A Dataflow object is used to represent communication between a client and a service.
An association to Client shows which client is connected to the Dataflow. The Client is the initiator of the communication contained in the Dataflow.
Association to Client is mandatory.
The other end of the communication is connected to a service.
Association to Service is mandatory.
A connection to a Keystore object denotes that the key to decrypt the Dataflow is stored in the Keystore.
A missing connection to a Keystore prevents the Attacker from bypassing the encryption and authentication on the Dataflow through a Keystore.
An association to a Protocol object adds attributes describing the protection level of the protocol used by the dataflow.
Association to Protocol is mandatory.
An association to a Datastore object represents the data the Dataflow may contain. If a Service is connected to a Datastore, the corresponding Dataflow should also be connected to the Datastore.
An association to Datastore has no direct impact on the Dataflow. However, it can allow attack to the Datastore through the dataflow.
An association to a network denotes communication with all other assets on the network.
A missing network association can help prevent Access and DenialOfService.
An association to a Router object tells what router is allowing the dataflow to travel from one network to another network. Additionally, if the Router has associations to a NIDS and/or IPS, then these defenses will also protect the Dataflow (given that it is not encrypted).
A missing Router association prevents data from passing through the router when the Router is connected to a Firewall.
Connect a Firewall to a Dataflow to denote that the Dataflow is allowed to traverse the Firewall's Router
Can prevent Forwarding.
A connection to an IPS denotes that the IPS is actively trying to prevent intrusions via the connected Dataflows (given that it is not encrypted).
A missing IPS will reduce the time needed to attack through the Dataflow.
The possibility to access the Dataflow (encrypted or not).
Denial of Service
The possibility to block the service this application is supposed to provide.
The possibility to listen to and read the Dataflow.
The possibility to trick the endpoints of the Dataflow to communicate with another endpoint.
The possibility to repeat the dataflow content without the Client or Server noticing.
The possibility to initiate the Dataflow.
The possibility to reply to a client request.
Defenses to a Dataflow are held in the Protocol object.
Updated 9 months ago