Purpose
A Client object represents a piece of software able to establish communication via the network. When modeling, Client software is in general seen as the software initiating communication in an information exchange. Only network related applications, capable of initiating a communication, shall be modeled as Client objects.
Connections
| Object | Connection | Description | Function |
|---|---|---|---|
| Host | Non-Root Client Execution | Which Host object the Client software is hosted by/running on. Non-Root is telling that it is run as a regular/non-privileged user. | Mandatory. |
| Host | Root Client Execution | Which Host object the Client software is hosted by/running on. Root is telling that it is run as the root/administrator system user. | Mandatory. |
| Dataflow | Communication | When a Client is contacting a Service object, requesting some piece of data, it is done via the connected Dataflow object. | A missing Dataflow association can prevent ManInTheMiddle, DenialOfService, Access and Request attacks. |
| Datastore | Database Execution | Denotes information storage that is reachable by the Client e.g. a cache or files on the file system where the Client has the appropriate rights. | A missing Datastore has no direct impact on the Client but can prevent Read and Write access to the Datastore from the Client. |
| Keystore | Keystore Execution | A connection to a Keystore object denotes that the Keystore is hosted by the Client. | A missing connection to a Keystore prevents Read access on a Keystore through Clients. |
| SoftwareProduct | Software Properties | Describes what type of software the client is, or, actually, what properties it has. | Mandatory. |
Existence
The Client object has an extra attribute; Existence. Existence can be either On, Off or set to a probability between 0 and 1. Existence is used to set a probability to an object being present or not. Examples of use cases are found in the Attack Vector chapter. The default value for Existence is On.
Attack Steps and Defenses
| Attack Step | Description | Leads to |
|---|---|---|
| BypassAntiMalware | ypassing the anti malware software protecting the client. | Client: Compromise |
| BypassIDS | ypassing the Host IDS (HIDS) if one exists. | Client: BypassAntiMalware |
| Compromise | The possibility to control/own it. If the Host object the Client is connected to (hosted by) is compromised, the Client is also considered to be compromised. | Dataflow: Request Dataflow: ManInTheMiddle Dataflow: Access Datastore: Read Datastore: Write Datastore: delete Keystore: Read Keystore: Delete Client: DenialOfService Client(non-root): Host.UserAccess Client(root): Host.Compromise |
| Denial of Service | The possibility to block the service this application is supposed to provide. | Dataflow: DenialOfService |
| DeployExploit | The possibility to use a vulnerability of the client. | Client: BypassIDS |
| FindExploit | The possibility to discover a vulnerability related to this client. | Client: DeployExploit |
| UserAccess | Accessing the client as a regular user from the network. | Client: FindExploit |
| Defense | Description | Impact | Default |
|---|---|---|---|
| Patched | Denotes whether the Client has all applicable software security patches implemented. | Can prevent an Attacker from obtaining an exploit. | 0.5 |