Threat DS.I.HPDFDADS.0

URI: DS.I.HPDFDADS.0

Package: DataLifecycle

< prev | next >

Description: Flow of corrupt data Data from FlowsFrom is stored by data service Process: if the flow of data Data from FlowsFrom to Process is corrupt, then so will be the copy saved locally on device Host by Process.

Threat Type: Secondary Threat

Matching Pattern:

DS.I.HPDFDADS.0
MP-HPDFDADS

Finds a Host running a Process that receives an incoming Data Flow and writes the data to local storage, plus optionally the host and process managers.

DS.I.HPDFDADS.0
DF.IS.PDFFA.8

Flow of Data from FlowsFrom to FlowsTo is in service: if process FlowsFrom is in service and able to access the data, and all the steps in the chain of processes between FlowsFrom and FlowsTo are in service, then the flow of Data from FlowsFrom to FlowsTo will be in service and potentially subject to attack, unless disabled.
DS.I.HPDFDADS.0
P.IS.HP.8

Process Process in service: if host Host is in service, then Process running on Host will also be in service and subject to attack, unless explicitly disabled.
DS.I.HPDFDADS.0
P.IS.HPsAC.1

Process Process running on Host not disabled: if an attacker has the rights of Process on its host Host, then they can override a policy to disable Process by restarting it.
DS.I.HPDFDADS.0
P.IS.HP.2

Process Process re-enabled on stolen device Host: if an attacker gains access to stolen device Host, they can restart Process, overriding the policy to disable Process.
DS.I.HPDFDADS.0
DF.I.HDBDRDF.0

Loss of reliability at DB corrupts outbound flow of data Data to FlowsTo: if there is a loss of reliability at process DB it may send corrupt output Data to FlowsTo. Normally, this is not considered likely when DB is acting only as a data relay, but DB is a DB process which processes incoming queries before requesting or forwarding data, so a loss of reliability may lead to the wrong data being retrieved or updated.
DS.I.HPDFDADS.0
DF.I.HDBDSDF.0

Loss of reliability at DB corrupts outbound flow of data Data to FlowsTo: if there is a loss of reliability at process DB it may send corrupt output Data to FlowsTo. Normally, this is not considered likely when DB is serving stored data, but DB is a DB process, so it selects data by processes incoming queries, so a loss of reliability may lead to retrieval or update of the wrong data.
DS.I.HPDFDADS.0
DF.I.HDCDF.0

Cached flow of data Data from FlowsFrom to FlowsTo corrupted on Host: if the flow of Data from FlowsFrom to FlowsTo is cached on Host, and the cache is corrupt, the data flow will be affected. This is a secondary threat whereby changes to the cache propagate to the data flow - the cause is whatever caused the cache to lose integrity.
DS.I.HPDFDADS.0
DF.I.HPDSDADF.0

Service Process serves a corrupt stored copy of data Data to FlowsTo: if the locally stored copy of Data on Host served by Process is corrupt, so will the flow of Data served to FlowsTo.
DS.I.HPDFDADS.0
DF.I.HP-iDODF.0

Loss of reliability at Process corrupts outbound flow of data Data to FlowsTo: if there is a loss of reliability at process Process it may send corrupt output Data to FlowsTo.
DS.I.HPDFDADS.0
DF.I.HuirPiDF.0

User Human interacting with Process provides incorrect input Data: user Human provides incorrect input Data to Process, due to having previously received corrupt data from the system.
DS.I.HPDFDADS.0
DF.I.DScSePDmFF.0.1

Corrupt control input causes loss of integrity in output Data from Sensor: if the control input to Sensor is faulty or corrupt, then measurement of the environment by Sensor will be affected, leading to faulty or corrupt sensor output Data.
DS.I.HPDFDADS.0
DF.I.DScSePDmFF.0.2

Out of date control input causes loss of integrity in output Data from Sensor: if the control input to Sensor is out of date, and Sensor depends on real-time updating of this input, then measurement of the environment by Sensor will be affected, leading to faulty or corrupt sensor output Data.

        (empty)

CSG-AutoSuspendCorruptDataFlow

The flow of data Data from FlowsFrom to FlowsTo can be automatically disabled to prevent corrupt or malicious content (including malware) from disrupting the receipient FlowsTo. This strategy represents a contingency plan, which can be used to reduce risk from some threats but it also triggers other threats representing possible side effects, depending on how likely it is that the contingency plan will need to be activated.

CSG-AutoSuspendCorruptDataFlow-Implementation-Runtime

The flow of data Data from FlowsFrom to FlowsTo has been automatically disabled to prevent corrupt or malicious content (including malware) from disrupting the receipient FlowsTo. This strategy represents activation of a contingency plan at runtime, and can be enabled to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. Activation at runtime requires FlowsTo to be managed by a suitable adaptation framework. The Disabled Data Flow control should be deselected if and when the flow of data is enabled once again.

CSG-SuspendCorruptDataFlow

The flow of data Data from FlowsFrom to FlowsTo can be temporarily blocked by the manager ProcessManager of recipient process FlowsTo to prevent corrupt or malicious content (including malware) from disrupting the process. This strategy represents a contingency plan, which can be used to reduce risk from some threats but it also triggers other threats representing possible side effects, depending on how likely it is that the contingency plan will need to be activated.

CSG-SuspendCorruptDataFlow-Implementation-Runtime

The flow of data Data from FlowsFrom to FlowsTo has been disabled by the manager ProcessManager of FlowsTo to prevent corrupt or malicious content (including malware) disrupting the process. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To activate it at runtime, signal user ProcessManager who is responsible for managing process FlowsTo. The Disabled Data Flow control should be deselected only when the flow of data is enabled again.