Dataflow
Purpose
A Dataflow object is used to represent communication between a client and a service.
Connections
Object | Connection | Description | Function |
|---|---|---|---|
Client | Communication | An association to Client shows which client is connected to the Dataflow. The Client is the initiator of the communication contained in the Dataflow. | Association to Client is mandatory. |
Service | Communication | The other end of the communication is connected to a service. | Association to Service is mandatory. |
Keystore | Authentication | A connection to a Keystore object denotes that the key to decrypt the Dataflow is stored in the Keystore. | A missing connection to a Keystore prevents the Attacker from bypassing the encryption and authentication on the Dataflow through a Keystore. |
Protocol | Protocol Status | An association to a Protocol object adds attributes describing the protection level of the protocol used by the dataflow. | Association to Protocol is mandatory. |
Datastore | Communication | An association to a Datastore object represents the data the Dataflow may contain. If a Service is connected to a Datastore, the corresponding Dataflow should also be connected to the Datastore. | An association to Datastore has no direct impact on the Dataflow. However, it can allow attack to the Datastore through the dataflow. |
Network | Communication | An association to a network denotes communication with all other assets on the network. | A missing network association can help prevent Access and DenialOfService. |
Router | Communication | An association to a Router object tells what router is allowing the dataflow to travel from one network to another network. Additionally, if the Router has associations to a NIDS and/or IPS, then these defenses will also protect the Dataflow (given that it is not encrypted). | A missing Router association prevents data from passing through the router when the Router is connected to a Firewall. |
Firewall | Permission | Connect a Firewall to a Dataflow to denote that the Dataflow is allowed to traverse the Firewall's Router | Can prevent Forwarding. |
IPS | Protection | A connection to an IPS denotes that the IPS is actively trying to prevent intrusions via the connected Dataflows (given that it is not encrypted). | A missing IPS will reduce the time needed to attack through the Dataflow. |
Existence
Attack Steps and Defenses
Attack Step | Description | Leads to |
|---|---|---|
Access | The possibility to access the Dataflow (encrypted or not). | Dataflow: ManInTheMiddle |
Denial of Service | The possibility to block the service this application is supposed to provide. | Nothing. |
Eavesdrop | The possibility to listen to and read the Dataflow. | Datastore: Read |
ManInTheMiddle | The possibility to trick the endpoints of the Dataflow to communicate with another endpoint. | Datastore: Read |
Replay | The possibility to repeat the dataflow content without the Client or Server noticing. | Datastore: Write |
Request | The possibility to initiate the Dataflow. | Service: Connect |
Respond | The possibility to reply to a client request. | Client: UserAccess |
Defense | Description | Impact | Default |
|---|---|---|---|
No defenses | Defenses to a Dataflow are held in the Protocol object. | n/a | n/a |
Updated about 1 year ago