Threat H.J.PHS-iC.3

URI: H.J.PHS-iC.3

Package: Network

< prev | next >

Description: Physical tampering with Host in Space: at attacker with physical access to space Space physically alters device Host located there, introducing a means for the attacker to get remote access to admin privileges on Host.

Threat Type: Primary Threat

Matching Pattern:

H.J.PHS-iC.3
MP-PHS-iC

Finds a Physical Host that is not a Cluster located in a Space, and optionally the host manager and interactive user.

        (empty)

        (empty)

        (empty)

        (empty)

CSG-ContinuouslyObservedHost

Physical access to host Host is controlled by being situated where it can be under constant surveillance in a location that is continuously occupied at times when attacks may occur.

CSG-EmbeddedHostSecurity

Host Host is locked or built into the physical environment Space such that neither it nor any of its internal storage media can be removed or altered without destroying them.

CSG-IgnorePhysicalThreatsFromWorld

Indicates that threats from as well as to the space Space can be ignored, i.e. that the risk model intentionally does not consider physical attacks from Space. This is only permitted if Space is the inferred global public space (the World) used when no locations are asserted in the model. This control strategy is a way to specify that physical security is out of scope for devices with no explicitly specified location(s), i.e. that they are considered physically secure.

CSG-PersonalDeviceOversight

Device Host is a personal device dedicated to one user, who will protect it from some types of attacks involving ongoing physical access or evident alteration of the device. For these threats, the protection level is very good because a momentary lapse in attention from the user is not sufficient to allow the attack.

CSG-PhysicalChecksOnHost

Device Host is physically monitored to rapidly detect if it has been physically removed, altered or substituted, so its manager HostManager can address any physical compromise. This strategy represents a contingency plan included in the system operating policies and practices, e.g. to repair or replace the affected device. Activation of the plan restores normal service, but if the device was stolen the attacker still has possession of the original which could still be misused.

CSG-PhysicalChecksOnHost-Implementation-Runtime

Device Host having found to be physically removed, altered or substituted, action has been taken by its manager HostManager to restore normal service. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To implement the plan at runtime, signal HostManager that the problem was detected with Host which may need repair or replacement.