Threat I.Auth.HUISG.3

URI: I.Auth.HUISG.3

Description: Spoofing a device RemoteHost in a USB pair with device Host in location Space: an attacker with access to the location Space of Host can connect a fake version of device RemoteHost to Host.

Threat Type: Primary Threat

Matching Pattern:

MP-HUISG

Finds a pair of hosts pairing via USB, and the space in which they are located.

(empty)

NetworkSpoofing at Role_Interface

CSG-IgnorePhysicalThreatsFromWorld

Indicates that threats from as well as to the space Space can be ignored, i.e. that the risk model intentionally does not consider physical attacks from Space. This is only permitted if Space is the inferred global public space (the World) used when no locations are asserted in the model. This control strategy is a way to specify that physical security is out of scope for devices with no explicitly specified location(s), i.e. that they are considered physically secure.

CSG-PersonalDeviceOversight

Device Host is a personal device dedicated to one user, who will protect it from some types of attacks involving ongoing physical access or evident alteration of the device. For these threats, the protection level is very good because a momentary lapse in attention from the user is not sufficient to allow the attack.

Threat I.Auth.HUISG.3

MP-HUISG

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (2)