A Dataflow object is used to represent communication between a client and a service.


Dataflow and Neighbouring Objects
Dataflow and Neighbouring Objects


ClientCommunicationAn association to Client shows which client is connected to the Dataflow. The Client is the initiator of the communication contained in the Dataflow.Association to Client is mandatory.
ServiceCommunicationhe other end of the communication is connected to a service.Association to Service is mandatory.
KeystoreAuthenticationA connection to a Keystore object denotes that the key to decrypt the Dataflow is stored in the Keystore.A missing connection to a Keystore prevents the Attacker from bypassing the encryption and authentication on the Dataflow through a Keystore.
ProtocolProtocol StatusAn association to a Protocol object adds attributes describing the protection level of the protocol used by the dataflow.Association to Protocol is mandatory.
DatastoreCommunicationAn association to a Datastore object represents the data the Dataflow may contain. If a Service is connected to a Datastore, the corresponding Dataflow should also be connected to the Datastore.An association to Datastore has no direct impact on the Dataflow. However, it can allow attack to the Datastore through the dataflow.
NetworkCommunicationAn association to a network denotes communication with all other assets on the network.A missing network association can help prevent Access and DenialOfService.
RouterCommunicationAn association to a Router object tells what router is allowing the dataflow to travel from one network to another network. Additionally, if the Router has associations to a NIDS and/or IPS, then these defenses will also protect the Dataflow (given that it is not encrypted).A missing Router association prevents data from passing through the router when the Router is connected to a Firewall.
FirewallPermissionConnect a Firewall to a Dataflow to denote that the Dataflow is allowed to traverse the Firewall's RouterCan prevent Forwarding.
IPSProtectionA connection to an IPS denotes that the IPS is actively trying to prevent intrusions via the connected Dataflows (given that it is not encrypted).A missing IPS will reduce the time needed to attack through the Dataflow.


Dataflow Existence
Dataflow Existence

Attack Steps and Defenses

Attack StepDescriptionLeads to
AccessThe possibility to access the Dataflow (encrypted or not).Dataflow: ManInTheMiddle
Dataflow: Eavesdrop
Dataflow: Replay
Dataflow: DenialOfService
Denial of ServiceThe possibility to block the service this application is supposed to provide.Nothing.
EavesdropThe possibility to listen to and read the Dataflow.Datastore: Read
ManInTheMiddleThe possibility to trick the endpoints of the Dataflow to communicate with another endpoint.Datastore: Read
Datastore: Write
Dataflow Respond
Dataflow: Request
ReplayThe possibility to repeat the dataflow content without the Client or Server noticing.Datastore: Write
Datastore: Delete
RequestThe possibility to initiate the Dataflow.Service: Connect
RespondThe possibility to reply to a client request.Client: UserAccess


No defensesDefenses to a Dataflow are held in the Protocol object.n/an/a