Purpose
An AccessControl object represents some access restriction, commonly login functionality.
Connections

Object | Connection | Description | Function |
---|---|---|---|
Host | Authorization | Denotes that there is a login prompt to access the Host. | A missing AC results in automatic "login" (or represents that no login is needed). |
Router | Authorization | Denotes that there is a login prompt to access the Router. | A compromise of the administration network will compromise the router directly without an access control. |
Service | Authorization | Denotes that there is a login functionality to access the Service. | A compromise of the administration network will compromise the router directly without an access control. |
UserAccount | Non-Root Authorization | A User Account connects to an Access Control object stating that the access control functionality has an active user account present. | A connection to a UserAccount object represents the user account needed to bypass the AccessControl. It is mandatory to have at least one connection (either root or non-root) to a UserAccount. |
UserAccount | Root Authorization | A User Account connects to an Access Control object stating that the access control functionality has an active user account present. | A connection to a UserAccount object represents the user account needed to bypass the AccessControl. It is mandatory to have at least one connection (either root or non-root) to a UserAccount. |
Attack Steps and Defenses

Attack Step | Description | Leads to |
---|---|---|
Access | The possibility to reach the AccessControl functionality (but not traverse it). | AccessControl: ExtractPasswordRepository AccessControl: NonRootLogin AccessControl: RootLogin |
Extract Password Repository | The possibility to read the passwords accepted by the AccessControl. | UserAccount: GuessOffline |
Non Root Login | Logging in via the AccessControl using a non-root user account. | Host: UserAccess Router: Compromise Service: ApplicationLogin Service(shell): NonRootLogin |
Root Login | Logging in via the AccessControl using a root user account. | Host: Compromise Router: Compromise Service: ApplicationLogin Service(shell): RootLogin |
Defense | Description | Impact | Default |
---|---|---|---|
Backoff | Backoff is a contention control mechanism that reacts to failed login attempts and can delay or disrupt many consecutive tries. | The probability of GuessOffline AttackStep can be reduced if coupled with NoDefaultPassword | On |
Enabled | Enabled denotes that the Access Control mechanism is enabled and authenticates users for access to the connected asset. | If connected to a Service, Access Control can reduce the TTC of DeployExploit and prevent GuessOffline | On |
Hashed Password Repository | A Hashed Password Repository stores no passwords in clear text. Instead, one-way cryptographic hashes are stored to protect the password but still allow authentication. | Reduces the probability of GuessOffline. | On |
No Default Passwords | A special case of password guessing is the use of default passwords which are created for new accounts and software products. No Default Passwords denotes that all default passwords are removed. | Reduces the probability of GuessOnline | Off |
Password Policy Enforcement | Proactive password checkers and filters can enforce password policies which force users to create more complex password. In securiLang, Password Policy Enforcement denotes a checker with at least 8 character, one lowercase, one uppercase, one special sign and one number. | Prevents GuessOffline coupled with Hashed Password Repository and GuessOnline coupled with NoDefaultPasswords | Off |
Salting | Salting appends a random value to the password hash that makes the password cracking more difficult. | Prevents GuessOffline coupled with HashedPasswordRepository. | On |