Security Analysis threat scenarios#
Security Analysis threat scenarios
|
status: valid
|
||||
Note
Use all applicable threat scenarios to ensure a structured analysis. If there are additional threat scenarios needed, please enlarge the list of threat scenarios.
Purpose
In order to identify all potential security threats and attack vectors, which may target your feature or components from the platform, other features, components, etc., use the following framework of threat scenarios to check your completeness of the analysis.
Security Analysis threat scenarios#
2.1 Attack surfaces
Note
Attack surfaces are only to be considered if the feature and the related security controls are exposed through this specific interface. If the interface is not used by the feature or the related security controls, it is not an attack surface.
ID |
Threat cause attack surfaces |
Importance (can be used for prioritization) |
|---|---|---|
AS_01_01 |
Exposed network interfaces |
High |
AS_01_02 |
Exposed libraries and APIs |
Medium |
AS_01_04 |
Exposed basic software (module) interfaces |
Medium |
AS_01_05 |
Exposed operating system interfaces |
High |
AS_01_06 |
Exposed service stacks, e.g. communication stack |
High |
AS_01_07 |
Exposed configuration interfaces |
Medium |
AS_01_09 |
Exposed Debug and diagnostic interfaces |
High |
AS_01_10 |
Exposed memory regions |
High |
2.2 Communication:
Note
Receiving function is affected by information that is spoofed, tampered, disclosed, or subjected to denial of service from the attacker.
ID |
Threat cause communication threats |
Importance (can be used for prioritization) |
|---|---|---|
CO_01_01 |
Information passed via argument through a function call, or via writing/reading a variable being global to the two software functions susceptible to tampering |
High |
CO_01_02 |
Data or message tampering / replay / spoofing / disclosure |
High |
CO_01_03 |
Message injection / manipulation of sequence |
High |
CO_01_04 |
Information disclosure, leaked sensitive data |
High |
CO_01_05 |
Asymmetric information sent from a sender to multiple receivers allowing targeted attacks |
Medium |
CO_01_06 |
Information from a sender intercepted before reaching receivers |
High |
CO_01_07 |
Denial of service on communication channel |
High |
2.3 Shared information inputs
Note
Same information input used by multiple functions creating attack opportunities.
ID |
Threat cause shared information inputs |
Importance (can be used for prioritization) |
|---|---|---|
SI_01_02 |
Configuration data manipulation |
High |
SI_01_03 |
Shared secrets or cryptographic keys |
High |
SI_01_04 |
Basic (module) software passes data susceptible to injection attacks |
Medium |
SI_01_05 |
Data / function parameter arguments / messages delivered to multiple functions creating attack amplification |
Medium |
2.4 Unintended security impacts
Note
Unintended security impacts to function due to various vulnerabilities.
ID |
Threat cause unintended security impact |
Importance (can be used for prioritization) |
|---|---|---|
UI_01_01 |
Memory vulnerabilities enabling attacks |
High |
UI_01_02 |
Unauthorized memory access |
High |
UI_01_03 |
Buffer overflow attacks |
High |
UI_01_04 |
Deadlocks causing denial of service |
Medium |
UI_01_05 |
Livelocks causing denial of service |
Medium |
UI_01_06 |
Blocking of execution for denial of service |
High |
UI_01_07 |
Resource exhaustion attacks |
High |
UI_01_08 |
Control flow manipulation |
High |
UI_01_09 |
Race conditions |
High |
UI_01_10 |
CPU exhaustion attacks |
High |
UI_01_11 |
Memory exhaustion attacks |
High |
UI_01_12 |
Hardware resource attacks |
Medium |
2.5 Development threat scenarios
Note
Section shall be applied only once to analyze all attack vectors of the features. Results shall be checked during the analysis of new features if this is applicable to the feature.
ID |
Threat cause development threat scenarios |
Importance (can be used for prioritization) |
|---|---|---|
SC_01_02 |
Same development approaches creating common vulnerabilities (e.g. IDE, programming and/or modelling language) |
Medium |
SC_01_03 |
Same personnel introducing systematic vulnerabilities. |
Medium |
SC_01_04 |
Same social-cultural context introducing common weaknesses. |
Medium |
SC_01_05 |
Development vulnerabilities (e.g. human error, insufficient security training, insufficient secure coding practices). |
High |