Purpose
A Keystore object is representing a location where a collection of login credential information such as Active Directory, Kerberos or a local directory of private keys. The essence of the Keystore object is that if an attacker manages to read it, it will give access to login information/credentials (UserAccounts) or encryption keys needed to decrypt Dataflow and Datastore when needed.
Connections
| Object | Connection | Description | Function |
|---|---|---|---|
| Host | Keystore Execution | A connection to a Host object denotes that the Keystore is hosted by the Host. | A missing connection to a Host prevents Read access through Hosts. |
| Client | Keystore Execution | A connection to a Client object denotes that the Keystore is hosted by the Client. | A missing connection to a Client prevents Read access through Clients. |
| Service | Keystore Execution | A connection to a Service object denotes that the Keystore is hosted by the Service. | A missing connection to a Service prevents Read access through Services. |
| WebApplication | Keystore Execution | A connection to a WebApplication object denotes that the Keystore is hosted by the WebApplication. | A missing connection to a WebApplication prevents Read access through WebApplications. |
| Dataflow | Authentication | A connection to a Dataflow object denotes that the key to decrypt the Dataflow is stored in the Keystore. | A missing connection to a Dataflow prevents the Attacker from bypassing the encryption and authentication on the Dataflow through a Keystore. |
| Datastore | Authentication | A connection to a Datastore object denotes that the key to decrypt the Datastore is stored in the Keystore. | A missing connection to a Datastore prevents Read access to an encrypted Datastore through a Keystore. |
| UserAccount | Authentication | A connection to a UserAccount object denotes that the credentials to the UserAccount is stored in the Keystore. | A missing connection to a UserAccount prevents compromise to a UserAccount through a Keystore. |
| User | Obtainable credentials | A connection to a User object denotes which User owns and knows the Keystore contents. | The possibility to obtain the Keystore contents from a partucular user. |
| PhysicalZone | Credential storage | A connection to a PhysicalZone object denotes where the Keystore content is located. | Access to the PhysicalZone gives access to the Keystore as well. |
Applicability
Since a keystore is defining where encryption/access keys are located, connecting a keystore to a datastore is only applicable when the datastore is encrypted. If not, you will not need any keys to read it once you reach it.
Attack Steps and Defenses
| Attack Step | Description | Leads to |
|---|---|---|
| Read | Reading the contents of the Keystore. | Dataflow: Eavesdrop Dataflow: ManInTheMiddle Datastore: Read Datastore: Write UserAccount: Compromise |
| Delete | Deleting the contents of the Keystore. | Dataflow: DenialOfService Datastore: Delete Datastore: Dataflow.DenialOfService |
| Defense | Description | Impact | Default |
|---|---|---|---|
| Encrypted | Whether the data in the Keystore is encrypted or not. | An Encrypted Keystore can help prevents Read. | Off |