Threat DF.Auth.ACDF-VFS-i.3.6

URI: DF.Auth.ACDF-VFS-i.3.6

Description: Encrypted flow of data Data to FlowsTo altered by compromised service Service: if an attacker can compromise service Service, they can access its cryptographic key and alter data Data flowing between Service and FlowsTo.

Threat Type: Primary Threat

Matching Pattern:

MP-ACDF-VFS-i

Finds a data flow not encrypted with keys from a vault flowing from a service to/via a client, plus any data fields, and the associated channel, where the connection is direct.

(empty)

DF.Auth.PDFIDADFI.0

Unauthentic data Data from FlowsFrom forwarded by Process to FlowsTo: if the flow of data Data from process FlowsFrom to process Process is unauthentic, so is the forwarded flow to FlowsTo.

DF.Auth.PDFODADFO.0

DS.Auth.HPDFDADS.0

Flow of unauthentic data Data from FlowsFrom is stored by data service Process: if the flow of data Data from FlowsFrom to Process is unauthentic, then so will be the copy saved locally on device Host by Process.

Se.Auth.SePDsFF.0

Loss of authenticity at sensor Sensor: if the onboard data received from a sensor by any client is altered by an attacker, it is modelled as a loss of authenticity at the sensor.

CSG-DataFlowSharedKeyOutbound

LossOfAuthenticity at Role_Data

LossOfAuthenticity at Role_DataField

LossOfAuthenticity at Role_DataFlow

CSG-EncryptedDataProcessingAtService

Process Service uses homomorphic encryption technology to perform calculations on data Data in an encrypted domain, allowing it to process the data without first decrypting.

Threat DF.Auth.ACDF-VFS-i.3.6

MP-ACDF-VFS-i

Triggered by Threat (0)

Triggers Secondary Threats (4)

DF.Auth.PDFIDADFI.0

DF.Auth.PDFODADFO.0

DS.Auth.HPDFDADS.0

Se.Auth.SePDsFF.0

Triggered By Control Strategy (1)

Misbehaviour Sets (3)

Control Strategies (1)