209 various bugs: shoulder surfing

csv/CASetting.csv

@@ -792,6 +792,16 @@ package#DataLifecycle,domain#CAS-Encryption-DataFlow,domain#DataFlow,domain#Encr
 package#DataLifecycle,domain#CAS-IntegrityProtection-DataCache,domain#DataCache,domain#IntegrityProtection,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#DataLifecycle,domain#CAS-IntegrityProtection-DataCopy,domain#DataCopy,domain#IntegrityProtection,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#DataLifecycle,domain#CAS-IntegrityProtection-DataFlow,domain#DataFlow,domain#IntegrityProtection,TRUE,domain#TrustworthinessLevelSafe,TRUE
+package#DataLifecycle,domain#CAS-MinimalDataExposure-DataInput,domain#DataInput,domain#MinimalDataExposure,TRUE,domain#TrustworthinessLevelSafe,FALSE
+package#DataLifecycle,domain#CAS-MinimalDataExposure-DataOutput,domain#DataOutput,domain#MinimalDataExposure,TRUE,domain#TrustworthinessLevelSafe,FALSE
+package#DataLifecycle,domain#CAS-MinimalDataExposure-DataRelay,domain#DataRelay,domain#MinimalDataExposure,TRUE,domain#TrustworthinessLevelSafe,FALSE
+package#DataLifecycle,domain#CAS-MinimalDataExposure-DataUpdate,domain#DataUpdate,domain#MinimalDataExposure,TRUE,domain#TrustworthinessLevelSafe,FALSE
+package#DataLifecycle,domain#CAS-MinimalDataExposure-InputPool,domain#InputPool,domain#MinimalDataExposure,TRUE,domain#TrustworthinessLevelSafe,FALSE
+package#DataLifecycle,domain#CAS-MinimalDataExposure-OutputPool,domain#OutputPool,domain#MinimalDataExposure,TRUE,domain#TrustworthinessLevelSafe,FALSE
+package#DataLifecycle,domain#CAS-MinimalDataExposure-RemoteUserAccess,domain#RemoteUserAccess,domain#MinimalDataExposure,TRUE,domain#TrustworthinessLevelSafe,FALSE
+package#DataLifecycle,domain#CAS-MinimalDataExposure-StoredDataPool,domain#StoredDataPool,domain#MinimalDataExposure,TRUE,domain#TrustworthinessLevelSafe,FALSE
+package#DataLifecycle,domain#CAS-MinimalDataExposure-TempDataRelay,domain#TempDataRelay,domain#MinimalDataExposure,TRUE,domain#TrustworthinessLevelSafe,FALSE
+package#DataLifecycle,domain#CAS-MinimalDataExposure-UpdatePool,domain#UpdatePool,domain#MinimalDataExposure,TRUE,domain#TrustworthinessLevelSafe,FALSE
 package#DataLifecycle,domain#CAS-ParquetEncryption-DataCopy,domain#DataCopy,domain#ParquetEncryption,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#DataLifecycle,domain#CAS-Replication-DataCopy,domain#DataCopy,domain#Replication,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#DataLifecycle,domain#CAS-SuspendCorruptDataFlow-DataFlow,domain#DataFlow,domain#SuspendCorruptDataFlow,TRUE,domain#TrustworthinessLevelSafe,TRUE

csv/Control.csv

@@ -4,6 +4,7 @@ package#5G,domain#MultipleCellNIC,MultipleCellNIC,TRUE,Means the host can connec
 package#5G,domain#SIM,SIM,TRUE,"The host has a SIM card installed, which has been registered to an authorised user, allowing authentication of their device, especially when connecting to networks.",domain#CostLow,domain#PerformanceImpactVeryLow
 package#Application,domain#AccessPolicy,AccessPolicy,TRUE,There is an access policy associated with data specifying who is authorised to access the data.,domain#CostVeryLow,domain#PerformanceImpactVeryLow
 package#Application,domain#AntiMalware,AntiMalware,TRUE,The device has software installed that protects against malware.,domain#CostLow,domain#PerformanceImpactLow
+package#Application,domain#MinimalDataExposure,MinimalDataExposure,TRUE,The user interface for accessing certain data via a process displays only a small fraction of the data.,domain#CostVeryLow,domain#PerformanceImpactVeryLow
 package#Application,domain#SpamFiltering,SpamFiltering,TRUE,"The email user agent process has a means to scan emails, mark potentially malicious or unwanted emails as spam, and prevent them being seen by a user via the usual channel.",domain#CostVeryLow,domain#PerformanceImpactLow
 package#Application,domain#StaticData,StaticData,TRUE,"This control signifies that data is static, i.e. inserted into the system during deployment and never changed.",domain#CostVeryLow,domain#PerformanceImpactVeryLow
 package#Application,domain#SuspendInfectedHost,SuspendInfectedHost,TRUE,"The host may be temporarily taken out of service to prevent it being involved in an attack by automated malware to cause a security breach. This represents a contingency plan which will compromise availability, to an extent based on the likelihood of the attack.",domain#CostVeryLow,domain#PerformanceImpactVeryLow

csv/ControlLocations.csv

@@ -16,6 +16,7 @@ package#DataLifecycle,domain#DisabledDataFlow,domain#DataFlow
 package#DataLifecycle,domain#EncryptedProcessing,domain#DataAccess
 package#DataLifecycle,domain#Encryption,domain#DataAsset
 package#DataLifecycle,domain#IntegrityProtection,domain#DataAsset
+package#DataLifecycle,domain#MinimalDataExposure,domain#DataAccess
 package#DataLifecycle,domain#ParquetEncryption,domain#DataCopy
 package#DataLifecycle,domain#Replication,domain#DataCopy
 package#DataLifecycle,domain#SuspendCorruptDataFlow,domain#DataFlow

csv/ControlStrategy.csv

@@ -128,6 +128,7 @@ package#Network,domain#CSG-ManagerHostFaultRecovery,ManagerHostFaultRecovery,"Th
 package#Network,domain#CSG-ManagerHostFaultRecovery-Implementation-Runtime,ManagerHostFaultRecovery.Implementation,"The device _Host_ was found to have reliability or availability issues, and action has been taken by its manager _HostManager_ to correct the problem. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To implement the plan at runtime, signal _HostManager_ that the problem was detected with _Host_.",domain#TrustworthinessLevelSafe,TRUE,TRUE
 package#Network,domain#CSG-ManagerProcessFaultRecovery,ManagerProcessFaultRecovery,"The process _Process_ is monitored for reliability and availability, and if problems are found, the manager _HostManager_ of its host device _Host_ can take corrective action while waiting for updated software. This strategy represents a contingency plan included in the operating policies and practices if certain threats should arise, e.g. to roll back software to an older but more reliable version.",domain#TrustworthinessLevelSafe,FALSE,TRUE
 package#Network,domain#CSG-ManagerProcessFaultRecovery-Implementation-Runtime,ManagerProcessFaultRecovery.Implementation,"The process _Process_  was found to have reliability or availability issues, and action has been taken by the manager _HostManager_ of its host device to correct the problem. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To implement the plan at runtime, signal _HostManager_ that the problem was detected with _Process_.",domain#TrustworthinessLevelSafe,TRUE,TRUE
+package#Network,domain#CSG-NegligibleDataExposure,NegligibleDataExposure,"The user interface to process _Process_ displays only a small portion of data _Data_ at a time, such that if a user in the role _Human_ is trained to avoid prolonged exposure then the chance of significant data leakage to shoulder surfing is negligible. This does not represent a security measure, but an acceptance of the risk posed by a shoulder surfing threat. It should only be used to signal (to system-modeller) that the risk has been assessed and found to be negligible (acceptable), given the implementation (or proposed implementation) of _Process_.",domain#TrustworthinessLevelSafe,TRUE,TRUE
 package#Network,domain#CSG-NetworkAuthN-PSK,NetworkAuthN.PSK,"To prevent network spoofing, a gateway _Gateway_ providing the network and the supplicant device _Host_ can use a pre-shared key that can be verified by _Host_.",domain#TrustworthinessLevelSafe,TRUE,TRUE
 package#Network,domain#CSG-NetworkAuthN-PSK-Optional,NetworkAuthN.PSK,"To prevent network spoofing, a gateway _Gateway_ providing the network and the supplicant device _Host_ can use a pre-shared key that can be verified by _Host_.",domain#TrustworthinessLevelSafe,TRUE,TRUE
 package#Network,domain#CSG-NetworkAuthN-X509,NetworkAuthN.X509,"To prevent network spoofing, a gateway _Gateway_ providing the network can use an X509 (or otherwise trusted) key pair, verified by the supplicant device _Host_.",domain#TrustworthinessLevelSafe,TRUE,TRUE

csv/ControlStrategyBlocks.csv

@@ -9,6 +9,8 @@ package#Application,domain#CSG-AntiMalwareAtHost,domain#H.W.HuHWES.3
 package#Application,domain#CSG-AntiMalwareAtHost,domain#P.L.HuHE2AC.3
 package#Application,domain#CSG-IgnorePhysicalThreatsFromWorld,domain#D.C.HuiPiDCHS.3
 package#Application,domain#CSG-IgnorePhysicalThreatsFromWorld,domain#D.C.HuiRACHSPiD.3
+package#Application,domain#CSG-NegligibleDataExposure,domain#D.C.HuiPiDCHS.3
+package#Application,domain#CSG-NegligibleDataExposure,domain#D.C.HuiRACHSPiD.3
 package#Application,domain#CSG-PersonalDeviceProtection,domain#D.C.HuiPiDCHS.3
 package#Application,domain#CSG-PersonalDeviceProtection,domain#D.C.HuiRACHSPiD.3
 package#Application,domain#CSG-SpamFilteringAtMUA,domain#H.W.HuHE.3
@@ -169,6 +171,9 @@ package#DataLifecycle,domain#CSG-IgnorePhysicalThreatsFromWorld,domain#D.C.HuiPv
 package#DataLifecycle,domain#CSG-IgnorePhysicalThreatsFromWorld,domain#D.C.HuiPv-iDFCHS.3
 package#DataLifecycle,domain#CSG-IgnorePhysicalThreatsFromWorld,domain#D.C.HuiRACv-iDFCHS.3
 package#DataLifecycle,domain#CSG-IgnorePhysicalThreatsFromWorld,domain#DS.A.PHHDS.3
+package#DataLifecycle,domain#CSG-NegligibleDataExposure,domain#D.C.HuiPv-iD-FCHS.3
+package#DataLifecycle,domain#CSG-NegligibleDataExposure,domain#D.C.HuiPv-iDFCHS.3
+package#DataLifecycle,domain#CSG-NegligibleDataExposure,domain#D.C.HuiRACv-iDFCHS.3
 package#DataLifecycle,domain#CSG-ParquetDataEncryption,domain#DB.O.DSPDF-VDB.6.1
 package#DataLifecycle,domain#CSG-ParquetDataEncryption,domain#DB.O.DSPDF-VDB.6.2
 package#DataLifecycle,domain#CSG-ParquetDataEncryption,domain#DB.O.DSPDFVDB.6.1

csv/ControlStrategyControls.csv

@@ -255,6 +255,8 @@ package#Network,domain#CSG-ManagerProcessFaultRecovery,domain#CS-ProcessMonitori
 package#Network,domain#CSG-ManagerProcessFaultRecovery-Implementation-Runtime,domain#CS-ManualActionTaken-HostManager,FALSE
 package#Network,domain#CSG-ManagerProcessFaultRecovery-Implementation-Runtime,domain#CS-ManualIntervention-HostManager,FALSE
 package#Network,domain#CSG-ManagerProcessFaultRecovery-Implementation-Runtime,domain#CS-ProcessMonitoring-Process,FALSE
+package#Network,domain#CSG-NegligibleDataExposure,domain#CS-MinimalDataExposure-DataAccess,FALSE
+package#Network,domain#CSG-NegligibleDataExposure,domain#CS-SecurityTraining-Human,FALSE
 package#Network,domain#CSG-NetworkAuthN-PSK,domain#CS-SharedKey-Gateway,FALSE
 package#Network,domain#CSG-NetworkAuthN-PSK,domain#CS-SharedKey-Host,FALSE
 package#Network,domain#CSG-NetworkAuthN-PSK,domain#CS-SharedKeyVerifier-Host,FALSE

csv/ControlStrategyMitigates.csv

@@ -0,0 +1,2 @@
+package,URI,mitigates
+package#000000,domain#000000,mitigates

csv/RootPatternLinks.csv

@@ -894,6 +894,8 @@ package#DataLifecycle,domain#R-HuiDSPH,domain#Link-Host-storesCopy-DataCopy
 package#DataLifecycle,domain#R-HuiDSPH,domain#Link-Human-interactsRemotelyWith-Process
 package#DataLifecycle,domain#R-HuiDSPH,domain#Link-Process-enablesUserInput-Data
 package#DataLifecycle,domain#R-HuiDSPH,domain#Link-Process-processes-Data
+package#DataLifecycle,domain#R-HuiPiDCHS,domain#Link-DataAccess-usedBy-Process
+package#DataLifecycle,domain#R-HuiPiDCHS,domain#Link-DataAccess-usedFor-Data
 package#DataLifecycle,domain#R-HuiPvDCHS,domain#Link-DataAccess-usedBy-Process
 package#DataLifecycle,domain#R-HuiPvDCHS,domain#Link-DataAccess-usedFor-Data
 package#DataLifecycle,domain#R-HuiPvDCHS,domain#Link-Host-hosts-Process
@@ -914,6 +916,8 @@ package#DataLifecycle,domain#R-HuiPvDFCHS,domain#Link-ProcAccess-accessFrom-Spac
 package#DataLifecycle,domain#R-HuiPvDFCHS,domain#Link-ProcAccess-accessTo-Host
 package#DataLifecycle,domain#R-HuiPvDFCHS,domain#Link-ProcAccess-accessTo-Process
 package#DataLifecycle,domain#R-HuiPvDFCHS,domain#Link-Process-enablesUserOutput-Data
+package#DataLifecycle,domain#R-HuiRACHSPiD,domain#Link-DataAccess-usedBy-Process
+package#DataLifecycle,domain#R-HuiRACHSPiD,domain#Link-DataAccess-usedFor-Data
 package#DataLifecycle,domain#R-HuiRACvDFCHS,domain#Link-DataAccess-usedBy-Process
 package#DataLifecycle,domain#R-HuiRACvDFCHS,domain#Link-DataAccess-usedFor-Data
 package#DataLifecycle,domain#R-HuiRACvDFCHS,domain#Link-DataFlow-flowsFrom-Process

csv/RootPatternNodes.csv

@@ -905,6 +905,7 @@ package#DataLifecycle,domain#R-HuiDSPH,domain#Node-DataCopy-DataCopy,TRUE
 package#DataLifecycle,domain#R-HuiDSPH,domain#Node-Host-Host,TRUE
 package#DataLifecycle,domain#R-HuiDSPH,domain#Node-Human-Human,TRUE
 package#DataLifecycle,domain#R-HuiDSPH,domain#Node-Process-Process,TRUE
+package#DataLifecycle,domain#R-HuiPiDCHS,domain#Node-DataAccess-DataAccess,TRUE
 package#DataLifecycle,domain#R-HuiPvDCHS,domain#Node-Data-Data,TRUE
 package#DataLifecycle,domain#R-HuiPvDCHS,domain#Node-DataAccess-DataAccess,TRUE
 package#DataLifecycle,domain#R-HuiPvDCHS,domain#Node-Host-ConsoleHost,TRUE
@@ -920,6 +921,7 @@ package#DataLifecycle,domain#R-HuiPvDFCHS,domain#Node-Human-Human,TRUE
 package#DataLifecycle,domain#R-HuiPvDFCHS,domain#Node-ProcAccess-ProcessContext,TRUE
 package#DataLifecycle,domain#R-HuiPvDFCHS,domain#Node-Process-Process,TRUE
 package#DataLifecycle,domain#R-HuiPvDFCHS,domain#Node-Space-Space,TRUE
+package#DataLifecycle,domain#R-HuiRACHSPiD,domain#Node-DataAccess-DataAccess,TRUE
 package#DataLifecycle,domain#R-HuiRACvDFCHS,domain#Node-Data-Data,TRUE
 package#DataLifecycle,domain#R-HuiRACvDFCHS,domain#Node-DataAccess-DataAccess,TRUE
 package#DataLifecycle,domain#R-HuiRACvDFCHS,domain#Node-DataFlow-DataFlow,TRUE