A Client object represents a piece of software able to establish communication via the network. When modeling, Client software is in general seen as the software initiating communication in an information exchange. Only network related applications, capable of initiating a communication, shall be modeled as Client objects.


HostNon-Root Client ExecutionWhich Host object the Client software is hosted by/running on. Non-Root is telling that it is run as a regular/non-privileged user.Mandatory.
HostRoot Client ExecutionWhich Host object the Client software is hosted by/running on. Root is telling that it is run as the root/administrator system user.Mandatory.
DataflowCommunicationWhen a Client is contacting a Service object, requesting some piece of data, it is done via the connected Dataflow object.A missing Dataflow association can prevent ManInTheMiddle, DenialOfService, Access and Request attacks.
DatastoreDatabase ExecutionDenotes information storage that is reachable by the Client e.g. a cache or files on the file system where the Client has the appropriate rights.A missing Datastore has no direct impact on the Client but can prevent Read and Write access to the Datastore from the Client.
KeystoreKeystore ExecutionA connection to a Keystore object denotes that the Keystore is hosted by the Client.A missing connection to a Keystore prevents Read access on a Keystore through Clients.
SoftwareProductSoftware PropertiesDescribes what type of software the client is, or, actually, what properties it has.Mandatory.


The Client object has an extra attribute; Existence. Existence can be either On, Off or set to a probability between 0 and 1. Existence is used to set a probability to an object being present or not. Examples of use cases are found in the Attack Vector chapter. The default value for Existence is On.

Attack Steps and Defenses

Attack StepDescriptionLeads to
BypassAntiMalwareypassing the anti malware software protecting the client.Client: Compromise
BypassIDSypassing the Host IDS (HIDS) if one exists.Client: BypassAntiMalware
CompromiseThe possibility to control/own it. If the Host object the Client is connected to (hosted by) is compromised, the Client is also considered to be compromised.Dataflow: Request
Dataflow: ManInTheMiddle
Dataflow: Access
Datastore: Read
Datastore: Write
Datastore: delete
Keystore: Read
Keystore: Delete
Client: DenialOfService
Client(non-root): Host.UserAccess
Client(root): Host.Compromise
Denial of ServiceThe possibility to block the service this application is supposed to provide.Dataflow: DenialOfService
DeployExploitThe possibility to use a vulnerability of the clientClient: BypassIDS
FindExploitThe possibility to discover a vulnerability related to this client.Client: DeployExploit
UserAccessAccessing the client as a regular user from the network.Client: FindExploit
PatchedDenotes whether the Client has all applicable software security patches implemented.Can prevent an Attacker from obtaining an exploit.0.5

What’s Next