Trustworthiness Attribute ExploitTW

URI: ExploitTW

Description: Free of software vulnerabilities that are accessible to attackers.

This attribute is undermined by the misbehaviour LossOfExploitTW

AccessContext	Model of access rights, restricted to specific contexts.
Host	A device that can store, process, transmit or receive data.
Process	Represents a process (usually implemented by software running on a Host) that can read, update or create data, or exchange data with other processes.

H.A.HumH.6.2

Loss of availability through disabling vulnerable device Host: if device Host is vulnerable to attack, and the security control strategy is for its manager HostManager to disable Host to prevent the attack, this will cause a loss of availability.

P.A.HumHP-iT.6.2

Loss of availability through disabling vulnerable process Process: if process Process may be vulnerable to attack, and the contingency plan is that its host manager HostManager will disable Process to prevent adverse consequences, this may lead to a loss of availability.

CC.R.CDBSC.4

Query injection at Service into back end DB: an attacker having exploited a bug in Service when connected to DB, is able to send arbitrary queries to DB. This is modelled as an adverse behaviour in the inferred client channel representing their trust relationship, fulfilling the precondition for further threats using injected queries to access or alter data stored by DB.

DS.A.HDS.4

Attacker exploit at Host deletes Data: the attacker exploits a vulnerability in device Host and is able to delete or otherwise disable access to the stored copy of Data on the device.

DS.A.HPsACDAdDS.4

Attacker exploit at Process to delete Data: the attacker exploits a vulnerability in process Process and is able to delete or otherwise disable access to the stored copy of Data on its host device Host.

DS.Auth.HDS-V.4

Attacker exploit at Host alters stored copy of Data: the attacker exploits a vulnerability in device Host and is able to alter the stored copy of Data on the device.

DS.Auth.HPsACd-pDS-V.4

Attacker exploit at service Process alters Data stored on Host: the attacker exploits a vulnerability in process Process and is able to alter the stored copy of Data on its host device Host.

DS.Auth.HPsACdpDS-V.4

Attacker exploit at Process alters output Data stored on Host: the attacker exploits a vulnerability in process Process and is able to alter the stored copy of Data updated by the process on its host device Host.

DS.C.HDS-V.4

Attacker exploit at Host accesses stored data Data: the attacker is able to exploit a vulnerability in device Host gaining access to its stored copy of Data.

DS.C.HPsACr-pDS-V.4

Attacker exploit at Process accesses Data: the attacker is able to exploit a vulnerability in process Process and gains access to the stored copy of Data on device Host which is served by the process.

DS.C.HPsACrpDS-V.4

Attacker exploit at Process accesses its input Data: the attacker is able to exploit a vulnerability in process Process, gaining access to the stored copy of Data used by the process on its host device Host.

H.A.H.4

Attacker exploit disables Host: the attacker exploits a vulnerability in device Host and is able to crash the device.

H.L.HAC.4

Attacker exploit gains user privileges at Host in location Space: the attacker exploits a vulnerability in device Host when it is located in Space, and gains user level access to the device in that context.

H.M.HAC.4

Attacker exploit gains admin rights at Host when it is in location Space: the attacker exploits a vulnerability in device Host in context HostAccess and gains control over the device in that context.

H.M.HmACPAC.4

Attacker exploit at Process in location Space gains admin rights at Host: the attacker exploits a vulnerability in the process Process when its host Host is in Space, and is able to escalate privileges to gain admin rights on Host in that context.

P.A.HP-iT.4

Attacker exploit disables Process: the attacker exploits a vulnerability in the process Process and is able to crash it or otherwise prevent access to it.

P.L.HPAC.4

Attacker exploit takes control of Process in Space: the attacker exploits a vulnerability in process Process when its host Host is located in Space, giving them control of the process behaviour and access to its privileges on Host when in that location.