Threat DS.A.CDBSCDSF.4

URI: DS.A.CDBSCDSF.4

Description: Malicious query from Client via database Service deletes data Data: an attacker having the ability to send arbitrary queries to Service from or via Client injects a query to delete data Data. In this scenario, an update/deletion query on Data could be expected to come via Client, so the attack cannot be prevented using database access controls at Service.

Threat Type: Primary Threat

Matching Pattern:

MP-CDBSCDSF

Finds a process using data served by a DB service the process is using, and the associated service channel, host and data copy assets, plus optionally the service host manager.

(empty)

D.A.DallDS.0

Loss of availability in all copies of Data: the system is supposed to store the data Data, so if there are no available stored copies, the system-level availability of Data is affected.

DF.A.HPDSDADF.0

Service Process cannot serve unavailable data Data to FlowsTo: the locally stored copy of Data on Host used by Process is not available, so cannot be sent in a data flow to FlowsTo.

Hu.T.HuirPvDS.0.2

User Human affected by out of date data Data read by process Process: if a locally stored copy of Data is unavailable, and this would have been loaded by process Process and displayed to user Human, they may make decisions based on out of date information.

P.A.HPuDSDI.0

Process Process cannot access copy of Data stored on Host: since process Process depends on having access to Data via a stored copy on its host device Host , if the stored copy is not available then the availability of Process will be affected.

P.T.HP-uDSDI.0

Lack of stored input Data at Host delays Process: since process Process uses the locally stored copy of data Data but does not depend on it, if that copy is unavailable, the process can continue but will be processing out of date information.

(empty)

LossOfAvailability at Role_DataCopy

CSG-SuspendUntrustworthyClientAccess

Access to service Service by client Client may be temporarily disabled by the process manager ServiceManager to prevent authenticated attacks by compromised or impersonated clients, at the cost of some reduction in availability. This strategy represents a contingency plan, which can be used to reduce risk from some threats. However, it also triggers other threats representing side effects of the policy change, based on how likely it is that the contingency plan will need to be activated.

CSG-SuspendUntrustworthyClientAccess-Implementation-Runtime

Access to service Service by client Client is disabled by the process manager ServiceManager to prevent authenticated attacks by compromised clients. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To activate it at runtime, signal the process manager ServiceManager. The Disable Client Access control should be deselected if and when access by Client to Service has been enabled once again.

Threat DS.A.CDBSCDSF.4

MP-CDBSCDSF

Triggered by Threat (0)

Triggers Secondary Threats (5)

D.A.DallDS.0

DF.A.HPDSDADF.0

Hu.T.HuirPvDS.0.2

P.A.HPuDSDI.0

P.T.HP-uDSDI.0

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (2)