The Datastore object represents logical storage of data. It is up to the modeler to decide if the Datastore shall represent a file system, a database (or part of it), a directory or some other amount of data we are interested in modeling.
The reason that five Datastore objects are depicted above is that there are restrictions in \sCAD\ on how many different objects each Datastore object is allowed to be connected to.
|Host||Database Execution||Database Execution & Represents a database, directory or any data located on or accessible data through the Host.||A Host connected to a Datastore can cause Read and Write access to the Datastore from the Host.|
|Client||Database Execution||Denotes information storage that is reachable by the Client e.g. a cache or files on the file system where the Client has the appropriate rights.||A Client connected to a Datastore can cause Read and Write access to the Datastore from the Client.|
|Service||Database Execution||Denotes information storage that is reachable by the Service e.g. a database.||A Service connected to a Datastore can cause Read and Write access to the Datastore from the Service.|
|Web Application||WebApplication||A connection to a Web Application denotes that the Datastore is available to the Web Application.||A connected Web Application can cause Read and Write access through SQLinjections.|
|Keystore||Authentication||A connection to a Keystore object denotes that the key to decrypt the Datastore is stored in the Keystore.||A missing connection to a Keystore prevents Read access to an encrypted Datastore through a Keystore.|
|Dataflow||Communication||An association to a Dataflow object represents the data the Dataflow may contain. If a Service is connected to a Datastore, the corresponding Dataflow should also be connected to the Datastore.||An association to a Dataflow can allow an attack to the Datastore through the Dataflow.|
When connecting a Keystore to a Datastore, it is required that the Datastore is encrypted, i.e. the Encrypted defense of the Datastore needs to be set to On. The following message is a reminder of that;
Datastore objects can only be connected to one other object each. This means that if you have a Host and a Service connected, and you try to connect them to the same Datastore, you will get the following message saying that this is not allowed.
When you want to make the above connection, what you are probably trying to model is that the Service running on the Host has access to the Host’s local storage. This is of course true, but in this case we recommend you to model one Datastore representing the Host’s local storage and one Datastore representing the actual data (directories) the Service has access to and is making available to remote users.
Also, sharing Datastores between hosts and services is not allowed/supported.
Attack Steps and Defenses
|Attack Step||Description||Leads to|
|Delete||The possibility to delete data from the Datastore.||Nothing.|
|Read||The possibility to read the data in the Datastore.||Nothing.|
|Write||The possibility to add data to the Datastore.||Nothing.|
|Encrypted||Whether the data in the Datastore is encrypted or not.||An Encrypted Datastore can help mitigate ManInTheMiddle attacks.||Off|