Added threat P.O.PILSsSC.0 to propagate DoS overload on an Interface …

…to any Service listening on that Interface. Fills another gap related to issue #26.

csv/MatchingPattern.csv

@@ -688,6 +688,7 @@ package#ProcessComms,domain#MP-PCaTSSCAP,PCaTSSCAP,Finds an attack path path via
 package#ProcessComms,domain#MP-PCaTSSCCC,PCaTSSCCC,Finds a client channel via a service channel which gives access to a service in a process context.,domain#R-PCaTSSCCC,FALSE,FALSE
 package#ProcessComms,domain#MP-PCCPCCS,PCCPCCS,"Finds a client that is a specialised service proxy, with access to a service proxy, that in turn has access to a service.",domain#R-PCCPCCS,FALSE,FALSE
 package#ProcessComms,domain#MP-PDFFA,PDFFA,"Finds a Data Flow, its source and destination processes, a related data use element at the source, and optionally the two process managers.",domain#R-PDFFA,FALSE,FALSE
+package#ProcessComms,domain#MP-PILSsSC,PILSsSC,"Finds a Process running on a Host connected via an Interface to a Logical Subnet, where the Process acts as a Service to at least one client communicating over that Interface, any of which is sufficient to cause a threat.",domain#R-PILS,FALSE,FALSE
 package#ProcessComms,domain#MP-PNacS,PNacS,"Finds a host running a service accessed by an authentication proxy, plus the associated client channel, contexts in which the service can be accessed, and optionally the managers of the client proxy, service and service host.",domain#R-PNacS,FALSE,FALSE
 package#ProcessComms,domain#MP-PnPnS-U,PnPnS-U,"Finds a client using a service via an authentication proxy (i.e. the proxy forwards credentials), where there is no link yet indicating indirect usage.",domain#R-PnPnS,FALSE,FALSE
 package#ProcessComms,domain#MP-PurRASuSH,PurRASuSH,"Finds a process acting as a reverse proxy, which can remotely use a remote access service that uses a collocated process.",domain#R-PurRASuSH,FALSE,FALSE

csv/MatchingPatternLinks.csv

@@ -1301,6 +1301,9 @@ package#ProcessComms,domain#MP-PCCPCCS,domain#Link-ServiceManager-manages-Servic
 package#ProcessComms,domain#MP-PDFFA,domain#Link-DataFlow-flowsViaChannel-ClientChannel,FALSE
 package#ProcessComms,domain#MP-PDFFA,domain#Link-Human-manages-FlowsFrom,FALSE
 package#ProcessComms,domain#MP-PDFFA,domain#Link-ProcessManager-manages-FlowsTo,FALSE
+package#ProcessComms,domain#MP-PILSsSC,domain#Link-HostManager-manages-SHost,FALSE
+package#ProcessComms,domain#MP-PILSsSC,domain#Link-ServiceChannel-channelTo-Service,FALSE
+package#ProcessComms,domain#MP-PILSsSC,domain#Link-ServiceChannel-toInterface-Interface,FALSE
 package#ProcessComms,domain#MP-PNacS,domain#Link-HostManager-manages-SHost,FALSE
 package#ProcessComms,domain#MP-PNacS,domain#Link-Human-manages-Client,FALSE
 package#ProcessComms,domain#MP-PNacS,domain#Link-ProcAccess-accessTo-Service,FALSE

csv/MatchingPatternNodes.csv

@@ -739,6 +739,8 @@ package#ProcessComms,domain#MP-PCCPCCS,domain#Node-ServiceManager-Human,FALSE,FA
 package#ProcessComms,domain#MP-PDFFA,domain#Node-ClientChannel-ClientChannel,TRUE,FALSE,FALSE
 package#ProcessComms,domain#MP-PDFFA,domain#Node-Human-Human,FALSE,FALSE,FALSE
 package#ProcessComms,domain#MP-PDFFA,domain#Node-ProcessManager-Human,FALSE,FALSE,FALSE
+package#ProcessComms,domain#MP-PILSsSC,domain#Node-HostManager-Human,FALSE,FALSE,FALSE
+package#ProcessComms,domain#MP-PILSsSC,domain#Node-ServiceChannel-ServiceChannel,TRUE,FALSE,TRUE
 package#ProcessComms,domain#MP-PNacS,domain#Node-HostManager-Human,FALSE,FALSE,FALSE
 package#ProcessComms,domain#MP-PNacS,domain#Node-Human-Human,FALSE,FALSE,FALSE
 package#ProcessComms,domain#MP-PNacS,domain#Node-ProcAccess-PContext,TRUE,FALSE,FALSE

csv/RootPattern.csv

@@ -587,6 +587,7 @@ package#ProcessComms,domain#R-PCaFCSCCC,PCaFCSCCC,Finds a client channel via a s
 package#ProcessComms,domain#R-PCaTSSCAP,PCaTSSCAP,Finds an attack path path via a service channel on which a service is accessible in a process context.,FALSE,FALSE
 package#ProcessComms,domain#R-PCaTSSCCC,PCaTSSCCC,Finds a client channel via a service channel which gives access to a service in a process context.,FALSE,FALSE
 package#ProcessComms,domain#R-PCCPCCS,PCCPCCS,"Finds a client that is a specialised service proxy, with access to a service proxy, that in turn has access to a service.",FALSE,FALSE
+package#ProcessComms,domain#R-PILS,PILS,Finds a Process running on a Host connected via an Interface to a Logical Subnet.,FALSE,FALSE
 package#ProcessComms,domain#R-PNacS,PNacS,"Finds a host running a service accessed by an authentication proxy, plus the associated client channel.",FALSE,FALSE
 package#ProcessComms,domain#R-PnPnS,PnPnS,Finds a client using a service via an authentication proxy (i.e. the proxy forwards credentials).,FALSE,FALSE
 package#ProcessComms,domain#R-PurRASuSH,PurRASuSH,"Finds a process acting as a reverse proxy, which can remotely use a remote access service that uses a collocated process.",FALSE,FALSE

csv/RootPatternLinks.csv

@@ -2632,6 +2632,9 @@ package#ProcessComms,domain#R-PCCPCCS,domain#Link-Client-usesViaAuthenticatingPr
 package#ProcessComms,domain#R-PCCPCCS,domain#Link-ProxyChannel-channelFrom-Service
 package#ProcessComms,domain#R-PCCPCCS,domain#Link-ProxyChannel-channelTo-Process
 package#ProcessComms,domain#R-PCCPCCS,domain#Link-SHost-hosts-Service
+package#ProcessComms,domain#R-PILS,domain#Link-Interface-connectsFrom-SHost
+package#ProcessComms,domain#R-PILS,domain#Link-Interface-connectsTo-LogicalSubnet
+package#ProcessComms,domain#R-PILS,domain#Link-SHost-hosts-Service
 package#ProcessComms,domain#R-PNacS,domain#Link-ClientChannel-channelFrom-Client
 package#ProcessComms,domain#R-PNacS,domain#Link-ClientChannel-channelTo-Service
 package#ProcessComms,domain#R-PNacS,domain#Link-Service-controls-Client

csv/RootPatternNodes.csv

@@ -2636,6 +2636,10 @@ package#ProcessComms,domain#R-PCCPCCS,domain#Node-Process-Process,TRUE
 package#ProcessComms,domain#R-PCCPCCS,domain#Node-ProxyChannel-ClientChannel,TRUE
 package#ProcessComms,domain#R-PCCPCCS,domain#Node-Service-ServiceProxy,TRUE
 package#ProcessComms,domain#R-PCCPCCS,domain#Node-SHost-Host,TRUE
+package#ProcessComms,domain#R-PILS,domain#Node-Interface-Interface,TRUE
+package#ProcessComms,domain#R-PILS,domain#Node-LogicalSubnet-LogicalSubnet,TRUE
+package#ProcessComms,domain#R-PILS,domain#Node-Service-Process,TRUE
+package#ProcessComms,domain#R-PILS,domain#Node-SHost-Host,TRUE
 package#ProcessComms,domain#R-PNacS,domain#Node-ClientChannel-ClientChannel,TRUE
 package#ProcessComms,domain#R-PNacS,domain#Node-Client-Process,TRUE
 package#ProcessComms,domain#R-PNacS,domain#Node-Service-Process,TRUE

csv/Threat.csv

@@ -448,6 +448,7 @@ package#ProcessComms,domain#P.O.CCDFSFS.0,P.O.CCDFSFS.0,domain#Category-DenialOf
 package#ProcessComms,domain#P.O.CCDFSTS.0,P.O.CCDFSTS.0,domain#Category-DenialOfServiceAttacks,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Excessive flow of data _Data_ via _Client_ overloads _Service_: if the flow of data _Data_ reaching _Service_ via _Client_ is excessive, it may overload _Service_.",domain#MP-CCDFSTS,domain#Role_Service
 package#ProcessComms,domain#P.O.DDoS.3,P.O.DDoS.3,domain#Category-DenialOfServiceAttacks,FALSE,FALSE,domain#LikelihoodMedium,TRUE,TRUE,Distributed DoS attack on service _Process_ from subnet _LogicalSubnet_: an attacker with control over multiple vulnerable systems connected to _LogicalSubnet_ can use them to send excessive messages via a privileged network paths through firewalls and overload service _Process_. The best defence is to arrange with your ISP to manage and restrict the traffic sent from the Internet (check threat causes for an unrestricted network interface).,domain#MP-DDoS,domain#Role_Process
 package#ProcessComms,domain#P.O.DoS.3,P.O.DoS.3,domain#Category-DenialOfServiceAttacks,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"DoS attack on service _Process_ from subnet _LogicalSubnet_: an attacker with access to _LogicalSubnet_can exploit a privileged network path through firewalls allowing access to service _Process_, sending too many messages and overloading _Process_. The best defence is to manage and restrict the traffic sent to the service at one of the inbound network interfaces (check threat causes for unrestricted network interfaces).",domain#MP-DoS,domain#Role_Process
+package#ProcessComms,domain#P.O.PILSsSC.0,P.O.PILSsSC.0,domain#Category-SecondaryThreats,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Service _Service_ running on host _SHost_ overloaded by messages from _LogicalSubnet_: if the interface between _SHost_ and _LogicalSubnet_ is overloaded, and service _Service_ is listening for client messages on that interface, then the overload also affects _Service_.",domain#MP-PILSsSC,domain#Role_Service
 package#ProcessComms,domain#SAP.IS.CAPSAP.8,SAP.IS.CAPSAP.8,domain#Category-NormalOperation,FALSE,TRUE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Privileged network paths to reach service _Process_ from _Client_ via _LogicalSubnet_ are open: messages can be sent from _LogicalSubnet_ to _Process_ thanks to firewall policy exceptions created to allow access by _Client_, which may be exploited by an attacker.",domain#MP-CAPSAP,domain#Role_ServiceAttackPath
 package#ProcessComms,domain#SC.A.CCCmSCS.0,SC.A.CCCmSCS.0,domain#Category-SecondaryThreats,TRUE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,Client _Client_ cannot access unavailable service _Service_: loss of availability in the service _Service_ makes the connection from _Client_ unavailable on all channels.,domain#MP-CCCmSCS,domain#Role_ServiceChannel
 package#ProcessComms,domain#SC.A.CCfImSC.0,SC.A.CCfImSC.0,domain#Category-SecondaryThreats,TRUE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Connection from _CHost_ to _LogicalSubnet_ affects communication between _Client_ and _Service_: if the connection of device _CHost_ running _Client_ and subnet _LogicalSubnet_ is not available, this will affect the communication channel between client _Client_ and service _Service_.",domain#MP-CCfImSC,domain#Role_ServiceChannel

csv/ThreatEffects.csv

@@ -432,6 +432,7 @@ package#ProcessComms,domain#P.O.CCDFSFS.0,domain#MS-Overloaded-Service
 package#ProcessComms,domain#P.O.CCDFSTS.0,domain#MS-Overloaded-Service
 package#ProcessComms,domain#P.O.DDoS.3,domain#MS-Overloaded-Process
 package#ProcessComms,domain#P.O.DoS.3,domain#MS-Overloaded-Process
+package#ProcessComms,domain#P.O.PILSsSC.0,domain#MS-Overloaded-Service
 package#ProcessComms,domain#SAP.IS.CAPSAP.8,domain#MS-InService-ServiceAttackPath
 package#ProcessComms,domain#SC.A.CCCmSCS.0,domain#MS-LossOfConnectivity-ServiceChannel
 package#ProcessComms,domain#SC.A.CCfImSC.0,domain#MS-LossOfConnectivity-ServiceChannel

csv/ThreatSEC.csv

@@ -156,6 +156,8 @@ package#ProcessComms,domain#P.O.CCDFSFS.0,domain#MS-InService-ClientChannel
 package#ProcessComms,domain#P.O.CCDFSFS.0,domain#MS-Overloaded-DataStep
 package#ProcessComms,domain#P.O.CCDFSTS.0,domain#MS-InService-ClientChannel
 package#ProcessComms,domain#P.O.CCDFSTS.0,domain#MS-Overloaded-DataStep
+package#ProcessComms,domain#P.O.PILSsSC.0,domain#MS-InService-ServiceChannel
+package#ProcessComms,domain#P.O.PILSsSC.0,domain#MS-Overloaded-Interface
 package#ProcessComms,domain#SC.A.CCCmSCS.0,domain#MS-LossOfAvailability-Service
 package#ProcessComms,domain#SC.A.CCfImSC.0,domain#MS-LossOfAvailability-Interface
 package#ProcessComms,domain#SC.A.CCtImSC.0,domain#MS-LossOfAvailability-Interface