Threat P.L.CCCSAC.3

URI: P.L.CCCSAC.3

Description: Remote control of Service using a back door from Client: if a back door has previously been installed in service Service, an attacker with control of client Client can exploit the back door to gain access to the rights of Service on its host SHost.

Threat Type: Primary Threat

Matching Pattern:

MP-CCCSAC

Finds a Client and Service with a Client Channel between them, plus their hosts, the contexts for access to the service via the channel, and optionally the client user and service and service host managers.

(empty)

P.L.HPmAC.0

Access to the rights of Process by unauthorized agents in all contexts : if untrustworthy actors gain access to Host with the rights of Process, the best case trustworthiness of its users in any context is degraded.

P.L.HPsAC.0

Access to the rights of Process by unauthorized agents in any context: if an untrustworthy actor gains access to Host with the rights of Process in any context, the worst case trustworthiness of its users in any context is degraded.

(empty)

LocalLossOfUserTW at Role_ProcAccess

CSG-AutoSuspendUntrustworthyClientAccess	Access to service *Service* by client *Client* may be automatically disabled to prevent authenticated attacks by compromised clients, at the cost of some reduction in availability. This strategy represents a contingency plan, which can be used to reduce risk from some threats but it also triggers other threats representing possible side effects, depending on how likely it is that the contingency plan will need to be activated.
CSG-AutoSuspendUntrustworthyClientAccess-Implementation-Runtime	Access to service *Service* by client *Client* has been automatically disabled to prevent authenticated attacks by compromised clients. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. Activation at runtime requires *Service* to be managed by a suitable adaptation framework. The Disable Client Access control should be deselected if and when access by *Client* to *Service* has been enabled once again.
CSG-SuspendUntrustworthyClientAccess	Access to service *Service* by client *Client* may be temporarily disabled by the process manager *ServiceManager* to prevent authenticated attacks by compromised or impersonated clients, at the cost of some reduction in availability. This strategy represents a contingency plan, which can be used to reduce risk from some threats. However, it also triggers other threats representing side effects of the policy change, based on how likely it is that the contingency plan will need to be activated.
CSG-SuspendUntrustworthyClientAccess-Implementation-Runtime	Access to service *Service* by client *Client* is disabled by the process manager *ServiceManager* to prevent authenticated attacks by compromised clients. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To activate it at runtime, signal the process manager *ServiceManager. The Disable Client Access control should be deselected if and when access by Client* to *Service* has been enabled once again.

Threat P.L.CCCSAC.3

MP-CCCSAC

Triggered by Threat (0)

Triggers Secondary Threats (2)

P.L.HPmAC.0

P.L.HPsAC.0

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (4)