it as an input).

R-PcPuDS

Finds two processes accessing the same stored copy of data, one of which reads the data (processes it as a necessary input).

R-PDADAV

Finds a Process creating a data asset controlled by a vault.

R-PDADFI

Finds a Process that sends a Data Flow to a destination process in the direction of a data consumer, plus the associated Data and Data Access assets. The Process is matched twice, so it can be referred to by either role name.

R-PDADFO

Finds a Process that sends a Data Flow to a destination process in the direction of a data store or source, plus the associated Data and Data Access assets. The source of the flow is matched twice, so it can be referred to by either role name.

R-PDF

Finds a Data Flow protected by keys from a vault, plus the data flow source and destination processes. The destination process is matched twice so it can be referred to in either role.

R-PDFDI

Finds a data flow to a process that uses the data as input. The Process is matched twice, so it can be referred to by either role name.

R-PDFFA

Finds a Data Flow, its source and destination processes, and a related data access element at the source.

R-PDFIDADFI

Finds a Process that receives a flow of Data from the direction of a data store, and forwards it towards a data consumer. The Process is matched twice, so it can be referred to by either role name.

R-PDFODADFO

Finds a Process that receives a flow of Data from the direction of a data producer, and forwards it towards a data store. The Process is matched twice, so it can be referred to by either role name.

R-PDFV

Change from: Finds a Data Flow protected by keys from a vault, plus the data flow source and destination processes. The destination process is matched twice so it can be referred to in either role.

R-PDI

Finds a Process that uses Data as input, or displays it to an interactive user.

R-PDIDDF

Finds a Process using Data as input that contains a Data Field.

R-PDO

Finds a Process that creates Data as output, or gets it from an interactive user.

R-PDOScDD

Finds a Data Asset controlled by a vault which is output from a Process.

R-PDP

Finds a Process that implicitly or explicitly serves Data.

R-PDR

Finds a Process acting as a Data Relay.

R-PHHDS

Finds a Physical Host located in a Space, plus data stored on the host or on a virtual host running there.

R-PIP

Finds a Process that uses Data as input with no other source than a locally stored copy (so access to the data is represented by an Input Pool rather than a Data Input).

R-PpDADA

Finds a Process processing data to create a data asset.

R-PrDSH

Finds a Process that is receiving data of which there is a copy stored on the same host.

R-PSDP

Finds a Process that serves stored Data.

R-PsDSH

Finds a Process serving Data of which there is a copy stored on the same host.

R-PuDFDI

Finds a data flow to a process that needs the data as input.

R-RUIDO

Finds a Process that enables remote user input.

R-RUODI

Finds a Process that enables remote user output.

R-ScDDPDADS

Finds a Data Asset controlled by a vault which is outbound from a Process and fulfilled by another inbound Data Asset.

R-ScDSPDADD

Finds a Data Asset controlled by a vault which is inbound to a Process and used to fulfil another outbound Data Asset.

R-ScDSPDI

Finds a Data Asset controlled by a vault which is input to a Process.

R-ScDSPDIcD

Finds a Data Asset controlled by a vault which is input to a Process that creates output.

R-SDUDADS

Finds a Service enabling access for a Data Use, where the Service writes to a local Data Copy.

R-SDUDSDA

Finds a Service enabling access for a Data Use, where the Service reads from a local Data Copy.

R-StoPDA

Finds the Operator of a Process that accesses Data.

MP-CSDF-VdDA2

Finds two process participating in a data flow not encrypted with keys from a vault.

MP-D+DS-cP-iHu

Finds a Data asset that is not email and is not created by any process or user input, but is stored on at least one host. Such Data would need to be static for this situation to make sense.

MP-DADS

Finds a Data Access fulfilling a Data Copy.

MP-DADU-eS

Finds a service controlling access to a data access, which fulfils a data use that is not yet controlled by any process.

MP-DAllDS

Finds all stored copies of a Data asset.

MP-DA-VDBs-pDA

Finds a DB processing data queries using a data asset, which is not encrypted with keys from a vault.

MP-DAVPDA

Finds a Process consuming a data asset controlled by a vault.

MP-DA-VPpDA

Finds a Process processing data using a data asset, which is not encrypted by keys from a vault.

MP-DBsDRDF-V

Finds a DB serving data that is stored on a separate Host and supplied to the DB in a data flow, not encrypted with keys from a vault.

MP-DBs-pDADA-V

Finds a DB processing queries to create a data asset, which is not encrypted by keys from a vault.

MP-DCDFcV

Finds a Data Flow controlled by a key Vault for which there is a Data Cache.

MP-D-DS-cP-iHu

Finds a Data asset that is not email and is not created by any process or user input, and not stored on any host. Such Data is neither dynamic nor static, and since it must be one or the other, it must be an error.

MP-DSDA

Finds a Data Access fulfilled by a Data Copy.

MP-DSPDFVDB

Finds a DB serving data obtained via a data flow from a remote data store, where the stored data is encrypted with keys from a vault.

MP-DSPDF-VDB

Finds a DB serving data obtained via a data flow from a remote data store, where the stored data is not encrypted with keys from a vault.

MP-DUDA-eS

Finds a service controlling access to a data access, which is fulfilled by a data use that is not yet controlled by any process.

MP-HD-aHD-DS

Finds a Host that stores Data but has no Data Copy yet, and is not in a virtualisation stack above another Host that stores the same data.

MP-HDBDRDF

Finds a Host running a DB process acting as a Data Relay for a Data Flow to a destination process, and optionally the DB Process and Host managers.

MP-HDBDSDF

Finds a Host running a DB process acting as a Stored Data Pool for a Data Flow to a destination process, and optionally the DB Process and Host managers.

MP-HDBsDV

Finds a Host running a Database process that serves a stored DataCopy encrypted with keys from a vault, and the associated DataPool.

MP-HDBsD-V

Finds a Host of a Database that is serving locally stored Data that is not encrypted with keys from a vault.

MP-HDCDF

Finds a Data Flow for which there is a Data Cache on the Host of a sending or receiving process.

MP-HDS

Finds a stored copy of Data on a Host, and its Physical Host.

MP-HDSV

Finds a copy of Data encrypted with a key from a vault, stored on a Host, and its Physical Host.

MP-HDS-V

Finds a copy of Data not encrypted with a key from a vault, stored on a Host, and the Physical Host where this is deployed.

MP-HPDAcDS

Finds a Host running a Process that CRUD creates locally stored Data, plus optionally the host and process managers.

MP-HPDADF

Finds a Host running a Process that sends a Data Flow to a destination process, plus the associated Data and Data Access assets, and optionally the Process and Host managers.

MP-HPDADS2dDO

Finds a Host running a Process that writes to a local stored Data Copy, and sources data from two distinct data producers.

MP-HPDADS-crudu

Finds a Host storing a Data Copy fulfilled by a local process that does not CRUD update the data copy.

MP-HPDADSDU

Finds a Host storing a Data Copy fulfilled by a Data Access that sources data from a Data Update (from a process on any Host).

MP-HPDAuDS

Finds a Host running a Process that CRUD updates locally stored Data, plus optionally the host and process managers.

MP-HPDDR+DS+DFfi-fiDF

Finds Host running a Process relaying Data which is stored somewhere in the system, where Data flows to the relay from a data store, but is not sent from the relay.

MP-HPDDR+DS-DA2

Finds Host running a Process relaying Data which is stored somewhere in the system, where there is no flow of data through the relay.

MP-HPDDR+DS-DFfo+foDF

Finds Host running a Process relaying Data which is stored in the system, where Data flows from the relay to a data store, but is not received from any data producer.

MP-HPDDR-DS+DFfi-fiDF

Finds Host running a Process relaying Data which is not stored in the system, where Data flows to the relay from a data producer, but is not sent from the relay.

MP-HPDDR-DS-DA2

Finds Host running a Process relaying Data which is not stored in the system, where there is no flow of data through the relay.

MP-HPDFDADS

Finds a Host running a Process that receives an incoming Data Flow and writes the data to local storage, plus optionally the host and process managers.

MP-HPDFDAuDS

Finds a Host running a Process that CRUD updates locally stored Data by saving an incoming Data Flow, plus optionally the host and process managers.

MP-HPDFDAuDS-V

Finds a Host running a Process that CRUD updates locally stored Data not encrypted with keys from a vault by saving an incoming Data Flow, plus optionally the host and process managers.

MP-HPDFDI

Finds a Host running a Process that receives an incoming Data Flow and uses it as input, plus optionally the host and process managers. The Process is matched twice, so it can be referred to by either role name.

MP-HPDF-VDAuDS

Finds a Host running a Process that CRUD updates locally stored Data, by saving an incoming Data Flow not encrypted with keys from a vault, plus optionally the host and process managers.

MP-HPDF-VDI

Change from: Finds a Host running a Process that receives an incoming Data Flow not encrypted with keys from a vault, and uses it as input, plus optionally the host and process managers. The Process is matched twice, so it can be referred to by either role name.

MP-HPDOcDS-V

Finds a Host running a Process that CRUD creates locally stored Data not encrypted with keys from a vault, which it produces as output, plus optionally the host and process managers.

MP-HPDODF-V

Finds a Host running a Process that creates (possibly from user input) a Data Flow not encrypted with keys from a vault, to send to a destination process, plus the associated Data and Data Output assets, and optionally the Process and Host managers.

MP-HPDOuDS-V

Finds a Host running a Process that CRUD updates locally stored Data not encrypted with keys from a vault, which it produces as output, plus optionally the host and process managers.

MP-HPDSDA-crudr

Finds a Host storing a Data Copy that fulfils a Data Access by a Process on the same Host, where there is no CRUDR relationship between the Process and Data Copy.

MP-HPDSDADF

Finds a Host storing a Data Copy that is read and sent in a data flow by a Process on the same Host, plus optionally the Host and Process managers.

MP-HPDSDADF-V

Finds a Host storing a Data Copy that is read and sent in a data flow not encrypted with keys from a vault by a Process on the same Host, plus optionally the Host and Process managers.

MP-HPDS-fDI-DO-DFI

Finds a Host with a stored Data Copy, running a Process that has a Data Input asset for the same Data that is not yet fulfilled by the stored Data Copy, which is also not fulfilled by an incoming data flow, and where the process does not have a Data Output asset (i.e. the Data Access is not a Data Update).

MP-HPDS-VDADF

Finds a Host storing a Data Copy not encrypted with keys from a vault, that is read and sent in a data flow by a Process on the same Host, plus optionally the Host and Process managers.

MP-HPeD

Finds a Host for a Process that creates and appends to locally stored Data.

MP-HP-iDOdDS

Finds a Host running a Process that has the right to delete locally stored Data which it computes as output (i.e. not coming from a user), plus optionally the host and process managers.

MP-HP-iDODF

Finds a Host running a Process that creates (not from user input) a Data Flow to a destination process, plus the associated Data and Data Output assets, and optionally the Process and Host managers.

MP-HP-iDS

Finds a Host running a process that stores a local copy of data that it did not get from a user, plus optionally the host and process managers.

MP-HP-iDSDI

Finds a stored data input to a process, which is not reviewed and updated by a user, plus the process and data host and optionally the host and process managers.

MP-HPmDFDAcDS

Finds a Host running a Process that CRUD creates locally stored Data from one or more incoming flows, plus optionally the host and process managers.

MP-HPmDFDAcDS-k

Finds a Host running a Process that CRUD creates locally stored Data not encryptable with keys from a vault from one or more incoming flows, plus optionally the host and process managers.

MP-HPmDF-kDAcDS

Finds a Host running a Process that CRUD creates locally stored Data from one or more incoming flows, not decryptable with keys from a vault, plus optionally the host and process managers.

MP-HPsACDAdDS

Finds a Host running a Process that CRUD deletes locally stored Data, plus any location context for access to the Host with the rights of the Process, and optionally the Host and Process managers.

MP-HPsACDOdDS-V

Finds a Host running a Process that CRUD deletes locally stored Data not encrypted using keys from a vault, which it produces as output, plus any location context for access to the Host with the rights of the Process, and optionally the Host and Process managers.

MP-HPsACd-pDS-V

Finds a host running a Process with write/delete access (crudd) to a locally stored data copy not controlled by a key vault, which it does not process (i.e., it serves the data), plus the data access asset representing the data deserialization, the access contexts for the process on this host, any data fields included in the stored data, and optionally the host manager.

MP-HPsACdpDS-V

Finds a host running a Process with write/delete access (crudd) to a locally stored data copy not controlled by a key vault, which it also processes, plus the data access asset representing the data deserialization, the access contexts for the process on this host, any data fields included in the stored data, and optionally the host manager.

MP-HPsACDSrDI

Finds a Host running a Process that CRUD reads a locally stored copy of Data it uses as input, plus any location context for access to the Host with the rights of the Process, and optionally the Host and Process managers.

MP-HPsACr-pDS-V

Finds a host running a Process with read access (crudr) to a locally stored data copy not controlled by a key vault, which it does not process (i.e., it serves the data), plus the data access asset representing the data deserialization, the access contexts for the process on this host, any data fields included in the stored data, and optionally the host manager.

MP-HPsACrpDS-V

Finds a host running a Process with read access (crudr) to a locally stored data copy not controlled by a key vault, which it also processes, plus the data access asset representing the data deserialization, the access contexts for the process on this host, any data fields included in the stored data, and optionally the host manager.

MP-HPsD-DS

Finds a Process serving (but not processing) Data and the process host, where there is no copy of the data stored on the same host, and no DataAccess asset between Process and Data.

MP-HPsDPDFDS

Finds a Host that stores a copy of Data served by and sent to a Process on the same Host, plus the associated Data Flow and Data Pool.

MP-HPsDPDSDF

Finds a Host that stores a copy of Data served by and sent from a Process on the same Host, plus the associated Data Flow and Data Pool.

MP-HPuDSDI

Finds a stored data input needed by a process, plus the process and data host and optionally the host and process managers.

MP-HP-uDSDI

Finds a stored data input to a process, which does not depend on the data, plus the process and data host and optionally the host and process managers.

MP-HP-uDS-VDI

Finds a stored data input not encrypted with keys from a vault to a process, which does not depend on the data, plus the process and data host and optionally the host and process managers.

MP-HPuDS-VDI

Finds a stored data input needed by a process that is not encrypted with keys from a vault, plus the process and data host and optionally the host and process managers.

MP-HsACDS

Finds a stored copy of Data on a Host, plus location contexts in which the host is accessible.

MP-HsACDS-V

Finds a stored copy of Data on a Host that is not encrypted using keys from a vault, plus location contexts in which the host is accessible.

MP-HuaD-DS

Finds a Human that alters (views and inputs) data where there is not yet a DataCopy relating to the data.

MP-HuaDPH-DS-DA

Finds a Human amending Data by interacting (possibly remotely) with a Process that processes the Data, of which there is no copy on the same Host, and as yet no Data Access associated with this Process and Data.

MP-HuaDPH-DS-DP

Finds a Human amending Data by interacting (possibly remotely) with a Process that processes the Data, of which there is no copy on the same Host, and as yet no Data Pool anywhere associated with this Data.

MP-HuaDRAC-DA

Finds a Human amending Data remotely via a Remote Access Client, where there is no Data Access asset for access to the Data by the RAC.

MP-HuaDSPH-DP

Finds a Human amending Data by interacting (possibly remotely) with a Process that processes the Data, of which there is a copy on the same Host, where there is as yet no Data Pool associated with the data.

MP-HuiPv-iDFCHS

Finds a user interacting directly with a process to view but not enter data using a console host located in a space, where the data comes from an inbound data flow.

MP-HuiPv-iD-FCHS

Finds a user interacting directly with a process to view but not enter data using a console host located in a space, where the data does not comes from a data flow.

MP-HuiRACv-iDFCHS

Finds a user interacting directly with a process to view data using a remote access client on a console host located in a space.

MP-HuirPD

Finds a Human interacting (possibly remotely) with a Process that is using Data.

MP-HuirPiD-DF-DS

Finds Human interacting (possibly remotely) with and entering Data via a Process, which does not just store or forward the data.

MP-HuirPiDF

Finds a (possibly remote) user of an interactive process that enters data sent from the process in a data flow.

MP-HuirPiDS

Finds a (possibly remote) user of an interactive process that inputs data stored from the process in a local data copy.

MP-HuirPvDF

Finds a (possibly remote) user of an interactive process that views data received by the process in a data flow.

MP-HuirPvDS

Finds a (possibly remote) user of an interactive process that views data loaded by the process from a local data copy.

MP-HuirPv-iD

Finds a (possibly remote) user of an interactive process that views but does not update data created by the process.

MP-Hui-vDPH-DS-DA

Finds a Human entering Data by interacting (possibly remotely) with a Process that processes the Data, of which there is no copy on the same Host, and there is as yet no Data Access associated with this Process and Data.

MP-Hui-vDPH-DS-DP

Finds a Human entering Data by interacting (possibly remotely) with a Process that processes the Data, of which there is no copy on the same Host, where there is as yet no Data Pool associated with the data.

MP-Hui-vDSPH-DP

Finds a Human entering Data by interacting (possibly remotely) with a Process that processes the Data, of which there is a copy on the same Host, where there is as yet no Data Pool associated with the data.

MP-HuWEDF

Finds a Human using a web browser that is receiving a data flow from an email service.

MP-HuWESDF

Finds a Human using a web browser to access email, including URLs contained in emails.

MP-HuWSMSDF

Finds a Human using a web browser and an SMS client on the same host, accessing URLs from SMS messages via the browser.

MP-PaD-DS

Finds a process that alters (read and write) output data where there is not yet a DataCopy relating to the data.

MP-PaDH-DS-Hu-DA

Finds a Process that is amending data of which there is no copy stored on the same host, where the process does not enable a user to enter the data, and there is as yet no data access associated with this Process and Data.

MP-PaDH-DS-Hu-DP

Finds a Process that is amending data of which there is no copy stored on the same host, where the Process is not enabling a user to enter the data, and there is as yet no data pool anywhere associated with this Data.

MP-PaDSH-Hu-DP

Finds a Process that is amending data of which there is a copy stored on the same host, where the Process is not enabling a user to amend the data, and there is as yet no Data Pool associated with the Data.

MP-PcPr-uDS-V

Finds two distinct processes accessing the same stored copy of data not encrypted with keys from a vault, one of which receives the data (processes it as an input) but does not depend on it.

MP-PcPuDS-V

Finds two distinct processes accessing the same stored copy of data not encrypted with keys from a vault, one of which reads the data (processes it as a necessary input).

MP-Pc-rDH-DS-Hu-DA

Finds a Process that is creating data of which there is no copy stored on the same host, where the process does not enable a user to enter the data, and there is as yet no data access associated with this Process and Data.

MP-Pc-rDH-DS-Hu-DP

Finds a Process that is creating data of which there is no copy stored on the same host, where the process does not enable a user to enter the data, and there is as yet no Data Pool associated with the Data.

MP-Pc-rDSH-Hu-DP

Finds a Process that is creating data of which there is a copy stored on the same host, where the Process is not enabling a user to enter the data, and there is as yet no Data Pool associated with the Data.

MP-PDADAV

Finds a Process creating a data asset controlled by a vault.

MP-PDF

Finds a Data Flow (excluding Spam), plus source and destination processes, plus optionally the users responsible for the two processes. The destination process is matched twice so it can be referred to in either role.

MP-PDFIDADFI

Finds a Process that receives a flow of Data from a data store or source that it does not get from local storage, and forwards it towards a data consumer. The Process is matched twice, so it can be referred to by either role name.

MP-PDFODADFO

Finds a Process that receives a flow of Data from a data producer that it does not get from local storage, and forwards it towards a data store. The Process is matched twice, so it can be referred to by either role name.

MP-PDFV

Change from: Finds a Data Flow protected by keys from a vault, plus the data flow source and destination processes. The destination process is matched twice so it can be referred to in either role.

MP-PDF-V

Change from: Finds a Data Flow protected by keys from a vault, plus the data flow source and destination processes. The destination process is matched twice so it can be referred to in either role.

MP-PDI

Finds a Process that uses Data as input, or displays it to an interactive user.

MP-PDI+DO-DS-S

Finds a Process that uses Data as input, or displays it to an interactive user, where the data is not stored anywhere, and there is no process that enables and controls the Data access, but there is a process creating the data.

MP-PDI+DS-S

Finds a Process that uses Data as input, or displays it to an interactive user, where there is at least one stored copy of the data, but there is no process that enables and controls the Data access.

MP-PDIDDF-DA

Finds a Process using Data as input that contains a Data Field, but fulfilled by no data asset that includes the field.

MP-PDI-Hu

Finds a Process that uses Data as input and does not have an interactive user.

MP-PDO

Finds a Process that creates Data as output, or gets it from an interactive user.

MP-PDO+DS-S

Finds a Process that creates Data as output, or gets it from an interactive user, where there is at least one stored copy of the data, but there is no process that enables and controls access.

MP-PDO-DI

Finds a Process that creates Data as output, possibly by getting it from an interactive user, but does not use the same Data as input.

MP-PDOScDD-DS

Finds a Data Asset controlled by a vault which is output from a Process, and not fulfilled by any inbound data asset.

MP-PDR

Finds a Process acting as a Data Relay.

MP-PHHDS

Finds a Physical Host located in a Space, plus data stored on the host or on a virtual host running there, plus optionally a user of the physical host.

MP-P-iDFDI

Finds a data flow to a process that uses the data as input, where the data does not come from an interactive user, plus optionally the process manager. The Process is matched twice, so it can be referred to by either role name.

MP-PmDFIDADFI

Finds a Process that forwards flowing data from one or more sources but not from local storage in the direction of a data consumer, plus the associated Data and Data Access assets. The forwarding Process is matched twice, so it can be referred to by either role name.

MP-PmDFIDADFI-k

Change from: Finds a Process that forwards flowing data from one or more sources but not from local storage in the direction of a data consumer, plus the associated Data and Data Access assets. The forwarding Process is matched twice, so it can be referred to by either role name.

MP-PmDFI-kDADFI

MP-PmDFODADFO

Finds a Process that forwards flowing data from one or more sources but not from local storage in the direction of a data store or source, plus the associated Data and Data Access assets. The forwarding Process is matched twice, so it can be referred to by either role name.

MP-PmDFODADFO-k

Change from: Finds a Process that forwards flowing data from one or more sources but not from local storage in the direction of a data store or source, plus the associated Data and Data Access assets. The forwarding Process is matched twice, so it can be referred to by either role name.

MP-PmDFO-kDADFO

MP-PpDADA-V

Finds a Process processing data to create a data asset, which is not encrypted by keys from a vault.

MP-Pr-cDH-DS-Hu-DA

Finds a Process that is receiving data of which there is no copy stored on the same host, where the process does not enable a user to enter the data, and there is as yet no data access associated with this Process and Data.

MP-Pr-cDSH-Hu-DP

Finds a Process that is receiving data of which there is a copy stored on the same host, where the process does not enable a user to enter the data, and there is as yet no Data Pool associated with the Data.

MP-PSDP

Finds a Process that serves stored Data.

MP-PsDSH-DP

Finds a Process serving (but not processing) Data stored on its own local Host, and the corresponding Data Copy, where there is no data pool associated with the same data.

MP-PuDFDI

Finds a data flow to a process that needs the data as input, plus optionally the process manager.

MP-P-uDFDI

Finds a data flow to a process that uses the data as input without depending on the data, plus optionally the process manager. The Process is matched twice, so it can be referred to by either role name.

MP-RUIDO

Finds a Process that enables remote user input.

MP-RUODI

Finds a Process that enables remote user output.

MP-ScDDPDADS-cz

Finds a Data Asset controlled by a vault which is outbound from a Process and fulfilled by an uncontrolled inbound Data Asset, and where the Process does not get tokens from the vault.

MP-ScDSPDADD-cz

Finds a Data Asset controlled by a vault which is inbound to a Process and used to fulfil an uncontrolled outbound Data Asset, and where the Process does not get tokens from the vault.

MP-ScDSPDIcD

Finds a Data Asset controlled by a vault which is input to a Process that creates output.

MP-ScDSPDI-DD

Finds a Data Asset controlled by a vault which is input to a Process, but does not fulfil any outbound data asset.

MP-SDUDADS

Finds a Service enabling access for a Data Use, where the Service writes to a local Data Copy.

MP-SDUDSDA

Finds a Service enabling access for a Data Use, where the Service reads from a local Data Copy.

MP-StoPDA

Finds a Stakeholder operating a Process that accesses Data.

(empty)

D.A.DallDS.0

Loss of availability in all copies of Data: the system is supposed to store the data Data, so if there are no available stored copies, the system-level availability of Data is affected.

D.C.HuiPv-iDFCHS.3

Data Data sent from FlowsFrom to Process leaks by shoulder surfing Human in space Space: if Human is not careful, someone with access to space Space could shoulder surf a session during which Human views Data via the user interface of Process on host device Host.

D.C.HuiPv-iD-FCHS.3

Data Data displayed by Process leaks by shoulder surfing Human in space Space: if Human is not careful, someone with access to space Space could shoulder surf a session during which Human views Data via the user interface of Process on host device Host.

D.C.HuiRACv-iDFCHS.3

D.E.D+DS-cP-iHu.9

Stored data Data is not created by any process: this may mean it is static data inserted into the system during deployment on at least one system host. If so, use controls to specify that this is the case. If it is not static data then there should be at least one process that creates, amends, updates or appends the data.

D.E.D-DS-cP-iHu.9

Data Data is not created by any process or user nor stored on any host: this means the data is neither dynamic data created or updated in the system, nor static data stored in the system. Since Data must be one or the other, there must be an error in the model. If Data is static, initialised when the system is deployed, then specify on which host it is stored. Otherwise, specify a process that creates, amends, updates or appends the data, or a user that inputs the data.

D.E.HuaD-DS.9

User Human cannot amend volatile data Data: since Datais not stored on any host, it is not possible for Human to amend (or view and input) Data. For that to happen, Human (via some interactive process) would need to load the data from local or remote storage, then apply changes. If the relationship from Human to Data is not an error, add a 'stores' relationship to Data from a host where it is stored.

D.I.D.0

Corruption of data Data: if an attacker can inject forged (unauthentic) content into data Data somewhere within the system, then there is also a loss of integrity in data Data.

DB.A.DBsDRDF-V.6

Database Service cannot process queries on encrypted data Data accessed via FlowsFrom: the flow of data Data supplied by FlowsFrom is encrypted. While a database can serve encrypted data, it cannot process a query based on data values without some means of access.

DB.A.HDBsD-V.6

Database Service cannot process queries on encrypted data Data stored on Host: the stored copy of input Data at Host is encrypted. While a database can serve encrypted data, it cannot process a query based on data values without some means of access.

DB.O.DA-VDBs-pDA.6

Encrypted processing of queries on Data by Service causes overload: if Service performs query processing in the encrypted domain, the performance overhead will be significant.

DB.O.DBs-pDADA-V.6

Encrypted processing of queries on Data by Service causes overload: if Service performs query processing in the encrypted domain, the performance overhead will be significant.

DB.O.DSPDFVDB.6.1

Database service Service overloaded by decryption of data Data from Process: since data Data stored on Host is encrypted with keys from Vault, query processing by Service will require retrieval and decryption of a large volume of data. The resulting computational overhead may overload database service Service.

DB.O.DSPDF-VDB.6.1

Database service Service overloaded by decryption of data Data from Process: since data Data stored on Host is encrypted, query processing by Service will require retrieval and decryption of a large volume of data. The resulting computational overhead may overload database service Service.

DB.O.DSPDFVDB.6.2

Data service Process overloaded by decryption of data Data for Service: since data Data stored on Host is encrypted with keys from Vault, query processing by Service will require decryption of a large volume of data. The resulting computational overhead may overload the data server Process.

DB.O.DSPDF-VDB.6.2

Data service Process overloaded by decryption of data Data for Service: since data Data stored on Host is encrypted, query processing by Service will require decryption of a large volume of data. The resulting computational overhead may overload the data server Process.

DB.O.HDBsDV.6

Database service Service overloaded by cryptographic overheads: the stored copy of Data on device Host is encrypted with keys from Vault, so the database service Service has to decrypt entire tables to run queries, making query processing inefficient.

DB.O.HDBsD-V.6

Database service Service overloaded by cryptographic overheads: the stored copy of Data on device Host is encrypted, so the database service Service has to decrypt entire tables to run queries, making query processing inefficient.

DF.A.CSDF-VdDA2.6

Inconsistent encryption of Data flowing from Service to Client: processes Client and Service exchange data Data in encrypted form but uses a key to encrypt or decrypt between transfer and processing, so they need a secure way to also share the cryptographic key used.

DF.A.HPDF-VDI.6

Process Process cannot consume encrypted data Data from FlowsFrom: the flow of Data from FlowsFrom to Process is encrypted, so it cannot be consumed without a key.

DF.A.HPDODF-V.6.1

Process Process cannot encrypt output Data for transmission to FlowsTo: the flow of output data Data from Process to FlowsTo should be encrypted, but Process has no means to encrypt the data before sending it.

DF.A.HPDODF-V.6.2

Process Process cannot decrypt output Data computed in the encrypted domain: the flow of output data Data from Process to FlowsTo should be decrypted, but process Process computed it in an encrypted domain (using a secure computation method such as homomorphic encryption) and has no means to decrypt the result before sending it.

DF.A.HPDSDADF.0

Service Process cannot serve unavailable data Data to FlowsTo: the locally stored copy of Data on Host used by Process is not available, so cannot be sent in a data flow to FlowsTo.

DF.A.HPDSDADF-V.6

Service Process cannot send unencrypted data Data to FlowsTo: because the stored copy of Data on Host is not encrypted, and FlowsTo expects an encrypted version, it is not possible for Process to send it without a key.

DF.A.HPDS-VDADF.6

Service Process cannot decrypt data Data for transmission to FlowsTo: the stored copy of Data on Host is encrypted, but FlowsTo expects an unencrypted version, and Process has no means to decrypt the data before sending it.

DF.A.PDF.6.1

Loss of availability in the disabled flow of data Data from FlowsFrom to Process: the flow of Data between FlowsFrom to Process has been disabled to maintain security or prevent a breach of regulations, but as a result the data flow is now unavailable.

DF.A.PDF.6.3

Loss of availability from suspending the flow of corrupt data Data from FlowsFrom to Process: if a contingency plan is used in which the flow of Data between FlowsFrom to Process is disabled if the data is corrupt, then the flow of data Data from FlowsFrom to Process will become unavailable.

DF.A.PDF.6.4

Loss of availability from suspending the flow of infected data Data from FlowsFrom to Process: if a contingency plan is used in which the flow of Data between FlowsFrom to Process is disabled if the data becomes infected with malware, then the flow of data Data from FlowsFrom to Process will become unavailable.

DF.A.PmDFIDADFI.0

Data Data cannot be forwarded by Process to FlowsTo because the incoming data flow is not available: if the flow of data Data to Process is unavailable, the flow of the same data from Process to FlowsTo will also be unavailable.

DF.A.PmDFIDADFI-k.6

Unencrypted data Data cannot be forwarded by Process to FlowsTo: if the flow of data Data to Process is not encrypted, it cannot be forwarded to FlowsTo which expects it to be encrypted.

DF.A.PmDFI-kDADFI.6

Encrypted data Data cannot be forwarded by Process to FlowsTo: if the flow of data Data to Process is encrypted, it cannot be forwarded to FlowsTo which expects it to be unencrypted.

DF.A.PmDFODADFO.0

DF.A.PmDFODADFO-k.6

DF.A.PmDFO-kDADFO.6

DF.Auth.HDCDF.0

Cached flow of data Data from FlowsFrom to FlowsTo altered on Host: if the flow of Data from FlowsFrom to FlowsTo is cached on Host, and an attacker is able to tamper with the cache, the data flow will be affected. This is a secondary threat whereby changes to the cache propagate to the data flow - the attack will be what caused the cache to lose authenticity.

DF.Auth.HPDSDADF.0

Service Process serves an unauthentic stored copy of data Data to FlowsTo: if the locally stored copy of Data on Host served by Process is unauthentic, so will the flow of Data served to FlowsTo.

DF.Auth.HuWEDF.3

Phishing attack fools Human into loading malicious URL to WebBrowser: user Human viewing email in their mail client MUA clicks on a malicious link, sending it to their web browser WebBrowser.

DF.Auth.HuWESDF.3

Phishing attack fools Human feeding malicious URL to WebBrowser: user Human viewing email via webmail service MUA clicks on a malicious link, sending it to their web browser WebBrowser.

DF.Auth.HuWSMSDF.3

Smishing attack fools Human feeding malicious URL to WebBrowser: user Human clicks on a malicious link in a text message on their phone Host, sending it to their web browser WebBrowser.

DF.Auth.PDFIDADFI.0

Unauthentic data Data from FlowsFrom forwarded by Process to FlowsTo: if the flow of data Data from process FlowsFrom to process Process is unauthentic, so is the forwarded flow to FlowsTo.

DF.Auth.PDFODADFO.0

DF.I.HDBDRDF.0

Loss of reliability at DB corrupts outbound flow of data Data to FlowsTo: if there is a loss of reliability at process DB it may send corrupt output Data to FlowsTo. Normally, this is not considered likely when DB is acting only as a data relay, but DB is a DB process which processes incoming queries before requesting or forwarding data, so a loss of reliability may lead to the wrong data being retrieved or updated.

DF.I.HDBDSDF.0

Loss of reliability at DB corrupts outbound flow of data Data to FlowsTo: if there is a loss of reliability at process DB it may send corrupt output Data to FlowsTo. Normally, this is not considered likely when DB is serving stored data, but DB is a DB process, so it selects data by processes incoming queries, so a loss of reliability may lead to retrieval or update of the wrong data.

DF.I.HDCDF.0

Cached flow of data Data from FlowsFrom to FlowsTo corrupted on Host: if the flow of Data from FlowsFrom to FlowsTo is cached on Host, and the cache is corrupt, the data flow will be affected. This is a secondary threat whereby changes to the cache propagate to the data flow - the cause is whatever caused the cache to lose integrity.

DF.I.HPDSDADF.0

Service Process serves a corrupt stored copy of data Data to FlowsTo: if the locally stored copy of Data on Host served by Process is corrupt, so will the flow of Data served to FlowsTo.

DF.I.HP-iDODF.0

Loss of reliability at Process corrupts outbound flow of data Data to FlowsTo: if there is a loss of reliability at process Process it may send corrupt output Data to FlowsTo.

DF.I.HuirPiDF.0

User Human interacting with Process provides incorrect input Data: user Human provides incorrect input Data to Process, due to having previously received corrupt data from the system.

DF.I.PDFIDADFI.0

Corrupt data Data from FlowsFrom forwarded by Process to FlowsTo: if the flow of data Data from process FlowsFrom to process Process is corrupt, so is the forwarded flow to FlowsTo.

DF.I.PDFODADFO.0

DF.T.HPDSDADF.0

Service Process serves an out of date stored copy of data Data to FlowsTo: if the locally stored copy of Data on Host served by Process is out of date, so will the flow of Data served to FlowsTo.

DF.T.HP-iDODF.0

Output Data produced by Process based on out of date inputs: if process Process is unable to access inputs in a timely manner, then the output Data it sends to FlowsTo will also be out of date.

DF.T.HuirPiDF.0

User Human interacting with Process provides out of date input Data: user Human provides out of date input Data to Process, due to having not previously received data in a timely fashion from the system.

DF.T.PDFIDADFI.0

Out of date data Data from FlowsFrom forwarded by Process to FlowsTo: if the flow of data Data from process FlowsFrom to process Process is out of date, the forwarded flow to FlowsTo will also be out of date.

DF.T.PDFODADFO.0

DF.W.HDCDF.0

Cached flow of data Data from FlowsFrom to FlowsTo infected on Host: if the flow of Data from FlowsFrom to FlowsTo is cached on Host, and the cache gets infected by malware, the data flow will be affected. This is a secondary threat whereby changes to the cache propagate to the data flow - the cause is whatever infected the cache.

DF.W.HPDADF.7

Malware insertion in flow of Data to FlowsTo by Process to : if process Process is infected by self-propagating malware, it may insert the malware into the copy of Data sent to process FlowsTo.

DF.W.HPDSDADF.0

Service Process serves an infected stored copy of data Data to FlowsTo: if the locally stored copy of Data on Host served by Process is infected by malware, so will the flow of Data served to FlowsTo.

DF.W.PDFIDADFI.0

Infected data Data from FlowsFrom forwarded by Process to FlowsTo: if the flow of data Data from process FlowsFrom to process Process is infected by malware, so is the forwarded flow to FlowsTo.

DF.W.PDFODADFO.0

DF.X.PDFV.6

Flow of Data from FlowsFrom to Process is encrypted: which means the inflowing copy of the data is not available for unencrypted access.

DF.X.PDF-V.6

Flow of Data from FlowsFrom to Process is encrypted: which means the inflowing copy of the data is not available for unencrypted access.

DF.Y.PDF-V.8

Flow of Data from FlowsFrom to Process is unencrypted: which means the inflowing copy of the data is not available for encrypted access.

DS.A.HDS.7

Infected host Host encrypts or deletes data Data: an attacker having infected device Host with malware exploits a vulnerability in device Host and is able to delete or otherwise disable access to the stored copy of Data on the device.

DS.A.HPDAcDS.0

Unavailable process Process cannot create stored copy of Data on Host: if process Process is not available, then it cannot create a local stored copy of Data on Host, so that copy will not be available.

DS.A.HPDOcDS-V.6

Process Process cannot create encrypted data Data: if the local copy of Data is encrypted, then process Process that creates the data will be unable to store that copy unless it has a key or can produce the data in the encrypted domain.

DS.A.HPmDFDAcDS.0

Data Data cannot be stored on Host by Process due to lack of incoming data flows: service Process manages storage of data Data, but if no flows of Data to Process are available, it cannot save a copy of Data on its host Host, which will therefore be unavailable.

DS.A.HPmDFDAcDS-k.6

Decrypted data Data cannot be stored on Host by Process: service Process manages storage of an encrypted copy of data Data, so if all flows of Data to Process are decrypted the stored copy cannot be created unless Process has an encryption key.

DS.A.HPmDF-kDAcDS.6

Encrypted data Data cannot be stored on Host by Process: service Process manages storage of an unencrypted copy of data Data, so if all flows of Data to Process are encrypted the stored copy cannot be created unless Process has a decryption key.

DS.A.HPsACDAdDS.1

Use of Process to prevent access to Data: someone with the rights of Process on its host device Host can exploit the rights of Process to delete the locally stored copy of Data.

DS.A.HPsACDAdDS.7

Infected process Process encrypts or deletes data Data: the process having become infected by malware is able to delete or otherwise disable access to the stored copy of Data on its host device Host.

DS.A.HPsACDOdDS-V.6

Process Process cannot create decrypted output data Data: if the local copy of Data is sypposed to be decrypted, then process Process creating the data in the encrypted domain will be unable to store the output.

DS.A.HsACDS.1.2

Use of admin privileges at Host to control availability of Data: anyone with admin rights at Host can delete or otherwise prevent access to copies of Data stored on the Host.

DS.A.HsACDS.1.3

Use of user privileges at Host to control availability of Data: anyone with user privileges at Host can delete or otherwise prevent access to copies of Data stored on the Host.

DS.A.PHHDS.3

Stored copy of Data on AHost lost due to theft or destruction of Host in Space : an attacker with access to Space can physically steal or destroy device Host, removing it from the system, rendering data stored on AHost unavailable. The threat to data is distinct from the threat to the host, as Host could be replaced if the loss is detected, but that would not restore the lost copy of Data.

DS.Auth.HPDFDADS.0

Flow of unauthentic data Data from FlowsFrom is stored by data service Process: if the flow of data Data from FlowsFrom to Process is unauthentic, then so will be the copy saved locally on device Host by Process.

DS.Auth.HPsACd-pDS-V.1

Use of Process to alter Data stored on Host: someone with the rights of Process on its host device Host can exploit the rights of Process to serve and update the locally stored copy of Data.

DS.Auth.HPsACdpDS-V.1

Use of Process to alter Data on Host: someone with the rights of Process on its host device Host can exploit the rights of Process to process and update the locally stored copy of Data.

DS.Auth.HPsACd-pDS-V.1.6

Use of compromised key at Process to alter Data stored on Host: someone with the rights of Process on its host device Host can alter the local encrypted copy of data Data by using a cryptographic key assigned to Process allowing it to serve the data.

DS.Auth.HsACDS-V.1.2

Use of admin privileges at Host to alter Data stored on Host: anyone with admin rights at Host can alter copies of Data stored on the Host, introducing malicious content designed to subvert anyone or anything using the data.

DS.Auth.HsACDS-V.1.3

Use of user privileges at Host to alter Data stored on Host: anyone with user privileges at Host can alter copies of Data stored on the Host, introducing malicious content designed to subvert anyone or anything using the data.

DS.C.HPsACr-pDS-V.1

Use of Process to access Data stored on Host: someone with the rights of Process on its host device Host can exploit the rights of Process to read and serve the locally stored copy of Data.

DS.C.HPsACrpDS-V.1

DS.C.HPsACr-pDS-V.1.6

Use of compromised key at Process to access Data stored on Host: someone with the rights of Process on its host device Host can access the local encrypted copy of data Data by using a cryptographic key assigned to Process allowing it to serve the data.

DS.C.HsACDS-V.1.2

Use of admin privileges at Host to access stored data Data: anyone with admin rights at Host can read (unencrypted) copies of Data stored on the Host.

DS.C.HsACDS-V.1.3

Use of user privileges at Host to access stored data Data: anyone with user privileges at Host can read copies of Data stored on the Host.

DS.I.HPDFDADS.0

Flow of corrupt data Data from FlowsFrom is stored by data service Process: if the flow of data Data from FlowsFrom to Process is corrupt, then so will be the copy saved locally on device Host by Process.

DS.I.HP-iDS.0

Unreliable process Process corrupts locally stored copy of Data: if process Process is not reliable, it may accidentally corrupt a copy of Data stored on its host device Host, to which it has write access.

DS.I.HuirPiDS.0

DS.T.HPDAuDS.0

Unavailable process Process cannot update stored copy of Data: if process Process is not available, then it cannot update a local stored copy of Data on Host, which will become out of date.

DS.T.HPDFDADS.0

Stale data Data from FlowsFrom is stored by data service Process on Host: if the flow of data Data from FlowsFrom to Process is out of date, then so will be the copy saved locally on device Host by Process.

DS.T.HPDFDAuDS.0

Data Data stored on Host cannot be updated by Process with input from FlowsFrom: process Process manages a stored copy of data Data on Host, so if a flows of updates from FlowsFrom is not available, then Process cannot update this copy of Data which will become out of date.

DS.T.HPDFDAuDS-V.6

Encrypted data Data stored on Host cannot be updated by Process with unencrypted input from FlowsFrom: process Process manages an encrypted stored copy of data Data on Host, so if the flows of updates from FlowsFrom is not encrypted, then Process cannot update this copy of Data without a key, so this copy will become out of date.

DS.T.HPDF-VDAuDS.6

Unencrypted data Data stored on Host cannot be updated by Process with encrypted input from FlowsFrom: process Process manages an unencrypted stored copy of data Data on Host, so if the flows of updates from FlowsFrom is encrypted, then Process cannot update this copy of Data without a key, so this copy will become out of date.

DS.T.HPDOuDS-V.6

Process Process cannot update encrypted data Data stored on Host: if the local copy of Data on Host is encrypted, then process Process that creates the data will be unable to save updates unless it has a key or can produce the data in the encrypted domain, so this copy of Data will become out of date.

DS.T.HP-iDOdDS.0

Output Data computed by Process from stale inputs is stored on Host: if process Process uses out of date inputs, then its output Data computed by Process (not obtained from a user) and saved locally on device Host will also be out of date.

DS.T.HuirPiDS.0

User Human interacting with Process provides stale input Data: user Human provides input Data which is stored by Process on Host, so if Human is working on outdated information, the stored copy will also be out of date.

DS.W.HPDFDADS.0

Flow of infected data Data from FlowsFrom is stored by data service Process: if the flow of data Data from FlowsFrom to Process is infected by malware, then so will be the copy saved locally on device Host by Process.

DS.W.HPsACDAdDS.7

Infected process Process infects data Data stored on host Host: the process having become infected by malware is able to insert itself into the stored copy of Data on its host device Host.

DS.X.HDSV.6

Stored copy of Data on Host is encrypted: which means this copy is not available for unencrypted access.

DS.X.HDS-V.6

Stored copy of Data on Host is encrypted: which means this copy is not available for unencrypted access.

DS.Y.HDS-V.8

Stored copy of Data on Host is unencrypted: which means this copy is not available for encrypted access.

Hu.T.HuirPvDF.0.1

User Human affected by out of date data Data from FlowsFrom received by Process: if the flow of data Data to Process is out of date, and this is displayed to user Human, they will start to make decisions based on the out of date information.

Hu.T.HuirPvDF.0.2

User Human affected by unavailable data Data from FlowsFrom received by Process: if the flow of data Data to Process is interrupted, that would have been displayed to user Human, they may make decisions based on the out of date information.

Hu.T.HuirPvDS.0.1

User Human affected by out of date data Data read by process Process: if a locally stored copy of Data is out of date, and this is loaded by process Process and displayed to user Human, they may make decisions based on the out of date information.

Hu.T.HuirPvDS.0.2

User Human affected by out of date data Data read by process Process: if a locally stored copy of Data is unavailable, and this would have been loaded by process Process and displayed to user Human, they may make decisions based on out of date information.

Hu.T.HuirPv-iD.0

User Human affected by out of date output Data from Process: if process Process is using out of date input, any output it provides for display to interactive user Human will be out of date, and will affect the user.

Hu.U.HuirPvDF.0

User Human affected by corrupt data Data from FlowsFrom received by Process: if the flow of data Data to Process is corrupt, and this is displayed to user Human, they may make decisions based on the incorrect information.

Hu.U.HuirPvDF.3

User Human affected by accessing forged Data from FlowsFrom via Process: user Human interacts via Process with data Data sent from FlowsFrom, so if the incoming data contains malicious alterations, then Human may make decisions based on false information.

Hu.U.HuirPvDS.0

User Human affected by corrupt data Data read by process Process: if a locally stored copy of Data is corrupt, and this is loaded by process Process and displayed to user Human, they may make decisions based on incorrect information.

Hu.U.HuirPvDS.3

User Human affected by forged data Data read by process Process: if a locally stored copy of Data contains malicious alterations designed to deceive, and this is loaded by process Process and displayed to user Human, they may make decisions based on false information.

Hu.U.HuirPv-iD.0

User Human affected by output Data from unreliable process Process: if process Process is unreliable, any output it provides for display to interactive user Human is likely to be incorrect and may affect the user.

P.A.HPuDSDI.0

Process Process cannot access copy of Data stored on Host: since process Process depends on having access to Data via a stored copy on its host device Host , if the stored copy is not available then the availability of Process will be affected.

P.A.HPuDS-VDI.6

Process Process cannot read encrypted input Data stored on Host: the stored copy of input Data at Host is encrypted, and the process does not have a key.

P.A.PcPuDS-V.6

Process Client cannot access input Data from Service due to inconsistent encryption: processes Client and Service both access a copy of Data stored in encrypted form, so they need a secure way to also share the cryptographic keys used.

P.A.PuDFDI.0

Lack of incoming Data affects availability of Process: process Process depends on an incoming flow of Data from FlowsFrom, so if that is unavailable the availablity of the process will be affected.

P.E.DAVPDA.9

Process Process should not consume Databy using homomorphic encryption: the serialised form of Data is encrypted using a shared key controlled by Vault, so it makes no sense to process this data in the encrypted domain. The domain model does not support such an arrangement.

P.E.HPDDR+DS+DFfi-fiDF.9

Relay Process has no destination for stored data Data: the model specifies that Process serves Data that is not stored on the process host Host. This means Process is acting as a data relay between a service providing access to a stored copy, and a data consumer process. However, while Process can get data from such a service, there are no flows of Data from Process, implying that Process cannot communicate wth any process that consumes Data. This may mean such a process, or the relationshp from such a process to Data has been omitted, or that Process was meant to be a data storage service rather than a relay, i.e., that Data should be stored on Host.

P.E.HPDDR+DS-DA2.9

Disconnected relay Process for stored data Data: the model specifies that Process serves Data that is not stored on the process host Host. This means Process is acting as a data relay between a data store and other processes. However, there is no flow of data Data through Process, implying that it cannot communicate wth any process that produces Data or provides access to a local copy on its host. This may mean such a process, or the relationshp from such a process to Data has been omitted.

P.E.HPDDR+DS-DFfo+foDF.9

Relay Process has no source for stored data Data: the model specifies that Process serves Data that is not stored on the process host Host. This means Process is acting as a data relay between a data producer process and a service providing access to a stored copy. However, while Process can send data to such a storage service, there are no flows of Data to Process, implying that Process cannot communicate wth any process that produces Data. This may mean such a process, or the relationshp from such a process to Data has been omitted, or that Process was meant to be a data storage service rather than a relay, i.e., that Data should be stored on Host.

P.E.HPDDR-DS+DFfi-fiDF.9

Disconnected relay Process for volatile data Data: the model specifies that Process serves Data that is not stored on the process host Host. This means Process is acting as a data relay between a data producer process and a data consumer process. However, although there is a flow of Data to Process, it is not forwarded, implying that Process cannot communicate wth any process that consumes Data. This may mean such a process, or the relationshp from such a process to Data has been omitted, or that Process was meant to be a data storage service rather than a relay, i.e., that Data should be stored on Host.

P.E.HPDDR-DS-DA2.9

Disconnected relay Process for volatile data Data: the model specifies that Process serves Data that is not stored on the process host Host. This means Process is acting as a data relay between a data producer process and a data consumer process. However, there is no flow of data Data through Process, implying either that it cannot communicate wth any process that produces Data. This may mean such a process, or the relationshp from such a process to Data has been omitted, or that Process was meant to be a data storage service rather than a relay, i.e., that Data should be stored on Host.

P.E.HuirPD.9

Inappropriate use of encrypted domain processing of Data at Process: Process is interactive, so user Human will need to work with data Data, which means the processing cannot be done in the encrypted domain. To fix this error, deselect encrypted processing controls.

P.E.PaD-DS.9

Process Process cannot amend volatile data Data: since Datais not stored on any host, it is not possible for Process to amend or update Data. For that to happen, Process would need to get a current value and then change it. This only makes sense if Data is persistent. If the relationship of Process to Data is correct, then there is a missing host 'stores' data relationship. If Data really is volatile, change the relationship of Process to Data to specify whether Process creates or uses Data (but not both).

P.E.PDADAV.9

Process Process should not produce Databy using homomorphic encryption: the serialised form of Data is encrypted using a shared key controlled by Vault, so it makes no sense to process this data in the encrypted domain. The domain model does not support such an arrangement.

P.E.PDI+DO-DS-S.9

Process Process cannot access data Data: process Process uses Data as input or for display to an interactive user. In this case, Data is not stored anywhere, and there is no way for Process to be sent new values from a process that creates Data as output, either direct or via other processes. You should add one or more process-process uses relationships (and possibly more processes) to the model so a continuous path exists from such a process, via intermediaries if appropriate. Alternatively, add a stores relationship to Data from a host, and creates such a path to a process on that host with access to the stored data.

P.E.PDI+DS-S.9

Process Process cannot access data Data: process Process uses Data as input (or for display to an interactive user), and Data is stored on at least one host. However, there is no way for Process to receive new values from a process on that host with access to the data, either directly or via other processes. You should add one or more process-process uses relationships (and possibly processes) to the model so a continuous path exists between such a process and Process.

P.E.PDIDDF-DA.9

Process Process cannot access data field DataField: process Process uses data Data as input, and does not ignore field DataField contained by Data (meaning it uses the field). However, Process does not deserialize any stored or exchanged copy of Data that includes the required field.

P.E.PDO+DS-S.9

Process Process cannot save data Data: process Process produces Data as output (or gets it from an interactive user), and Data is stored on at least one host. However, there is no way for Process to send new values for storage to a process on that host with access to the data, either directly or via other processes. You should add one or more process-process uses relationships (and possibly processes) to the model so a continuous path exists between such a process and Process.

P.O.DA-VPpDA.6

Encrypted processing of input Data by Process causes overload: if Process performs calculations in the encrypted domain, the performance overhead will be significant.

P.O.PpDADA-V.6

Encrypted processing of input Data by Process causes overload: if Process performs calculations in the encrypted domain, the performance overhead will be significant.

P.T.HP-iDSDI.0

Stale input Data stored at Host delays Process: since process Process uses the locally stored copy of data Data on Host, if that copy becomes out of date, Process will be processing out of date information.

P.T.HP-uDSDI.0

Lack of stored input Data at Host delays Process: since process Process uses the locally stored copy of data Data but does not depend on it, if that copy is unavailable, the process can continue but will be processing out of date information.

P.T.HP-uDS-VDI.6

Process Process cannot read encrypted input Data: the stored copy of input Data at Host is encrypted, so if the process lacks a key and cannot read updates of the data, it will be forced to work using outdated inputs.

P.T.HuirPiD-DF-DS.0

User Human provides out of date input Data affecting Process: user Human, working on the basis of outdated information, provides out of date input Data, which is consumed (not saved or forwarded) by and affects Process.

P.T.PcPr-uDS-V.6

Process Client cannot access updates of Data from Service due to inconsistent encryption: processes Client and Service both access a copy of Data stored in encrypted form, so they need a secure way to also share the cryptographic keys used.

P.T.P-iDFDI.0

Stale input Data from FlowsFrom delays Process: since process Process uses the copy of data Data arriving from FlowsFrom and not updated by an interactive user, if that copy becomes out of date, Process will be performing computation based on out of date information.

P.T.P-uDFDI.0

Loss of availability in flow of Data to Process caused a delay in processing: since process Process uses the incoming copy of data Data but does not depend on it, if that copy is unavailable, the process can continue but will be processing out of date information.

P.U.HP-iDSDI.0

Corrupt input Data stored at Host affects Process: since process Process uses the locally stored copy of data Data on Host, if that copy becomes corrupt Process will become unreliable.

P.U.HP-iDSDI.3

Loss of reliability at process Process due to forged input Data: process Process uses the copy of Data stored on Host as input so if this is forged by an attacker, Process may become unreliable.

P.U.HuirPiD-DF-DS.0

User Human provides incorrect input Data affecting Process: user Human provides incorrect input Data, which is consumed (not saved or forwarded) by and affects Process.

P.U.P-iDFDI.0

Loss of reliability at process Process due to corrupt input Data from FlowsFrom: process Process uses the copy of Data sent by FlowsFrom as input so if this is corrupt, Process may become unreliable.

P.U.P-iDFDI.3

Loss of reliability at process Process due to forged input Data: process Process uses the copy of Data sent by FlowsFrom as input so if this is forged by an attacker, Process may become unreliable.

NotDecrypted	An adverse behaviour of stored or flowing copies of data, signifying that the copy is not available in an unencrypted form. Considered an adverse effect because it can lead to loss of availability for the data if a legitimate user or process lacks a suitable decryption key, and used to model side effects of encryption controls.
NotEncrypted	An adverse behaviour of stored or flowing copies of data, signifying that the copy is not available in an encrypted form. Considered as an adverse effect as it means confidentiality could be breached without compromising a decryption key, and used to model side effects of encryption controls.

CSG-DataAccessKey	Process *Process* has a key for encrypting or decrypting data *Data*.
CSG-DataFlowEncryption	The data *Data* flowing between processes *FlowsFrom* and *FlowsTo* is encrypted by the two processes (i.e. not relying on transport level encryption).
CSG-DataFlowEncryptionFromProcess	The data *Data* sent by *Process* to *FlowsTo* is encrypted end-to-end (i.e. not relying on transport level encryption).
CSG-DataFlowEncryptionToProcess	The data *Data* sent by *FlowsFrom* to *Process* is encrypted end-to-end (i.e. not relying on transport level encryption).
CSG-DataFlowIntegrityProtection	Makes it possible to check that a copy of *Data* flowing from *FlowsFrom* to *FlowsTo* has not been accidentially or deliberately altered by an intermediary or in transit.
CSG-DataFlowSharedKeyInbound	The data *Data* flowing between processes *FlowsFrom* and *FlowsTo* is encrypted end-to-end (i.e. not relying on transport level encryption), and *FlowsTo* has the key needed to decrypt the data on arrival.
CSG-DataFlowSharedKeyOutbound	The data *Data* flowing between processesFlowsTo and *FlowsTo* is encrypted end-to-end (i.e. not relying on transport level encryption), and *FlowsFrom* has the key needed to encrypt the data for transmission.
CSG-DataServiceKey	Process *Service* has a key for encrypting or decrypting data *Data*.
CSG-DataStorageEncryption	The copy of *Data* stored on *Host* is encrypted.
CSG-DataStorageIntegrityProtection	Makes it possible to check if the stored copy of *Data* on *Host* has been altered by an unauthorised process.
CSG-DataStorageReplication	The stored copy of *Data* is protected by creating multiple copies across a cluster of instances of *Host*.
CSG-DisableDataFlow	The flow of data *Data* from *FlowsFrom* to *FlowsTo* has been disabled. This control strategy represents a permanent restriction introduced by design, or a temporary situation created following activation of a contingency plan. In the latter case, this control strategy should not itself be selected, because its controls will be fulfilled by the contingency plan activation strategy.
CSG-DistinctProcessAccessKeys	Processes *Service* and *Client* share data *Data* in encrypted form, but use keys to encrypt or decrypt between transfer and processing, implying a need for the keys used with *Data* to also be shared.
CSG-EncryptedDataProcessing	Process *Process* uses homomorphic encryption technology to perform calculations on data *Data* in an encrypted domain, allowing it to process the data without first decrypting.
CSG-EncryptedDataProcessingAtService	Process *Service* uses homomorphic encryption technology to perform calculations on data *Data* in an encrypted domain, allowing it to process the data without first decrypting.
CSG-EncryptedQueryProcessing	Process *Service* uses homomorphic encryption technology to process queries on data *Data* in an encrypted domain, allowing it to serve the data without decrypting it.
CSG-ParquetDataEncryption	Database service *Service* stores data using Parquet format, enabling it to run queries by selective decryption of the stored data *Data*, whether this is done locally or at a remote data store. This imposes far less overheads, as the amount of data that must be decrypted is small.
CSG-SuspendCorruptDataFlow	The flow of data *Data* from *FlowsFrom* to *FlowsTo* can be temporarily blocked by the manager *ProcessManager* of recipient process *FlowsTo* to prevent corrupt or malicious content (including malware) from disrupting the process. This strategy represents a contingency plan, which can be used to reduce risk from some threats but it also triggers other threats representing possible side effects, depending on how likely it is that the contingency plan will need to be activated.
CSG-SuspendCorruptDataFlow-Implementation-Runtime	The flow of data *Data* from *FlowsFrom* to *FlowsTo* has been disabled by the manager *ProcessManager* of *FlowsTo* to prevent corrupt or malicious content (including malware) disrupting the process. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To activate it at runtime, signal user *ProcessManager* who is responsible for managing process *FlowsTo*. The Disabled Data Flow control should be deselected only when the flow of data is enabled again.
CSG-SuspendSensitiveDataFlow	The flow of data *Data* from *FlowsFrom* to *FlowsTo* can be temporarily blocked by the manager *ProcessManager* of sending process *FlowsFrom* to prevent leaking of data. This strategy represents a contingency plan, which can be used to reduce risk from some threats but it also triggers other threats representing possible side effects, depending on how likely it is that the contingency plan will need to be activated.
CSG-SuspendSensitiveDataFlow-Implementation-Runtime	The sending of data *Data* from *FlowsFrom* to *FlowsTo* has been disabled by the manager *ProcessManager* of *FlowsFrom* to prevent leaking of data. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To activate it at runtime, signal user *ProcessManager* who is responsible for managing process *FlowsFrom*. The Disabled Data Flow control should be deselected only when the flow of data is enabled again.

AccessKey	The process has a key for encrypting or decrypting data.
DisabledDataFlow	The data flow has been disabled. This is not a contingency plan but a state reached after activation of a contingency plan. It should be selected in current risk calculations to determine the effect of disabling the data flow, or when runtime monitoring detects the data is not flowing.
EncryptedProcessing	Applies to a data-process relationship (represented by a logical DataUse or DataPool asset), and signifies that the data is processed in the encrypted domain.
Encryption	Data is encrypted. This may apply to a stored or flowing copy of specific data.
IntegrityProtection	The data is cryptographically verifiable. This may apply to a specific stored or flowing copy of the data. If applied to the data asset to which these relate. For now, we assume the data is normally encrypted after insertion of an integrity check. Encryption ensures updates are by authorised processes (in possession of a key), and thus the signature can be self-signed inside the outermost encryption. This avoids the need to model extra measures such as X509 to bind the signature to the authorised process, although it does mean the model only corresponds to embedded integrity checking information.
ParquetEncryption	The stored data is encrypted using a Parquet encryption schema, minimising the amount of data that must be decrypted to process queries against the data.
Replication	The stored data is replicated, so the asset represents multiple copies providing protection against loss of integrity or availablity due to erroneous or malicious alteration (including encryption) or deletion.
SuspendCorruptDataFlow	Signifies that a data flow can be blocked if it is corrupt, preventing it from being consumed by the destination process. Used in contingency plan strategies to disable a data flow when it poses a danger to the process.
SuspendOutboundFlow	Signifies that a data flow can be blocked at the source process, preventing it being sent by that process. Used in strategies where there is a risk that the data may be compromised or where sending the data may breach compliance with regulations.
SuspendSensitiveDataFlow	Signifies that a data flow can be blocked by the sender if it is sensitive, preventing it from being consumed by the destination process. Used in contingency plan strategies to disable a data flow when the destination process may not be trustworthy.

Role_AccessFrom	A data access asset associated with a source process.
Role_AccessTo	A data access asset associated with a destination process.
Role_DataAccess	A data access role.
Role_DataAsset	A data asset role fulfilled by any serialised copy of data (i.e. data copy or data flow).
Role_DataCache	A stored data copy created as a data flow cache.
Role_DataCopy	A data copy role.
Role_DataDestination	A data access asset associated with a destination process.
Role_DataFlow	A flow of data between processes.
Role_DataInput	A data access role associated with data consumed by a process.
Role_DataOutput	A data access role associated with data produced by a process.
Role_DataPool	A data access role associated with data served by a process.
Role_DataProcess	A data access role associated with data used by a process.
Role_DataRelay	A data access role associated with data forwarding by a process.
Role_DataSource	A data access asset associated with a source process.
Role_DataStep	A process-to-process data movement, forming one step in a data flow.
Role_DataUpdate	A data access asset associated with data consumed and altered by a process.
Role_DataUse	A data access role associated with data used by a process.
Role_FlowsFrom	A process from which data is flowing.
Role_FlowsOutTo	A process that is the destination for an outbound data flow.
Role_FlowsTo	A process to which data is flowing.
Role_InFlow	A data flow to a process.
Role_InputAsset	A Data Asset that is inbound to a process.
Role_InStep	A data step to a process.
Role_OutFlow	A data flow from a process.
Role_OutputAsset	A Data Asset that is outbound from a Process.
Role_OutStep	A data step from a process.
Role_RemoteUserAccess	A DataAccess asset relating to a remote access client used to enable user interaction with a remote process.
Role_StepFrom	A process from which data is transferred.
Role_StepTo	A process to which data is transferred.
Role_Vault	Fulfilled by a process playing the role of key vault in relation to some data asset.

DataAccess	Represents access to Data by a Process, including (in principle) the choice of which data instance(s) to serve or process.
DataAsset	A base class for all assets representing Data. Used partly to provide a classifier for the palette.
DataCache	Represents a stored copy of data, which may or may not be persistent. Class name reflects the fact that the copy may be a cached data flow, created by a process if it cannot send data when produced as output, or cannot use data as input when it is received. A persistent stored copy is represented by subclass DataCopy.
DataContainer	A common parent class for any asset that contains data, including assets that represent stored or flowing data, and assets such as IoT Things that incorporate embedded data.
DataCopy	Represents a copy of data stored in persistent memory on a device.
DataFlow	Represents an end to end flow of data between processes via a set of Data Steps connecting between intermediate processes.
DataInferenceAsset	A base class for any assets used only to model state created by data lifecycle inference patterns.
DataInput	A subclass of DataUse relating to a process that uses data as an input.
DataOutput	A subclass of DataUse relating to a process that creates data as an output.
DataPool	Overlay parent class representing data loaded by a process, in which the process acts as an enabler for data access by other processes, either as a data source or as a server of stored data.
DataProcess	A subclass of DataUse relating to a process that uses data as an input or produces it as output (i.e. data processing as opposed to data serving or data transfer).
DataRelay	A subclass of DataAccess relating to a process that serves data as an intermediary, without storing it locally (except possibly in a cache). As such, the process acts as both a producer and a consumer in flows of this data.
DataStep	Represents the exchange of data between interacting processes (or their ability to securely exchange data).
DataUpdate	A subclass of DataUse relating to a process that uses data as both an input and an output.
DataUse	An overlay parent class covering all DataAccess assets that represent the production or consumption of data in data flows. This excludes processes that only serve data.
InputPool	A subclass of DataUse relating to a process that reads locally stored data and also supplies the data for use by other processes.
OutputPool	A subclass of DataUse relating to a process that creates data and also supplies the results for use by other processes.
RemoteUserAccess	A subclass of DataAccess relating to a remote access client used to interact with a process on another host. In this situation, the remote access client never holds a complete copy of the data in its memory, but it does participate in the data flow between its user and the remote process.
StoredDataPool	Represents stored data loaded by a process, in which the process acts as an enabler for access by other processes, i.e. a server of stored data.
TempDataRelay	A subclass of DataAccess relating to a process that serves data as an intermediary, without storing it locally (except possibly in a cache). This subclass is used where the process is not a DB process, implying there is no query processing and data is simply fetched and forwarded.
UpdatePool	A subclass of DataUse relating to a process that updates data and also supplies the results for use by other processes.

Decrypted	An attribute of stored or flowing copies of data, signifying that the data is accessible in unencrypted form. Considered a trustworthiness attribute as it precludes loss of availability where a process lacks a suitable decryption key, and used to model side effects of encryption controls.
Encrypted	An attribute of stored or flowing copies of data, signifying that the data is accessible in encrypted form. Considered a trustworthiness attribute as it prevents loss of confidentiality unless the key is compromised, and used to model side effects of encryption controls.

Package DataLifecycle

Root Patterns (100)

R-CSDFDA2

R-DADBsDA

R-DADS

R-DADU

R-DAPpDA

R-DAVPDA

R-DBsDADA

R-DBsDRDF

R-DCDFcV

R-DSDA

R-DSPDFDB

R-DSPDFVDB

R-DUDA

R-HDBDRDF

R-HDBDSDF

R-HDBsD

R-HDBsDV

R-HDCDF

R-HDS

R-HDSV

R-HPDAcDS

R-HPDAdDS

R-HPDADF

R-HPDADS

R-HPDADS2DO

R-HPDADSDU

R-HPDAuDS

R-HPDDR

R-HPdDS

R-HPDFDADS

R-HPDFDAuDS

R-HPDFDI

R-HPDOcDS

R-HPDOdDS

R-HPDODF

R-HPDODS

R-HPDOuDS

R-HPdpDS

R-HPDS

R-HPDSDA

R-HPDSDADF

R-HPDSDI

R-HPDS-fDI

R-HPDSrDI

R-HPeD

R-HPrDS

R-HPrpDS

R-HPsDPDFDS

R-HPsDPDSDF

R-HPuDSDI

R-HuaDSPH

R-HuiDSPH

R-HuiPvDCHS

R-HuiPvDFCHS

R-HuiRACvDFCHS

R-HuirPD

R-HuirPiD

R-HuirPiDF

R-HuirPiDS

R-HuirPvD

R-HuirPvDF

R-HuirPvDS

R-HuWEDF

R-HuWESDF

R-HuWSMSDF

R-PaDSH

R-PcDSH

R-PcPrDS

R-PcPuDS

R-PDADAV

R-PDADFI

R-PDADFO

R-PDF

R-PDFDI

R-PDFFA

R-PDFIDADFI

R-PDFODADFO

R-PDFV