The User object is representing a legitimate user in the environment.



User objects can be connected to Identity objects to define which identities a user has access to and is permitted to use. This is the way users interact with assets in the model.


Users are permitted to use identities which is the way they interact with assets in the model.



Attack step nameAttack step purpose
AttemptDeliverMaliciousRemovableMediaPrerequisite to DeliverMaliciousRemovableMedia.
AttemptSocialEngineeringAttempting to convince the user to do UnsafeUserActivity.
CredentialTheftStealing passwords and similar credentials.
DeliverMaliciousRemovableMediaThe attacker operation of delivering for instance a USB drive to a location accessible to the target user.
PasswordReuseCompromiseIf a user has multiple identities and the user-defense NoPasswordReuse is not enabled, chances are that the same credentials will unlock multiple identities.
PhishUserConvincing the user to do UnsafeUserActivity.
UnsafeUserActivityMaking the user execute malware or do similar operations on behalf of the attacker.


Defense nameDefense purpose
NoPasswordReuseThe user is expected to use unique passwords to all identities.
SecurityAwarenessLowers the probability of succeeding with UnsafeUserActivity (i.e. succeeding with the prerequisite attempt-operations related to UnsafeUserActivity).