Threat DF.C.CCCSCCSDF-Vi.3

URI: DF.C.CCCSCCSDF-Vi.3

Description: Flow of data from/via Process leaked to compromised client Client via confused deputy Service: if service Service does not send data Data to its client Client , it is still possible for the client to request the data flow using a confused deputy attack against Service. The attack itself is responsible for the upstream loss of DeputyUserTW (see threat causes).

Threat Type: Primary Threat

Matching Pattern:

MP-CCCSCCSDF-Vi

Finds a client accessing a service that uses another service, via the associated client channels, where indirect access by the client is not authenticated by the second service, plus a data flow not encrypted with keys from a vault, that flows to the second service from the first but not to the client.

(empty)

Co.C.CoPD.0

Data leakage at controller Controller: if the control input data for a controller leaks, it is modelled as a loss of confidentiality for the controller.

Se.C.SePD.0

Data leakage at sensor Sensor: if the onboard data at a sensor leaks, it is modelled as a loss of confidentiality at the sensor.

(empty)

LossOfConfidentiality at Role_Data

LossOfConfidentiality at Role_DataField

LossOfConfidentiality at Role_DataFlow

CSG-DataFlowEncryption

The data Data flowing between processes FlowsFrom and FlowsTo is encrypted by the two processes (i.e. not relying on transport level encryption).

Threat DF.C.CCCSCCSDF-Vi.3

MP-CCCSCCSDF-Vi

Triggered by Threat (0)

Triggers Secondary Threats (2)

Co.C.CoPD.0

Se.C.SePD.0

Triggered By Control Strategy (0)

Misbehaviour Sets (3)

Control Strategies (1)