Threat DF.Auth.CCCSDF-VCCS-i.3

URI: DF.Auth.CCCSDF-VCCS-i.3

Package: ProcessComms

< prev | next >

Description: Flow of data from/via Process forged by compromised client Client via confused deputy Service: if client Client does not send data Data to its service Service, it is still possible to inject false content into the data flow via service Service using a confused deputy attack. The attack itself is responsible for the upstream loss of DeputyUserTW (see threat causes).

Threat Type: Primary Threat

Matching Pattern:

MP-CCCSDF-VCCS-i

Finds a client accessing a service that uses another service, via the associated client channels, where indirect access by the client is not authenticated by the second service, plus a data flow and any data fields not encrypted with keys from a vault flowing to the second service from the first but not from the client.

Triggers Secondary Threats (4)

DF.Auth.PDFIDADFI.0

Unauthentic data Data from FlowsFrom forwarded by Process to FlowsTo: if the flow of data Data from process FlowsFrom to process Process is unauthentic, so is the forwarded flow to FlowsTo.

DF.Auth.PDFODADFO.0

Unauthentic data Data from FlowsFrom forwarded by Process to FlowsTo: if the flow of data Data from process FlowsFrom to process Process is unauthentic, so is the forwarded flow to FlowsTo.

DS.Auth.HPDFDADS.0

Flow of unauthentic data Data from FlowsFrom is stored by data service Process: if the flow of data Data from FlowsFrom to Process is unauthentic, then so will be the copy saved locally on device Host by Process.

Se.Auth.SePDsFF.0

Loss of authenticity at sensor Sensor: if the onboard data received from a sensor by any client is altered by an attacker, it is modelled as a loss of authenticity at the sensor.