56 Copyright © 2009 Open Geospatial Consortium, Inc. Effect NA Result The adversary obtains information about taskID and status. Scope No application specific knowledge required. Example Likelihood Medium Impact on Asset None Impact on User None Potential The adversary can use the obtained taskIDs to update or even cancel the task. Reason Sabotage Requirement Confidentiality on the taskID in the request. Table 35: Record GetStatus requestresponse

9.5.8 Update operation

Asset: sensor assignment task Cause Man-In-The-Middle Effect SPS receives fraudulent Update request. Result SPS will change the processing of a running task according to the fraudulent values. Scope Application specific knowledge is required. In particular knowledge is required to change the request ―properly‖ in order to reach the goal. Example Likelihood Medium Impact on Asset Immediate affect on the asset. Impact on User Immediate affect on the use of the asset as the success of the desired modification is associated to a tamprered request. Potential NA Reason Sabotage Copyright © 2009 Open Geospatial Consortium, Inc. 57 Requirement Access Control to allow changing of running assignments for task owners only. Table 36: Modify Update request Cause Man-In-The-Middle Effect User client will receive fraudulent response on success of the assignment update. Result User will not know the correct status of the update. Scope Application specific knowledge is required. Example Likelihood Medium Impact on Asset None Impact on User The user does not receive the correct status associated to the issued Update request. potentially red, as it might affect further use Potential NA Reason Sabotage Requirement Integrity of the request. Table 37: Modify Update response Cause Adversary’s client is able to execute SPS Effect Update operation of the SPS is invoked containing a fraudulent request. Result The adversary might change the processing of one or many running assignments. Scope Application specific knowledge is required. In particular, the attacker has to know the valid taskID that shall be sabotaged and the correct assignment parameters. Example Likelihood Low Impact on Asset Immediate affect on asset Impact on User Affect on use of asset as the assignment created by the user is modified. It is therefore very likely that the production data are not associated to the actual tasking done by the user. Potential NA 58 Copyright © 2009 Open Geospatial Consortium, Inc. Reason Sabotage Requirement Access Control to prevent that only the owner of a task can issue an Update. Table 38: Create Update request Cause Eavesdropping and adversary’s client is able to execute SPS Effect Adversary’s client will send recorded Update request to SPS. Result SPS will modify associated assignment. Scope No application specific knowledge is required. Example Likelihood High Impact on Asset Immediate affect on asset if the previously recorded request can be applied another time Impact on Asset None if the replayed update request is rejected by the SPS. Impact on User Affect on the use of the asset and the production data if the replayed Update request was accepted by the SPS. Particularly true if user sends multiple update requests himself. Impact on User None if the replayed Update request was rejected by the SPS. Potential NA Reason Sabotage Requirement Unique request ID and time stamp as well as integrity. Table 39: Replay Update request Cause Eavesdropping Effect NA Result The adversary gains information about assignment parameters for a sensor. Scope No application specific knowledge is required. Example Likelihood Medium Copyright © 2009 Open Geospatial Consortium, Inc. 59 Impact on Asset None Impact on User None Potential Adversary can obtain assignment parameters for a sensor and taskID that can be used for future attacks. Reason Espionage Requirement Confidentiality Table 40: Record Update requestresponse

9.5.9 Cancel operation