Threat LS.L.WSSH-P.3

Indicates provision of network LogicalSubnet is disabled at device Gateway, meaning the subnet is not available to potential attackers. This strategy does not represent a contingency plan, but a permanent restriction introduced by design or in accordance with an operational policy or user preference. It also triggers threats representing side effects that would be caused by such a restriction. The most common situation where provision of a subnet is possible but would not be used in practice is where a mobile device provides a WiFi hotspot, which it could do in any location, but the user will keep the hotspot functionality switched off in some locations.

Indicates that threats from as well as to the space Space can be ignored, i.e. that the risk model intentionally does not consider physical attacks from Space. This is only permitted if Space is the inferred global public space (the World) used when no locations are asserted in the model. This control strategy is a way to specify that physical security is out of scope for devices with no explicitly specified location(s), i.e. that they are considered physically secure.

Control access to subnet LogicalSubnet using a pre-shared key. This is installed at the device Gateway providing the network, which also verifies that supplicants have the same key, preventing unauthorised access. You should also specify shared keys for supplicant devices or they will be unable to connect.

Control access to subnet LogicalSubnet using authentication via X509 or otherwise trusted public-private key pairs. The gateway device Gateway providing the network has an (X509 certified) key, and a means to verify (X509 certified) keys registered by authorised supplicants. You should also specify that supplicant devices have (X509 certified) key pairs or they will be unable to connect.