Threat DS.A.CDBSC-DSF.4

URI: DS.A.CDBSC-DSF.4

Package: ProcessComms

< prev | next >

Description: Malicious query from Client via database Service deletes data Data : an attacker having the ability to send arbitrary queries to Service from or via Client injects a query to delete data Data. In this scenario, an update/deletion query on Data would not be expected to come via Client, so the attack can be prevented using database access controls at Service.

Threat Type: Primary Threat

Matching Pattern:

DS.A.CDBSC-DSF.4
MP-CDBSC-DSF

Finds a process using a DB service and the associated service channel, plus the DB host and a copy of data served by the DB and flowing to it, but not from the process.

        (empty)

        (empty)

CSG-DataBaseAccessControl

The data service Service enforces an access control policy for a stored copy of Data.

CSG-SuspendUntrustworthyClientAccess

Access to service Service by client Client may be temporarily disabled by the process manager ServiceManager to prevent authenticated attacks by compromised or impersonated clients, at the cost of some reduction in availability. This strategy represents a contingency plan, which can be used to reduce risk from some threats. However, it also triggers other threats representing side effects of the policy change, based on how likely it is that the contingency plan will need to be activated.

CSG-SuspendUntrustworthyClientAccess-Implementation-Runtime

Access to service Service by client Client is disabled by the process manager ServiceManager to prevent authenticated attacks by compromised clients. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To activate it at runtime, signal the process manager ServiceManager. The Disable Client Access control should be deselected if and when access by Client to Service has been enabled once again.