Package LocalDeviceConnectivity

R-BPcGcBP

Finds a Bluetooth device paired with two other devices.

R-HBISG

Finds a pair of hosts pairing via Bluetooth in a Space.

R-HBTTHS

Finds a Host in a Space that accepts pairing via Bluetooth with a TrivialHost.

R-HL1H

Finds two hosts connected via a Bluetooth or USB pair, and the space in which this connection is established.

R-HL1HS

Finds two hosts in a space connected via a Bluetooth or USB pair, and the associated location access contexts.

R-HpBRH

Finds two Physical Hosts that are paired over Bluetooth.

R-HpURH

Finds two Physical Hosts that are paired over USB.

R-HuiHBTTH

Finds a Human using a Host paired with a TrivialHost via Bluetooth.

R-HuiHUSBTH

Finds a Human using a Host paired with a TrivialHost via USB.

R-HUISG

Finds a pair of hosts pairing via USB, and the space in which they are located.

R-HumHBTTH

Finds a Human managing a Host paired with a TrivialHost via Bluetooth.

R-HumHUSBTH

Finds a TrivialHost paired via Bluetooth with another host managed by a Human.

R-HumTHS

Finds a Human managing a Trivial Host located in a space.

R-HUSBTHS

Finds a Host in a Space that accepts pairing via USB with a TrivialHost.

R-L1cGcL3

Finds a physical host with a pairing connection that is also connected to an IP subnet, all in the same space.

R-L1rGcL3

Finds a Bluetooth or USB device connected from a host to an IP subnet, all in the same space.

R-L1SSg2

Finds a gateway between layer 1 subnets (i.e. Bluetooth or USB connections), along with the forward and return path segments via the gateway.

R-L1SSg2AC

Finds a gateway between layer 1 subnets (i.e. Bluetooth or USB connections), along with the segment asset representing the path via the gateway, and a context in which the gateway is connected to both subnets.

R-L3cGcL1

Finds a Physical Host gateway on an IP subnet with a paring connection, all in the same space.

R-L3cGrL1

Finds a USB/Bluetooth device connected from an IP subnet to a Host, all in the same space.

R-LTethSg2

Finds a Host connected via a layer 1 subnet (i.e., Bluetooth or USB) connection and a tethered gateway to an IP subnet, plus the forward and reverse path segment via the gateway.

R-LTethSg2AC

Finds a Host connected via a layer 1 subnet (i.e., Bluetooth or USB) connection and a tethered gateway to an IP subnet, plus the forward and reverse path segment via the gateway, and a context in which the gateway is connected to both subnets.

R-LTRevSg2

Finds a Host connected via a layer 1 subnet (i.e., Bluetooth or USB) connection and a reverse tethered gateway to an IP subnet, and the forward path segment via the gateway.

R-LTRevSg2AC

Finds a Host connected via a layer 1 subnet (i.e., Bluetooth or USB) connection and a reverse tethered gateway to an IP subnet, and the forward path segment via the gateway, and a context in which the gateway is connected to both subnets.

R-UHDpP

Finds Data stored on a USB Device paired with a USB Host which is running a process that handles the data.

R-UHDrP

Finds Data stored on a USB Device paired with a USB Host, where the data is used by a Process running on some host.

R-UHDSrP

Finds Data stored on a USB Device paired with a USB Host running a service for the Data, where the data is used by a Process running on some host.

R-UHS

Finds a USB Host located in a Space.

R-UPcGrUP

Finds a possible USB hub between a USB device and a USB host (it provides the USB Pair from the USB Host).

R-UPrGcUP

Finds a possible USB hub between a USB host and a USB device (it provides the USB Pair from the USB Host).

R-USBD

Finds Data stored on a USB device.

MP-BPcGcBP

Finds a Bluetooth device paired with two other devices.

MP-HBImSG

Finds a pair of hosts pairing via Bluetooth, and the spaces in which the pair operates.

MP-HBISG

Finds a pair of hosts pairing via Bluetooth in a Space.

MP-HBTTHS-S

Finds a Host in a Space that accepts pairing via Bluetooth with a TrivialHost that has no location.

MP-HL1H

Finds two hosts connected via a Bluetooth or USB pair, and the space in which this connection is established, the interface connecting with one of them, and optionally the manager of that host.

MP-HL1HS

Finds two distinct hosts in a space connected via a Bluetooth or USB pair, the associated location access contexts, and optionally the manager of the local host.

MP-HpBRH

Finds two Physical Hosts that are paired over Bluetooth.

MP-HpURH

Finds two Physical Hosts that are paired over USB.

MP-HuiHBTTH-Hu

Finds a TrivialHost with no manager, paired via Bluetooth with another host used by a Human.

MP-HuiHUSBTH-Hu

Finds a TrivialHost with no manager, paired via USB with another host used by a Human.

MP-HUISG

Finds a pair of hosts pairing via USB, and the space in which they are located.

MP-HumHBTTH-Hu

Finds a TrivialHost with no manager, paired via Bluetooth with another host managed by a Human.

MP-HumHUSBTH-Hu

Finds a TrivialHost with no manager, paired via USB with another host managed by a Human.

MP-HumTHS

Finds a Human managing a Trivial Host located in a space.

MP-HUSBTHS-S

Finds a Host in a Space that accepts pairing via USB with a TrivialHost that has no location.

MP-L1c-rGcL3

Finds a physical host with a pairing connection from a distinct host that is also connected to an IP subnet, all in the same space. This is a PC on a network that has a link to a USB or Bluetooth device.

MP-L1rGcL3

Finds a Bluetooth or USB device connected from a host to an IP subnet, all in the same space.

MP-L1SSg2

Finds a gateway between two distinct layer 1 subnets (i.e. Bluetooth or USB connections), along with the forward and return path segments via the gateway.

MP-L1SSg2AC

Finds a gateway between two distinct layer 1 subnets (i.e. Bluetooth or USB connections), along with the forward and return path segments via the gateway, and a context in which the gateway is connected to both subnets.

MP-L3cGc-rL1

Finds a Physical Host gateway on an IP subnet with a paring connection from a USB or Bluetooth device, all in the same space.

MP-L3cGrL1

Finds a USB/Bluetooth device connected from an IP subnet to a Host, all in the same space.

MP-LTethSg2

Finds a gateway from a Host via a layer 1 subnet (i.e., Bluetooth or USB) connection and a tethered gateway to an IP subnet, along with the forward and return path segments via the gateway.

MP-LTethSg2AC

Finds a Host connected via a layer 1 subnet (i.e., Bluetooth or USB) connection and a tethered gateway to an IP subnet, plus the forward and reverse path segment via the gateway, and a context in which the gateway is connected to both subnets.

MP-LTRevSg2

Finds a gateway from a Host via a layer 1 subnet (i.e., Bluetooth or USB) connection and a reverse tethered gateway to an IP subnet, and the forward path segment via the gateway.

MP-LTRevSg2AC

Finds a Host connected via a layer 1 subnet (i.e., Bluetooth or USB) connection and a reverse tethered gateway to an IP subnet, and the forward path segment via the gateway, and a context in which the gateway is connected to both subnets.

MP-UHDpP-S

Finds Data stored on a USB Device paired with a USB Host which is running a process using the Data, and the Data is not also stored on the USB Host.

MP-UHDrP-S

Finds Data stored on a USB Device paired with a USB Host that does not also store the data, where the data is used by a Process running on a third distinct host.

MP-UHDSrP

Finds Data stored on a USB Device paired with a USB Host running a service for the Data, where the data is used by a Process running on some other host that doesn't use any other process capable of providing the data.

MP-UHS

Finds a USB Host located in a Space.

MP-UPc-rGrUP

Finds a USB hub between a USB device and a USB host (it provides the USB Pair from the USB Host, but not to the USB device).

MP-UPrGc-rUP

Finds a USB hub between a USB host and a USB device (it provides the USB Pair from the USB Host, but not to the USB device).

MP-USBD-S

Finds Data stored on a USB device where there is no local process serving the data or creating it from scratch.

CP-HuiHBTTH-Hu+m

Finds a TrivialHost with no manager, paired via Bluetooth with another host used by a Human, and makes that Human the manager of the TrivialHost.

CP-HuiHUSBTH-Hu+m

Finds a TrivialHost with no manager, paired via USB with another host used by a Human, and makes that Human the manager of the TrivialHost.

CP-HumHBTTH-Hu+m

Finds a TrivialHost with no manager, paired via Bluetooth with another host managed by a Human, and makes that Human manager of the TrivialHost.

CP-HumHUSBTH-Hu+m

Finds a TrivialHost with no manager, paired via USB with another host managed by a Human, and makes that Human manager of the TrivialHost.

CP-HumTHS+cA

Finds a Human managing a Trivial Host located in a space, and adds a link specifying that the human must have access to the space.

CP-HBTTHS-S+l

Finds a Host in a Space that accepts pairing via Bluetooth with a TrivialHost that has no location, and adds a link saying the Trivial Host can be in the same space.

CP-HUSBTHS-S+l

Finds a Host in a Space that accepts pairing via USB with a TrivialHost that has no location, and adds a link saying the Trivial Host can be in the same space.

CP-USBD-S+S

Finds Data stored on a USB device where there is no local process serving the data or creating it from scratch.

CP-UHDpP-S+S

Finds Data stored on a USB Device paired with a USB Host which is running a process using the Data, where the Data is not also stored on the USB Host, and adds a usage link between the process and the onboard data service on the USB device.

CP-UHDrP-S+S

Finds Data stored on a USB Device paired with a USB Host that does not also store the data, where the data is used by a Process running on a third distinct host, and inserts a simple service on the USB Host.

CP-UHDSrP+u

Finds Data stored on a USB Device paired with a USB Host running a service for the Data, where the data is used by a Process running on some other host that doesn't use any other process capable of providing the data. Adds a link to say the Process uses the Service on the USB Host.

CP-HpBRH+B

Finds pairs of Physical Hosts paired over Bluetooth and adds the Bluetooth radio subnet created between them.

CP-HpURH+U

Finds pairs of Physical Hosts paired over USB and adds the USB wired connection created between them.

CP-L1c-rGcL3+NSg

Finds a physical host with a pairing connection from a distinct host that is also connected to an IP subnet, all in the same space, and adds a reverse tethering segment from the paired host to the IP subnet.

CP-L1rGcL3+OSg

Finds a Bluetooth or USB device connected from a host to an IP subnet, all in the same space, and adds an Open Segment from the former to the latter. Here the gateway is a Bluetooth or USB device, so this corresponds to a regular tethering connection.

CP-L3cGc-rL1+CSg

Finds a Physical Host gateway on an IP subnet with a connection from a USB or Bluetooth device, all in the same space, and adds a Closed Segment from the former to the latter subnet. The Bluetooth or USB device is not acting as the gateway, so this corresponds to a reverse tethering connection in the wrong direction for message routing to take place.

CP-L3cGrL1+OSg

Finds a USB/Bluetooth device acting as a gateway, connected to an IP subnet and paired with a host in the same space, and adds an Open Segment from the former to the latter subnet. This configuration corresponds to a regular tethering connection allowing communication from the IP subnet to the USB/Bluetooth host.

CP-UPc-rGrUP+OSg

Finds a USB hub between a USB device and a USB host (it provides the USB Pair from the USB Host, but not to the USB device), and adds a segment from the USB host to the USB device.

CP-UPrGc-rUP+OSg

Finds a USB hub between a USB host and a USB device (it provides the USB Pair from the USB Host, but not to the USB device), and adds a segment from the USB host to the USB device.

CP-BPcGcBP+OSg

Finds a Bluetooth device paired with two other devices, and adds a logical segment representing the route between bluetooth connections which corresponds to Bluetooth mesh routing.

H.J.UHS.3

Tampering with software via USB at Host in Space: at attacker with physical access to Host in space Space reboots from a USB device and introduces software changes, introducing a means for the attacker to get remote access to admin privileges on Host.

H.W.HL1H.3

Malware infection of device Host from paired device RemoteHost in Space: if RemoteHost is infected by malware, and RemoteHost connects via USB or Bluetooth with device Host then the malware may be automatically transferred to or ingested by Host.

H.W.UHS.3

Physical insertion of malware via USB at Host in Space: at attacker with physical access to space Space is able to insert self-replicating malware on USB Host Host in situ, using physical means (such as power cycling) to reboot and avoid anti-malware software, if installed.

I.Auth.HBImSG.6

Spoofing a device RemoteHost in a Bluetooth pair with device Host in Space: an attacker with access to a location where Host is paired with RemoteHost can spoof the latter to the former. This threat captures the case where SSP is used with a one-sided user confirmation. In principle this can still be spoofed, but it would have to be done where the pair is established, which can be the most secure location they are used (not necessarily in Space where the attacker is present).

I.Auth.HBISG.3

Spoofing a device RemoteHost in a Bluetooth pair with device Host in Space: an attacker with access to a location where Host is paired with RemoteHost, they can physically spoof the connection. This threat covers the case where the connection is freshly established in each location where it is needed.

I.Auth.HUISG.3

Spoofing a device RemoteHost in a USB pair with device Host in location Space: an attacker with access to the location Space of Host can connect a fake version of device RemoteHost to Host.

LS.L.HL1HS.1

Access to RemoteHost in Space allows communication via USB or Bluetooth with Host: someone with access to device RemoteHost in location Space where it is paired with device Host can use the pairing connection to communicate with Host.

Sg.A.L1SSg2.6.1

Mesh routing between FromHost and ToHost via Gateway is disabled: if this route is disabled by switching off mesh routing via non-IP connections at Gateway, the route will be unavailable to legitimate users.

Sg.A.LTethSg2.6.1

Connections between Host via Gateway and LogicalSubnet are disabled: if tethering is disabled between Host and Gateway, routes between Host and LogicalSubnet will be unavailable to legitimate users.

Sg.A.LTRevSg2.6.1

Connections between Host via Gateway and LogicalSubnet are disabled: if reverse tethering is disabled between Host and Gateway, the route from Host to LogicalSubnet will be unavailable to legitimate users.

Sg.DA.L1SSg2AC.1

Mesh routing between FromHost and ToHost not disabled at reenabled at Gateway: if an attacker has admin rights on host Gateway, they can override a policy not to enable mesh routing between paired hosts.

Sg.TA.L1SSg2.8

Mesh routing between FromHost and ToHost via Gateway is enabled: if this route is enabled by mesh routing via non-IP connections, it could be exploited by an attacker.

Sg.TA.LTethSg2.8

Routing between Host and LogicalSubnet via Gateway is enabled: if this route is enabled by tethering between the IP and non-IP connections, it could be exploited by an attacker.

Sg.TA.LTethSg2AC.1

Tethering re-enabled between Gateway and Host connecting to LogicalSubnet: if an attacker has control of host Gateway in a context where it is paired with Host and connected to LogicalSubnet, then they can tether Gateway and connect Host to LogicalSubnet.

Sg.TA.LTRevSg2.8

Routing from Host and LogicalSubnet via Gateway is enabled: if this route is enabled by reverse tethering between the IP and non-IP connections, it could be exploited by an attacker.

Sg.TA.LTRevSg2AC.1

Reverse tethering re-enabled between Gateway and Host connecting to LogicalSubnet: if an attacker has control of host Gateway in a context where it is connected to LogicalSubnet and Host is paired with it, then they can reverse tether Host and connect Host to LogicalSubnet.

(empty)

CSG-DisableMeshRouting	Bluetooth mesh routing is disabled in device *Gateway, preventing it routing between its Bluetooth connections from FromHost* to *ToHost*. This strategy does not represent a contingency plan, but a permanent restriction introduced by design or in accordance with an operational policy or user preference. It also triggers threats representing side effects that would be caused by such a restriction. The default configuration for most Bluetooth enabled hosts is to have mesh routing disabled, but the model must assume it is enabled unless the control is selected, or potential threats may be overlooked.
CSG-DisableTethering	Tethering (or reverse tethering) is disabled between device *Host* and IP subnet *LogicalSubnet* via the USB/Bluetooth connection with device *Gateway*, so cannot be used by attackers. This strategy does not represent a contingency plan, but a permanent restriction introduced by design or in accordance with an operational policy or user preference. It also triggers threats representing side effects that would be caused by such a restriction. The default configuration for most devices is for tethering disabled, but the model must assume it is enabled unless controls are selected to signify otherwise, or potential threats may be overlooked.
CSG-SimpleSecurePairing-Full	Simple Secure Pairing (SSP) is used between *RemoteHost* and *Host*, following the Numeric Comparison or PassKey association model, in which the connection is confirmed by the user by entering a shared key or confirming successful sharing of such a key by the two devices.
CSG-SimpleSecurePairing-Local	Simple Secure Pairing (SSP) is used between *RemoteHost* and *Host, following the Just Works association model with user confirmation at Host*. This is effective in preventing spoofing in insecure locations, but depends on there being one secure location where the numerical comparison can be made safely, and then the result stored for subsequent use.
CSG-SimpleSecurePairing-Remote	Simple Secure Pairing (SSP) is used between *RemoteHost* and *Host, following the Just Works association model with user confirmation at RemoteHost*. This is effective in preventing spoofing in insecure locations, but depends on there being one secure location where the numerical comparison can be made safely, and then the result stored for subsequent use.

DisableMeshRouting	Prevents a gateway supporting mesh routing (i.e. ad hoc peer-to-peer networking) over Bluetooth connections. This is the default situation for most devices, but because it may be used, the model must include the connection and so requires a control to indicate its status.
DisableTethering	Signifies that routing between a device and an IP network via a USB/Bluetooth connection is disabled. The reference to tethering is because these routes are normally switched off by default in most devices, but are activated when mobile devices use tethering to share access to cellular (or sometimes other) network uplinks. Because such routes can be used the domain model must include them and use a control to signify their status.
SimpleSecurePairing	Applies to a device with Bluetooth connectivity, and indicates that the device is capable of displaying or confirming a numerical code or key in one of the simple secure pairing association mechanisms.

Role_BluetoothPair	A subnet representing the connection between paired hosts.
Role_L1Subnet	A non-IP subnet representing a connection between paired hosts.
Role_USBDevice	A device that can be plugged into a USB Host.
Role_USBHost	A host that has USB connectors into which USB devices may be plugged.
Role_USBPair	A subnet representing the connection between paired hosts.

BluetoothPair	Represents the communication capability established when two devices are paired over a Bluetooth connection. Inferred where there is a pairsWithBluetooth relationship between devices.
L1Subnet	An L1Subnet is one that connects paired hosts directly, with no addressing as such used within the subnet. Used as a base class for USB and Bluetooth connections.
MeshRoutingSegment	Route through a gateway Host between two devices paired with that Host by Bluetooth connections. Modelled as a type of Open Segment because the message source does not need to be obfuscated in transit through the gateway Host. In most devices, mesh routing is disabled by default, but SSM must assume it may be enabled so potential threats are not overlooked.
ReverseTetheringSegment	Route through a gateway Host from a connected USB/BT device to an IP network. Modelled as a type of NAT Segment because the message source is obfuscated in transit through the Host. This is not SNAT because the source is not connected to the gateway via an IP network, but the effect is similar as the message acquires a source address of the gateway on the destination network.
TetheringSegment	Route through a gateway Host to a connected USB/BT device from an IP network. Modelled as a type of Open Segment because the message source does not need to be obfuscated in transit through the gateway Host.
USBDevice	A USBClient is a device designed to be connected to other hosts via a USB link.
USBHost	A USB Host is one to which a USB device can be connected.
USBPair	Represents the communication capability established when two devices are paired over a USB connection. Inferred where there is a pairsWithUSB relationship between devices.