Datastore

Purpose

The Datastore object represents logical storage of data. It is up to the modeler to decide if the Datastore shall represent a file system, a database (or part of it), a directory or some other amount of data we are interested in modeling.

Connections

The reason that five Datastore objects are depicted above is that there are restrictions in \sCAD\ on how many different objects each Datastore object is allowed to be connected to.

Object

Connection

Description

Function

Host

Database Execution

Database Execution & Represents a database, directory or any data located on or accessible data through the Host.

A Host connected to a Datastore can cause Read and Write access to the Datastore from the Host.

Client

Database Execution

Denotes information storage that is reachable by the Client e.g. a cache or files on the file system where the Client has the appropriate rights.

A Client connected to a Datastore can cause Read and Write access to the Datastore from the Client.

Service

Database Execution

Denotes information storage that is reachable by the Service e.g. a database.

A Service connected to a Datastore can cause Read and Write access to the Datastore from the Service.

Web Application

WebApplication

A connection to a Web Application denotes that the Datastore is available to the Web Application.

A connected Web Application can cause Read and Write access through SQLinjections.

Keystore

Authentication

A connection to a Keystore object denotes that the key to decrypt the Datastore is stored in the Keystore.

A missing connection to a Keystore prevents Read access to an encrypted Datastore through a Keystore.

Dataflow

Communication

An association to a Dataflow object represents the data the Dataflow may contain. If a Service is connected to a Datastore, the corresponding Dataflow should also be connected to the Datastore.

An association to a Dataflow can allow an attack to the Datastore through the Dataflow.

When connecting a Keystore to a Datastore, it is required that the Datastore is encrypted, i.e. the Encrypted defense of the Datastore needs to be set to On. The following message is a reminder of that;

Datastore objects can only be connected to one other object each. This means that if you have a Host and a Service connected, and you try to connect them to the same Datastore, you will get the following message saying that this is not allowed.

When you want to make the above connection, what you are probably trying to model is that the Service running on the Host has access to the Host’s local storage. This is of course true, but in this case we recommend you to model one Datastore representing the Host’s local storage and one Datastore representing the actual data (directories) the Service has access to and is making available to remote users.

Also, sharing Datastores between hosts and services is not allowed/supported.

Attack Steps and Defenses

Attack Step

Description

Leads to

Delete

The possibility to delete data from the Datastore.

Nothing.

Read

The possibility to read the data in the Datastore.

Nothing.

Write

The possibility to add data to the Datastore.

Nothing.

Defense

Description

Impact

Default

Encrypted

Whether the data in the Datastore is encrypted or not.

An Encrypted Datastore can help mitigate ManInTheMiddle attacks.

Off


What’s Next