Threat DF.C.CCCSPCCSDF-Vi.3

URI: DF.C.CCCSPCCSDF-Vi.3

Description: Flow of data from/via Process leaked to compromised client Client via confused deputy Proxy: if client Client is compromised or impersonated, and does not receive data Data from its service Proxy, it is still possible to get the data indirectly using a confused deputy attack via Proxy and Service. The attack itself is responsible for the upstream loss of DeputyUserTW (see threat causes), in this case propagated by at least one reverse proxy.

Threat Type: Primary Threat

Matching Pattern:

MP-CCCSPCCSDF-Vi

Finds a client accessing a proxy that (directly or indirectly) uses a service that uses a second service, where the client is not authenticated by the second service, with a data flow not encrypted with keys from a vault going from the second service to the first but not to the client, plus the associated client channels.

(empty)

Co.C.CoPD.0

Data leakage at controller Controller: if the control input data for a controller leaks, it is modelled as a loss of confidentiality for the controller.

Se.C.SePD.0

Data leakage at sensor Sensor: if the onboard data at a sensor leaks, it is modelled as a loss of confidentiality at the sensor.

(empty)

LossOfConfidentiality at Role_Data

LossOfConfidentiality at Role_DataField

LossOfConfidentiality at Role_DataFlow

CSG-DataFlowEncryption

The data Data flowing between processes FlowsFrom and FlowsTo is encrypted by the two processes (i.e. not relying on transport level encryption).

Threat DF.C.CCCSPCCSDF-Vi.3

MP-CCCSPCCSDF-Vi

Triggered by Threat (0)

Triggers Secondary Threats (2)

Co.C.CoPD.0

Se.C.SePD.0

Triggered By Control Strategy (0)

Misbehaviour Sets (3)

Control Strategies (1)