Threat CC.AX.CCDFSFS.6.4

URI: CC.AX.CCDFSFS.6.4

Description: Disabling excessive access by client Client to Service affects availability: access by client Client to service Service may be disabled to prevent excessive amounts of data being requested from the service, but this affects the availability of client-service connections.

Threat Type: Secondary Threat

Matching Pattern:

MP-CCDFSFS

Finds a data flow to/via a client from a service, and the associated client channel, data and the first data step, plus optionally the managers of the service and the source of the data flow. The source of the flow is matched twice, so it can be referred to by either role name.

DF.O.CCDFSFC.3

Compromised client Client sends excessive data Data to/via Service: if Client is the source of a flow of data Data which is sent to or via service Service, then if an attacker or malicious user can access Service as Client, they can send too much data, aiming to overload the data flow destination FlowsTo.

DF.O.CCDFSTC.3

Compromised client Client requests excessive data Data from/via Service: if Client is the destination of a flow of data Data which is sent from or via service Service, then if an attacker or malicious user can access Service as Client, they can request too much data, aiming to overload the data flow source FlowsFrom.

CC.AX.CACSSaS.0

Client Client unable to access service Process because Process cannot access authorization service Service: the service Process requires that clients authenticate with a separate service Service, but Process cannot access Service to exchange the client token issued by Service for an access token granting rights at Process.

CC.AX.CACSScS.0

Client Client unable to authenticate with Service to access service Process: the service Process requires that clients authenticate with a separate service Service, which is inaccessible to client Client.

DF.A.CC-iDFCS.0

Flow of data Data from FlowsFrom to FlowsTo interrupted because Client cannot access Service: if client Client cannot access service Service, the end to end flow of data Data from FlowsFrom to FlowsTo that uses this client-service connection will be interrupted.

DF.A.CC-iDFSC.0

I.A.HLSISC.6.4

Authentication failure for device CHost at Service prevents connection to LogicalSubnet: the device CHost cannot connect to LogicalSubnet because it cannot authenticate with the authenticator service Service controlling access to the network.

P.A.HuirRACSPH.0

Loss of connectivity from Client to Service affects Process: because user Human interacts with Process via remote access client Client and the shell on SHost, if Client cannot connect to remote access service Service on SHost, Human will be unable to interact with Process which will be rendered non-operational.

CSG-AutoSuspendExcessiveClientAccess

CSG-SuspendExcessiveClientAccess

LossOfAccessibility at Role_ClientChannel

(empty)

Threat CC.AX.CCDFSFS.6.4

MP-CCDFSFS

Triggered by Threat (2)

DF.O.CCDFSFC.3

DF.O.CCDFSTC.3

Triggers Secondary Threats (6)

CC.AX.CACSSaS.0

CC.AX.CACSScS.0

DF.A.CC-iDFCS.0

DF.A.CC-iDFSC.0

I.A.HLSISC.6.4

P.A.HuirRACSPH.0

Triggered By Control Strategy (2)

Misbehaviour Sets (1)

Control Strategies (0)