mike1813
commented
6 days ago This is a loose end from issue #86, now moved to a separate issue so #86 can be closed.
Open mike1813 opened 6 days ago
mike1813
commented
6 days ago This is a loose end from issue #86, now moved to a separate issue so #86 can be closed.
A key vault is a service that can be used to manage keys needed to encrypt/decrypt data. They can improve data security by removing the need for a process that needs to send/save encrypted output or read encrypted input to store the keys on its host. Not having keys saved on the host prevents certain types of attacks in which the attacker cannot fully control the behaviour of such a process, but can gain some access to its host.
To model this, some threats to serialized data assets (Data Flow or Data Copy assets) that involve access to keys via the process host are suppressed where the data asset is controlled by a key vault process. These include threats leading to data access via access to such a key, and threats to data availability should the accessing process have no key (which would be represented by a control).
There are alternative threats where such a key vault is present. These include threats leading to data access if the relationship between the process and the key vault is compromied. However, there are no threats to the availability of a data asset where it is controlled by a key vault which cannot be accessed by the process. This gap should be fixed by adding a small number of new threats.