214
Element to protect Risk D/R/E/A/D rating Examples of Causes Mitigation and relevant Design Choices (for the latter see
Section 5.2.10)
policies enforce medium
securityattacker. Probe discovery of access policies by authorised, though
compromised internal attackers are subtler, and have to be dealt with
through adaptive security (e.g., recognise a malicious pattern in the
regular probing of security decision points).
DC A.16- 17 : probing detection/reaction performed by autonomous security
Disclosure of identities
and cryptographic
materialM/H/H/M/L
enforce strong securityNot specifically targeted – addressable through security management
(databases).Attacker denies legitimate
users access to
Infrastructure ServicesM/H/L/M/L
enforce medium
securityExclusion of the attacker, once identified as such through the Trust and
Reputation security Functional Component (see Section 4.2.2.7).Massive disclosure of
user's personal
informationH/L/L/H/L
enforce strong securitySecure storage of personal data with dedicated protection architecture
(e.g. firewall diodes that let data flow in one direction only) and access
control rules – this is part of security management.
Disruption of a global
serviceH/M/L/H/L
enforce strong securityReliance on all security Functional Components (see Section 4.2.2.7) +
proper security management.
This threat can also be addressed by multihoming. See DC P.3
(Replication of instances of Functional Components locally) and DC P.4
(Replication of instances of functional components in the cloud).Table 15 : DREAD assessment of the identified risks (see Table 14 ).