Threat P.L.CCCLnSAC.1

URI: P.L.CCCLnSAC.1

Description: Compromise or impersonation of Client allows access to SHost via Service: if anyone can access Service as Client, then because Service is a remote access service, they can access SHost.

Threat Type: Primary Threat

Matching Pattern:

MP-CCCLnSAC

Finds a Client and Remote Access Service with a ClientChannel between them, plus their hosts, the contexts for access to the service via the channel, and optionally the client and service managers.

(empty)

P.L.HPmAC.0

Access to the rights of Process by unauthorized agents in all contexts : if untrustworthy actors gain access to Host with the rights of Process, the best case trustworthiness of its users in any context is degraded.

P.L.HPsAC.0

Access to the rights of Process by unauthorized agents in any context: if an untrustworthy actor gains access to Host with the rights of Process in any context, the worst case trustworthiness of its users in any context is degraded.

(empty)

LocalLossOfUserTW at Role_ProcAccess

CSG-AutoSuspendUntrustworthyClientAccess	Access to service *Service* by client *Client* may be automatically disabled to prevent authenticated attacks by compromised clients, at the cost of some reduction in availability. This strategy represents a contingency plan, which can be used to reduce risk from some threats but it also triggers other threats representing possible side effects, depending on how likely it is that the contingency plan will need to be activated.
CSG-AutoSuspendUntrustworthyClientAccess-Implementation-Runtime	Access to service *Service* by client *Client* has been automatically disabled to prevent authenticated attacks by compromised clients. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. Activation at runtime requires *Service* to be managed by a suitable adaptation framework. The Disable Client Access control should be deselected if and when access by *Client* to *Service* has been enabled once again.
CSG-RestrictedRemoteAccess	Remote access service *Service* runs a restricted shell on *SHost, such that remote users cannot gain full access to the host, and can only run specific application processes on SHost* (those controlled by *Service*).
CSG-SuspendUntrustworthyClientAccess	Access to service *Service* by client *Client* may be temporarily disabled by the process manager *ServiceManager* to prevent authenticated attacks by compromised or impersonated clients, at the cost of some reduction in availability. This strategy represents a contingency plan, which can be used to reduce risk from some threats. However, it also triggers other threats representing side effects of the policy change, based on how likely it is that the contingency plan will need to be activated.
CSG-SuspendUntrustworthyClientAccess-Implementation-Runtime	Access to service *Service* by client *Client* is disabled by the process manager *ServiceManager* to prevent authenticated attacks by compromised clients. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To activate it at runtime, signal the process manager *ServiceManager. The Disable Client Access control should be deselected if and when access by Client* to *Service* has been enabled once again.

Threat P.L.CCCLnSAC.1

MP-CCCLnSAC

Triggered by Threat (0)

Triggers Secondary Threats (2)

P.L.HPmAC.0

P.L.HPsAC.0

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (5)