56 Copyright © 2009 Open Geospatial Consortium, Inc.
Effect NA
Result The adversary obtains information about taskID and status.
Scope No application specific knowledge required.
Example Likelihood
Medium Impact on Asset
None Impact on User
None Potential
The adversary can use the obtained taskIDs to update or even cancel the task. Reason
Sabotage Requirement
Confidentiality on the taskID in the request.
Table 35: Record GetStatus requestresponse
9.5.8 Update operation
Asset: sensor assignment task
Cause Man-In-The-Middle
Effect SPS receives fraudulent Update request.
Result SPS will change the processing of a running task according to the fraudulent values.
Scope Application specific knowledge is required. In particular knowledge is required to
change the request ―properly‖ in order to reach the goal. Example
Likelihood Medium
Impact on Asset Immediate affect on the asset.
Impact on User Immediate affect on the use of the asset as the success of the desired modification is
associated to a tamprered request. Potential
NA Reason
Sabotage
Copyright © 2009 Open Geospatial Consortium, Inc. 57
Requirement Access Control to allow changing of running assignments for task owners only.
Table 36: Modify Update request
Cause Man-In-The-Middle
Effect User client will receive fraudulent response on success of the assignment update.
Result User will not know the correct status of the update.
Scope Application specific knowledge is required.
Example Likelihood
Medium Impact on Asset
None Impact on User
The user does not receive the correct status associated to the issued Update request. potentially red, as it might affect further use
Potential NA
Reason Sabotage
Requirement Integrity of the request.
Table 37: Modify Update response
Cause Adversary’s client is able to execute SPS
Effect Update operation of the SPS is invoked containing a fraudulent request.
Result The adversary might change the processing of one or many running assignments.
Scope Application specific knowledge is required. In particular, the attacker has to know
the valid taskID that shall be sabotaged and the correct assignment parameters. Example
Likelihood Low
Impact on Asset Immediate affect on asset
Impact on User Affect on use of asset as the assignment created by the user is modified. It is
therefore very likely that the production data are not associated to the actual tasking done by the user.
Potential NA
58 Copyright © 2009 Open Geospatial Consortium, Inc.
Reason Sabotage
Requirement Access Control to prevent that only the owner of a task can issue an Update.
Table 38: Create Update request
Cause Eavesdropping and adversary’s client is able to execute SPS
Effect Adversary’s client will send recorded Update request to SPS.
Result SPS will modify associated assignment.
Scope No application specific knowledge is required.
Example Likelihood
High Impact on Asset
Immediate affect on asset if the previously recorded request can be applied another time
Impact on Asset None if the replayed update request is rejected by the SPS.
Impact on User Affect on the use of the asset and the production data if the replayed Update
request was accepted by the SPS. Particularly true if user sends multiple update requests himself.
Impact on User None if the replayed Update request was rejected by the SPS.
Potential NA
Reason Sabotage
Requirement Unique request ID and time stamp as well as integrity.
Table 39: Replay Update request
Cause Eavesdropping
Effect NA
Result The adversary gains information about assignment parameters for a sensor.
Scope No application specific knowledge is required.
Example Likelihood
Medium
Copyright © 2009 Open Geospatial Consortium, Inc. 59
Impact on Asset None
Impact on User None
Potential Adversary can obtain assignment parameters for a sensor and taskID that can be
used for future attacks. Reason
Espionage Requirement
Confidentiality
Table 40: Record Update requestresponse
9.5.9 Cancel operation