Purpose

A Keystore object is representing a location where a collection of login credential information such as Active Directory, Kerberos or a local directory of private keys. The essence of the Keystore object is that if an attacker manages to read it, it will give access to login information/credentials (UserAccounts) or encryption keys needed to decrypt Dataflow and Datastore when needed.

Connections

Object

Connection

Description

Function

Host

Keystore Execution

A connection to a Host object denotes that the Keystore is hosted by the Host.

A missing connection to a Host prevents Read access through Hosts.

Client

Keystore Execution

A connection to a Client object denotes that the Keystore is hosted by the Client.

A missing connection to a Client prevents Read access through Clients.

Service

Keystore Execution

A connection to a Service object denotes that the Keystore is hosted by the Service.

A missing connection to a Service prevents Read access through Services.

WebApplication

Keystore Execution

A connection to a WebApplication object denotes that the Keystore is hosted by the WebApplication.

A missing connection to a WebApplication prevents Read access through WebApplications.

Dataflow

Authentication

A connection to a Dataflow object denotes that the key to decrypt the Dataflow is stored in the Keystore.

A missing connection to a Dataflow prevents the Attacker from bypassing the encryption and authentication on the Dataflow through a Keystore.

Datastore

Authentication

A connection to a Datastore object denotes that the key to decrypt the Datastore is stored in the Keystore.

A missing connection to a Datastore prevents Read access to an encrypted Datastore through a Keystore.

UserAccount

Authentication

A connection to a UserAccount object denotes that the credentials to the UserAccount is stored in the Keystore.

A missing connection to a UserAccount prevents compromise to a UserAccount through a Keystore.

User

Obtainable credentials

A connection to a User object denotes which User owns and knows the Keystore contents.

The possibility to obtain the Keystore contents from a partucular user.

PhysicalZone

Credential storage

A connection to a PhysicalZone object denotes where the Keystore content is located.

Access to the PhysicalZone gives access to the Keystore as well.

Applicability

Since a keystore is defining where encryption/access keys are located, connecting a keystore to a datastore is only applicable when the datastore is encrypted. If not, you will not need any keys to read it once you reach it.

Attack Steps and Defenses

Attack Step

Description

Leads to

Read

Reading the contents of the Keystore.

Dataflow: Eavesdrop
Dataflow: ManInTheMiddle
Datastore: Read
Datastore: Write
UserAccount: Compromise

Delete

Deleting the contents of the Keystore.

Dataflow: DenialOfService
Datastore: Delete
Datastore: Dataflow.DenialOfService

Defense

Description

Impact

Default

Encrypted

Whether the data in the Keystore is encrypted or not.

An Encrypted Keystore can help prevents Read.

Off


What’s Next