Threat P.U.P-iDFDI.0

URI: P.U.P-iDFDI.0

Package: DataLifecycle

< prev | next >

Description: Loss of reliability at process Process due to corrupt input Data from FlowsFrom: process Process uses the copy of Data sent by FlowsFrom as input so if this is corrupt, Process may become unreliable.

Threat Type: Secondary Threat

Matching Pattern:

P.U.P-iDFDI.0
MP-P-iDFDI

Finds a data flow to a process that uses the data as input, where the data does not come from an interactive user, plus optionally the process manager. The Process is matched twice, so it can be referred to by either role name.

P.U.P-iDFDI.0
DF.IS.PDFFA.8

Flow of Data from FlowsFrom to FlowsTo is in service: if process FlowsFrom is in service and able to access the data, and all the steps in the chain of processes between FlowsFrom and FlowsTo are in service, then the flow of Data from FlowsFrom to FlowsTo will be in service and potentially subject to attack, unless disabled.
P.U.P-iDFDI.0
DF.I.HDBDRDF.0

Loss of reliability at DB corrupts outbound flow of data Data to FlowsTo: if there is a loss of reliability at process DB it may send corrupt output Data to FlowsTo. Normally, this is not considered likely when DB is acting only as a data relay, but DB is a DB process which processes incoming queries before requesting or forwarding data, so a loss of reliability may lead to the wrong data being retrieved or updated.
P.U.P-iDFDI.0
DF.I.HDBDSDF.0

Loss of reliability at DB corrupts outbound flow of data Data to FlowsTo: if there is a loss of reliability at process DB it may send corrupt output Data to FlowsTo. Normally, this is not considered likely when DB is serving stored data, but DB is a DB process, so it selects data by processes incoming queries, so a loss of reliability may lead to retrieval or update of the wrong data.
P.U.P-iDFDI.0
DF.I.HDCDF.0

Cached flow of data Data from FlowsFrom to FlowsTo corrupted on Host: if the flow of Data from FlowsFrom to FlowsTo is cached on Host, and the cache is corrupt, the data flow will be affected. This is a secondary threat whereby changes to the cache propagate to the data flow - the cause is whatever caused the cache to lose integrity.
P.U.P-iDFDI.0
DF.I.HPDSDADF.0

Service Process serves a corrupt stored copy of data Data to FlowsTo: if the locally stored copy of Data on Host served by Process is corrupt, so will the flow of Data served to FlowsTo.
P.U.P-iDFDI.0
DF.I.HP-iDODF.0

Loss of reliability at Process corrupts outbound flow of data Data to FlowsTo: if there is a loss of reliability at process Process it may send corrupt output Data to FlowsTo.
P.U.P-iDFDI.0
DF.I.HuirPiDF.0

User Human interacting with Process provides incorrect input Data: user Human provides incorrect input Data to Process, due to having previously received corrupt data from the system.
P.U.P-iDFDI.0
DF.I.DScSePDmFF.0.1

Corrupt control input causes loss of integrity in output Data from Sensor: if the control input to Sensor is faulty or corrupt, then measurement of the environment by Sensor will be affected, leading to faulty or corrupt sensor output Data.
P.U.P-iDFDI.0
DF.I.DScSePDmFF.0.2

Out of date control input causes loss of integrity in output Data from Sensor: if the control input to Sensor is out of date, and Sensor depends on real-time updating of this input, then measurement of the environment by Sensor will be affected, leading to faulty or corrupt sensor output Data.

        (empty)

CSG-AutoSuspendCorruptDataFlow

The flow of data Data from FlowsFrom to FlowsTo can be automatically disabled to prevent corrupt or malicious content (including malware) from disrupting the receipient FlowsTo. This strategy represents a contingency plan, which can be used to reduce risk from some threats but it also triggers other threats representing possible side effects, depending on how likely it is that the contingency plan will need to be activated.

CSG-AutoSuspendCorruptDataFlow-Implementation-Runtime

The flow of data Data from FlowsFrom to FlowsTo has been automatically disabled to prevent corrupt or malicious content (including malware) from disrupting the receipient FlowsTo. This strategy represents activation of a contingency plan at runtime, and can be enabled to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. Activation at runtime requires FlowsTo to be managed by a suitable adaptation framework. The Disabled Data Flow control should be deselected if and when the flow of data is enabled once again.

CSG-SuspendCorruptDataFlow

The flow of data Data from FlowsFrom to FlowsTo can be temporarily blocked by the manager ProcessManager of recipient process FlowsTo to prevent corrupt or malicious content (including malware) from disrupting the process. This strategy represents a contingency plan, which can be used to reduce risk from some threats but it also triggers other threats representing possible side effects, depending on how likely it is that the contingency plan will need to be activated.

CSG-SuspendCorruptDataFlow-Implementation-Runtime

The flow of data Data from FlowsFrom to FlowsTo has been disabled by the manager ProcessManager of FlowsTo to prevent corrupt or malicious content (including malware) disrupting the process. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To activate it at runtime, signal user ProcessManager who is responsible for managing process FlowsTo. The Disabled Data Flow control should be deselected only when the flow of data is enabled again.