DRAWINGSURFACE09e889f5-eba7-42f5-b7ce-0768e1ba3a3eDiagramNameEdgeX Foundry (Big Picture)DRAWINGSURFACEb3473744-b34d-4ac5-98f0-dd21b69964e8GE.EIb3473744-b34d-4ac5-98f0-dd21b69964e8BrowserNameBrowser/API CallerOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Not part of the EdgeX platform - just an access mechanism of EdgeX APIs and GUIPredefined Static AttributesTypetypeCode0Configurable AttributesAs Generic External InteractorAuthenticates ItselfauthenticatesItselfNot ApplicableNoYes0MicrosoftMSNoYes0SE.EI.TMCore.Browser1003611461008a339c5a-4d6f-4321-b1b8-5d90b1eb1e8cGE.EI8a339c5a-4d6f-4321-b1b8-5d90b1eb1e8cMegaserviceNameMegaservice - Cloud or EnterpriseOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic External InteractorAuthenticates ItselfauthenticatesItselfNot ApplicableNoYes0TypetypeNot SelectedCodeHuman1MicrosoftMSNoYes0SE.EI.TMCore.Megasevrice100271277100f1a6b0f6-ca2a-464b-b080-2e5c44379d80GE.DSf1a6b0f6-ca2a-464b-b080-2e5c44379d80Configuration FileNameConfiguration FilesOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesStore TypestoreTypeConfiguration0Configurable AttributesAs Generic Data StoreStores CredentialsstoresCredentialsNoYes0Stores Log DatastoresLogDataNoYes0EncryptedEncryptedNoYes0SignedSignedNoYes0Write AccessAccessTypeNoYes0Removable StorageRemoveableStorageNoYes0BackupBackupNoYes0SharedsharedNoYes0SE.DS.TMCore.ConfigFile100510153110009b85d08-5274-4c51-b43f-ccba994f67b8GE.P09b85d08-5274-4c51-b43f-ccba994f67b8Applications Running on a non Microsoft OSNameEdgeX FoundryOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic ProcessCode TypecodeTypeNot SelectedManagedUnmanaged0Running AsrunningAsNot SelectedKernelSystemNetwork ServiceLocal ServiceAdministratorStandard User With ElevationStandard User Without ElevationWindows Store App0Isolation LevelIsolationNot SelectedAppContainerLow Integrity LevelMicrosoft Office Isolated Conversion Environment (MOICE)Sandbox1Accepts Input FromacceptsInputFromNot SelectedAny Remote User or EntityKernel, System, or Local AdminLocal or Network ServiceLocal Standard User With ElevationLocal Standard User Without ElevationWindows Store Apps or App Container ProcessesNothingOther0Implements or Uses an Authentication MechanismimplementsAuthenticationSchemeNoYes0Implements or Uses an Authorization MechanismimplementsCustomAuthorizationMechanismNoYes0Implements or Uses a Communication ProtocolimplementsCommunicationProtocolNoYes0Sanitizes InputhasInputSanitizersNot SelectedYesNo0Sanitizes OutputhasOutputSanitizersNot SelectedYesNo0SE.P.TMCore.NonMS10072713331003719101d-cce1-4cc5-813e-ff655788aaf5GE.EI3719101d-cce1-4cc5-813e-ff655788aaf5Authorization ProviderNameNginxOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic External InteractorAuthenticates ItselfauthenticatesItselfNot ApplicableNoYes0TypetypeNot SelectedCodeHuman0MicrosoftMSNoYes0SE.EI.TMCore.AuthProvider100437120210067bbe575-f8c1-4780-a960-b3156df25dfcGE.DS67bbe575-f8c1-4780-a960-b3156df25dfcNon Relational DatabaseNameSecretStoreOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesStore TypestoreTypeNon Relational Database0Configurable AttributesAs Generic Data StoreStores CredentialsstoresCredentialsNoYes0Stores Log DatastoresLogDataNoYes0EncryptedEncryptedNoYes0SignedSignedNoYes0Write AccessAccessTypeNoYes0Removable StorageRemoveableStorageNoYes0BackupBackupNoYes0SharedsharedNoYes0SE.DS.TMCore.NoSQL100758114610098f547a5-4d9d-4baa-9b5f-ea9d20d209b1GE.DS98f547a5-4d9d-4baa-9b5f-ea9d20d209b1DeviceNameDevice/Sensor (physically connected no authentication)Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesStore TypestoreTypeDevice0Configurable AttributesGPSGPSNoYes0ContactsContactsNoYes0Calendar EventsCalendarNoYes0SMS messagesSMSmessagesNoYes0Cached CredentialsCredsNoYes0Enterprise DataEnterpriseNoYes0Messaging Data (Mail, IM, SMS)e-mailNoYes0SIM StorageSIMNoYes0Other DatamiscNoYes0As Generic Data StoreStores CredentialsstoresCredentialsNoYes0Stores Log DatastoresLogDataNoYes0EncryptedEncryptedNoYes0SignedSignedNoYes0Write AccessAccessTypeNoYes0Removable StorageRemoveableStorageNoYes0BackupBackupNoYes0SharedsharedNoYes0SE.DS.TMCore.Device1001390130211744925cd4-0967-4c76-849a-bfe574245356GE.TB.B44925cd4-0967-4c76-849a-bfe574245356Generic Trust Border BoundaryNameEdgeX Docker EnvironmentDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800GE.TB.B5343361127100358b84b43-4e8b-4225-9c3a-695e45e8cbc4GE.DS58b84b43-4e8b-4225-9c3a-695e45e8cbc4SQL DatabaseNamePostgreSQLOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesStore TypestoreTypeSQL Relational Database0Configurable AttributesAs Generic Data StoreStores CredentialsstoresCredentialsNoYes0Stores Log DatastoresLogDataNoYes0EncryptedEncryptedNoYes0SignedSignedNoYes0Write AccessAccessTypeNoYes0Removable StorageRemoveableStorageNoYes0BackupBackupNoYes0SharedsharedNoYes0SE.DS.TMCore.SQL10012041180100af28bf3d-6d5f-43f8-a78e-f4f90eef846cGE.EIaf28bf3d-6d5f-43f8-a78e-f4f90eef846cGeneric External InteractorNameMessage TopicOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103trueReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Outside control of EdgeX Configurable AttributesAuthenticates ItselfauthenticatesItselfNot ApplicableNoYes0TypetypeNot SelectedCodeHuman0MicrosoftMSNoYes0GE.EI10031152810042069728-dc95-4f2b-8773-b4eb3a75744aGE.EI42069728-dc95-4f2b-8773-b4eb3a75744aExternal Web ServiceNameREST EndpointOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesTypetypeCode0Configurable AttributesAs Generic External InteractorAuthenticates ItselfauthenticatesItselfNot ApplicableNoYes0MicrosoftMSNoYes0SE.EI.TMCore.WebSvc100291390100c40e365f-3866-4a76-b5a7-adab3c6700d9GE.DSc40e365f-3866-4a76-b5a7-adab3c6700d9Generic Data StoreNameMessage Bus
BrokerOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesStores CredentialsstoresCredentialsNoYes0Stores Log DatastoresLogDataNoYes0EncryptedEncryptedNoYes0SignedSignedNoYes0Write AccessAccessTypeNoYes0Removable StorageRemoveableStorageNoYes0BackupBackupNoYes0SharedsharedNoYes0Store TypestoreTypeSQL Relational DatabaseNon Relational DatabaseFile SystemRegistryConfigurationCacheHTML5 StorageCookieDevice1GE.DS1008571545100ff036d7b-b43f-4f90-a80a-6294cfd627b6GE.DSff036d7b-b43f-4f90-a80a-6294cfd627b6DeviceNameDevice/Sensor (via external MQTT broker - authenticated)Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesStore TypestoreTypeDevice0Configurable AttributesGPSGPSNoYes0ContactsContactsNoYes0Calendar EventsCalendarNoYes0SMS messagesSMSmessagesNoYes0Cached CredentialsCredsNoYes0Enterprise DataEnterpriseNoYes0Messaging Data (Mail, IM, SMS)e-mailNoYes0SIM StorageSIMNoYes0Other DatamiscNoYes0As Generic Data StoreStores CredentialsstoresCredentialsNoYes0Stores Log DatastoresLogDataNoYes0EncryptedEncryptedNoYes0SignedSignedNoYes0Write AccessAccessTypeNoYes0Removable StorageRemoveableStorageNoYes0BackupBackupNoYes0SharedsharedNoYes0SE.DS.TMCore.Device10010791704216871456bf-3811-4925-bc0e-47d7a56b778fGE.DS871456bf-3811-4925-bc0e-47d7a56b778fDeviceNameDevice/Sensor (physically connected authenticated)Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesStore TypestoreTypeDevice0Configurable AttributesGPSGPSNoYes0ContactsContactsNoYes0Calendar EventsCalendarNoYes0SMS messagesSMSmessagesNoYes0Cached CredentialsCredsNoYes0Enterprise DataEnterpriseNoYes0Messaging Data (Mail, IM, SMS)e-mailNoYes0SIM StorageSIMNoYes0Other DatamiscNoYes0As Generic Data StoreStores CredentialsstoresCredentialsNoYes0Stores Log DatastoresLogDataNoYes0EncryptedEncryptedNoYes0SignedSignedNoYes0Write AccessAccessTypeNoYes0Removable StorageRemoveableStorageNoYes0BackupBackupNoYes0SharedsharedNoYes0SE.DS.TMCore.Device100138615481172da73209-e3ed-4262-937a-f5460f128e2bGE.A2da73209-e3ed-4262-937a-f5460f128e2bFree Text AnnotationNameex: BACnet secured, ONVIF, etc.Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A100137016151537c7a428e-6b54-40d3-9443-e68aca74ca84GE.A7c7a428e-6b54-40d3-9443-e68aca74ca84Free Text AnnotationNameex: Modbus, USBOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A10013751360153329b5d8c-cd90-4d43-98c8-08d2889197e1GE.A329b5d8c-cd90-4d43-98c8-08d2889197e1Free Text AnnotationNameVersion 4.0Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A10053122100412ae30a-0d2d-4db3-852b-540eb2797c13GE.DS412ae30a-0d2d-4db3-852b-540eb2797c13DeviceNameDevice/Sensor (REST authenticated)Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesStore TypestoreTypeDevice0Configurable AttributesGPSGPSNoYes0ContactsContactsNoYes0Calendar EventsCalendarNoYes0SMS messagesSMSmessagesNoYes0Cached CredentialsCredsNoYes0Enterprise DataEnterpriseNoYes0Messaging Data (Mail, IM, SMS)e-mailNoYes0SIM StorageSIMNoYes0Other DatamiscNoYes0As Generic Data StoreStores CredentialsstoresCredentialsNoYes0Stores Log DatastoresLogDataNoYes0EncryptedEncryptedNoYes0SignedSignedNoYes0Write AccessAccessTypeNoYes0Removable StorageRemoveableStorageNoYes0BackupBackupNoYes0SharedsharedNoYes0SE.DS.TMCore.Device1003691684144b204c87b-72fb-480f-a787-6e7ea768b2a1GE.Ab204c87b-72fb-480f-a787-6e7ea768b2a1Free Text AnnotationNameREST goes through Nginx to get to the D.S.Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A1003651755153EdgeX Foundry (Big Picture)724fe5dc-12cf-46b4-b9c9-3739376a4945GE.DF724fe5dc-12cf-46b4-b9c9-3739376a4945BinaryNamequeries &
dataDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G1Source AuthenticatedauthenticatesSourceNot SelectedNoYes2Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo1SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.Binary1029290EastWest09b85d08-5274-4c51-b43f-ccba994f67b882238358b84b43-4e8b-4225-9c3a-695e45e8cbc41209230ee9ec15e-56bb-4e08-ba1f-0ab578c236ebGE.DFee9ec15e-56bb-4e08-ba1f-0ab578c236ebBinaryNamedataDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G1Source AuthenticatedauthenticatesSourceNot SelectedNoYes2Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo1SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.Binary998241WestEast58b84b43-4e8b-4225-9c3a-695e45e8cbc4120923009b85d08-5274-4c51-b43f-ccba994f67b8822383f1154dbe-8e32-4158-b631-d416b56b129aGE.DFf1154dbe-8e32-4158-b631-d416b56b129aHTTPNamerequestDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesSource AuthenticatedauthenticatesSourceNo0Destination AuthenticatedauthenticatesDestinationNo0Provides ConfidentialityprovidesConfidentialityNo0Provides IntegrityprovidesIntegrityNo0Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes1RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.HTTP651244NorthEastWest3719101d-cce1-4cc5-813e-ff655788aaf553220709b85d08-5274-4c51-b43f-ccba994f67b8732383af10d55d-6933-464f-9232-eecad6f83bcfGE.DFaf10d55d-6933-464f-9232-eecad6f83bcfGeneric Data FlowNameservice
secretsDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF811286SouthNorth67bbe575-f8c1-4780-a960-b3156df25dfc80824109b85d08-5274-4c51-b43f-ccba994f67b87773396ea2c0b2-c152-4770-a19a-01efc378728bGE.DF6ea2c0b2-c152-4770-a19a-01efc378728bGeneric Data FlowNamequeryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF760287NorthSouth09b85d08-5274-4c51-b43f-ccba994f67b877733967bbe575-f8c1-4780-a960-b3156df25dfc808241c8f4cb94-c04f-4c7c-9086-e07cca084c2eGE.DFc8f4cb94-c04f-4c7c-9086-e07cca084c2eGeneric Data FlowNamereadDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF696512SouthEast09b85d08-5274-4c51-b43f-ccba994f67b8777428f1a6b0f6-ca2a-464b-b080-2e5c44379d80605581f7208838-fb60-4fc5-84ce-ac508d7cae0fGE.DFf7208838-fb60-4fc5-84ce-ac508d7cae0fGeneric Data FlowNameconfigurationDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF655486NorthEastSouthf1a6b0f6-ca2a-464b-b080-2e5c44379d8060553609b85d08-5274-4c51-b43f-ccba994f67b8777428fb395f2f-f563-4c6f-a7c8-8b6545ab6570GE.DFfb395f2f-f563-4c6f-a7c8-8b6545ab6570Generic Data FlowNamepublished
messageDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes1Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF842476SouthEastNorthWest09b85d08-5274-4c51-b43f-ccba994f67b8808414c40e365f-3866-4a76-b5a7-adab3c6700d9862550153d4bd4-4a88-4c4b-b22d-b278652a1b26GE.DF153d4bd4-4a88-4c4b-b22d-b278652a1b26Generic Data FlowNamesubscribed
messageDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF771528WestSouthEastc40e365f-3866-4a76-b5a7-adab3c6700d986259509b85d08-5274-4c51-b43f-ccba994f67b8808414cbcb6740-6fdf-4ccd-b2ad-073dba68b2e4GE.DFcbcb6740-6fdf-4ccd-b2ad-073dba68b2e4HTTPNameresponseDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesSource AuthenticatedauthenticatesSourceNo0Destination AuthenticatedauthenticatesDestinationNo0Provides ConfidentialityprovidesConfidentialityNo0Provides IntegrityprovidesIntegrityNo0Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes1RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.HTTP635309SouthWestEast09b85d08-5274-4c51-b43f-ccba994f67b87454143719101d-cce1-4cc5-813e-ff655788aaf5532252c888b476-3017-4bfc-a0f0-ac458f9ab7cbGE.DFc888b476-3017-4bfc-a0f0-ac458f9ab7cbBinaryNamequery
or actuationDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.Binary1193403SouthEastWest09b85d08-5274-4c51-b43f-ccba994f67b880841498f547a5-4d9d-4baa-9b5f-ea9d20d209b11395352491d8727-e78a-48ad-b36e-642e51117297GE.DF491d8727-e78a-48ad-b36e-642e51117297BinaryNamesensor dataDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.Binary1135378WestSouthEast98f547a5-4d9d-4baa-9b5f-ea9d20d209b1139535209b85d08-5274-4c51-b43f-ccba994f67b8808414c3c2bf12-162d-40cb-981f-ade06a5d95e2GE.TB.Lc3c2bf12-162d-40cb-981f-ade06a5d95e2Internet BoundaryNameInternet BoundaryConfigurable AttributesAs Generic Trust Line BoundarySE.TB.L.TMCore.Internet247598NoneNone00000000-0000-0000-0000-0000000000002492900000000-0000-0000-0000-00000000000025274571a715ad-fe15-4f57-831a-1bd931bec7c2GE.DF71a715ad-fe15-4f57-831a-1bd931bec7c2HTTPNamerequestDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesSource AuthenticatedauthenticatesSourceNo0Destination AuthenticatedauthenticatesDestinationNo0Provides ConfidentialityprovidesConfidentialityNo0Provides IntegrityprovidesIntegrityNo0Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G4Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes1RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.HTTP306169EastWestb3473744-b34d-4ac5-98f0-dd21b69964e81311963719101d-cce1-4cc5-813e-ff655788aaf54422522e6a39d1-ebd7-4102-941f-56422f55d37bGE.DF2e6a39d1-ebd7-4102-941f-56422f55d37bHTTPNameresponseDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesSource AuthenticatedauthenticatesSourceNo0Destination AuthenticatedauthenticatesDestinationNo0Provides ConfidentialityprovidesConfidentialityNo0Provides IntegrityprovidesIntegrityNo0Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes1RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.HTTP294245SouthWestSouthEast3719101d-cce1-4cc5-813e-ff655788aaf5442297b3473744-b34d-4ac5-98f0-dd21b69964e81312411dec2eb3-b47b-4675-befc-a1f1dfdf6f07GE.DF1dec2eb3-b47b-4675-befc-a1f1dfdf6f07Generic Data FlowNamesensor dataDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF351411SouthWestEast09b85d08-5274-4c51-b43f-ccba994f67b87454148a339c5a-4d6f-4321-b1b8-5d90b1eb1e8c122327c168dbe7-b75e-4c6d-90e6-3333bab54798GE.DFc168dbe7-b75e-4c6d-90e6-3333bab54798Generic Data FlowNamesensor dataDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF334533SouthWestEast09b85d08-5274-4c51-b43f-ccba994f67b8745414af28bf3d-6d5f-43f8-a78e-f4f90eef846c126578e6ad3a3b-3e9d-4f2a-8f3d-723e2cbf2585GE.DFe6ad3a3b-3e9d-4f2a-8f3d-723e2cbf2585Generic Data FlowNamesensor dataDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF359485NoneEast00000000-0000-0000-0000-00000000000074741442069728-dc95-4f2b-8773-b4eb3a75744a12444017f818eb-5312-4cd2-89ec-620e0a39faa0GE.DF17f818eb-5312-4cd2-89ec-620e0a39faa0Generic Data FlowNamequery or actuationDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF1110466SouthEastWest09b85d08-5274-4c51-b43f-ccba994f67b8808414871456bf-3811-4925-bc0e-47d7a56b778f1391598d7d4793f-ea7a-4d7d-9e2e-3844af87c517GE.DFd7d4793f-ea7a-4d7d-9e2e-3844af87c517Generic Data FlowNamesensor dataDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF1143520WestSouthEast871456bf-3811-4925-bc0e-47d7a56b778f139159809b85d08-5274-4c51-b43f-ccba994f67b88084146567e774-9357-4d03-91e5-95776298b686GE.DF6567e774-9357-4d03-91e5-95776298b686Generic Data FlowNamequeryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF1098594SouthEastNorth09b85d08-5274-4c51-b43f-ccba994f67b8808414ff036d7b-b43f-4f90-a80a-6294cfd627b6118770900a2dd60-a3d2-4481-a9b8-6ed07b3ebb6fGE.DF00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6fGeneric Data FlowNamesensor dataDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF1075636NorthSouthEastff036d7b-b43f-4f90-a80a-6294cfd627b6118770909b85d08-5274-4c51-b43f-ccba994f67b88084149c0e082f-7392-4b49-b104-83c15000a03eGE.DF9c0e082f-7392-4b49-b104-83c15000a03eGeneric Data FlowNamequeryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF460508SouthNorth3719101d-cce1-4cc5-813e-ff655788aaf5487297412ae30a-0d2d-4db3-852b-540eb2797c13441689266740e4-4d1d-48e2-b9f6-9c0cf6d44716GE.DF266740e4-4d1d-48e2-b9f6-9c0cf6d44716Generic Data FlowNamesensor dataDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF505407NorthSouth412ae30a-0d2d-4db3-852b-540eb2797c134416893719101d-cce1-4cc5-813e-ff655788aaf54872971DRAWINGSURFACE6b125b78-d9ee-4190-8366-8f0a159d2ddfDiagramNameEdgeX Service to Service HTTP commsDRAWINGSURFACE9deca5e3-a677-4de2-a02e-64f24134488bGE.P9deca5e3-a677-4de2-a02e-64f24134488bWeb ServiceNameEdgeX Service AOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesCode TypecodeTypeUnmanaged0Configurable AttributesAs Generic ProcessRunning AsrunningAsNot SelectedKernelSystemNetwork ServiceLocal ServiceAdministratorStandard User With ElevationStandard User Without ElevationWindows Store App0Isolation LevelIsolationNot SelectedAppContainerLow Integrity LevelMicrosoft Office Isolated Conversion Environment (MOICE)Sandbox1Accepts Input FromacceptsInputFromNot SelectedAny Remote User or EntityKernel, System, or Local AdminLocal or Network ServiceLocal Standard User With ElevationLocal Standard User Without ElevationWindows Store Apps or App Container ProcessesNothingOther3Implements or Uses an Authentication MechanismimplementsAuthenticationSchemeNoYes0Implements or Uses an Authorization MechanismimplementsCustomAuthorizationMechanismNoYes0Implements or Uses a Communication ProtocolimplementsCommunicationProtocolNoYes0Sanitizes InputhasInputSanitizersNot SelectedYesNo0Sanitizes OutputhasOutputSanitizersNot SelectedYesNo0SE.P.TMCore.WebSvc100461901004cb71a6d-c547-4fc2-a846-412cb685614dGE.P4cb71a6d-c547-4fc2-a846-412cb685614dWeb ServiceNameEdgeX Service BOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesCode TypecodeTypeUnmanaged0Configurable AttributesAs Generic ProcessRunning AsrunningAsNot SelectedKernelSystemNetwork ServiceLocal ServiceAdministratorStandard User With ElevationStandard User Without ElevationWindows Store App0Isolation LevelIsolationNot SelectedAppContainerLow Integrity LevelMicrosoft Office Isolated Conversion Environment (MOICE)Sandbox1Accepts Input FromacceptsInputFromNot SelectedAny Remote User or EntityKernel, System, or Local AdminLocal or Network ServiceLocal Standard User With ElevationLocal Standard User Without ElevationWindows Store Apps or App Container ProcessesNothingOther3Implements or Uses an Authentication MechanismimplementsAuthenticationSchemeNoYes0Implements or Uses an Authorization MechanismimplementsCustomAuthorizationMechanismNoYes0Implements or Uses a Communication ProtocolimplementsCommunicationProtocolNoYes0Sanitizes InputhasInputSanitizersNot SelectedYesNo0Sanitizes OutputhasOutputSanitizersNot SelectedYesNo0SE.P.TMCore.WebSvc1004021118100793e1d49-7708-46d3-9ec7-091d40f66543GE.TB.B793e1d49-7708-46d3-9ec7-091d40f66543Other Browsers BoundariesNameDocker Container / Docker NetworkDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Configurable AttributesChrome JavaScript SandboxChromeJavaNoYes0Chrome SandboxChromeNoYes0Firefox JavaScript SandboxFirefoxJavaNoYes0As Generic Trust Border BoundarySE.TB.B.TMCore.NonIEB28020120586EdgeX Service to Service HTTP commsacff89ff-1b84-440e-b7ae-7be7c9a64f96GE.DFacff89ff-1b84-440e-b7ae-7be7c9a64f96HTTPNameHTTPDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesSource AuthenticatedauthenticatesSourceNo0Destination AuthenticatedauthenticatesDestinationNo0Provides ConfidentialityprovidesConfidentialityNo0Provides IntegrityprovidesIntegrityNo0Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo1SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes1RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.HTTP249164EastWest9deca5e3-a677-4de2-a02e-64f24134488b1411404cb71a6d-c547-4fc2-a846-412cb685614d4071681DRAWINGSURFACEb7defd52-a927-41a7-baf9-572715b6dfcaDiagramNameEdgeX Service to Service message bus commsDRAWINGSURFACEed1e0b06-c0ed-417d-a58c-3931d335d11dGE.Ped1e0b06-c0ed-417d-a58c-3931d335d11dWeb ServiceNameEdgeX Service AOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesCode TypecodeTypeUnmanaged0Configurable AttributesAs Generic ProcessRunning AsrunningAsNot SelectedKernelSystemNetwork ServiceLocal ServiceAdministratorStandard User With ElevationStandard User Without ElevationWindows Store App0Isolation LevelIsolationNot SelectedAppContainerLow Integrity LevelMicrosoft Office Isolated Conversion Environment (MOICE)Sandbox1Accepts Input FromacceptsInputFromNot SelectedAny Remote User or EntityKernel, System, or Local AdminLocal or Network ServiceLocal Standard User With ElevationLocal Standard User Without ElevationWindows Store Apps or App Container ProcessesNothingOther3Implements or Uses an Authentication MechanismimplementsAuthenticationSchemeNoYes0Implements or Uses an Authorization MechanismimplementsCustomAuthorizationMechanismNoYes0Implements or Uses a Communication ProtocolimplementsCommunicationProtocolNoYes0Sanitizes InputhasInputSanitizersNot SelectedYesNo0Sanitizes OutputhasOutputSanitizersNot SelectedYesNo0SE.P.TMCore.WebSvc10050177100ec4eda59-e673-43e6-a4a1-47e374d0cd53GE.Pec4eda59-e673-43e6-a4a1-47e374d0cd53Web ServiceNameEdgeX Service BOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesCode TypecodeTypeUnmanaged0Configurable AttributesAs Generic ProcessRunning AsrunningAsNot SelectedKernelSystemNetwork ServiceLocal ServiceAdministratorStandard User With ElevationStandard User Without ElevationWindows Store App0Isolation LevelIsolationNot SelectedAppContainerLow Integrity LevelMicrosoft Office Isolated Conversion Environment (MOICE)Sandbox1Accepts Input FromacceptsInputFromNot SelectedAny Remote User or EntityKernel, System, or Local AdminLocal or Network ServiceLocal Standard User With ElevationLocal Standard User Without ElevationWindows Store Apps or App Container ProcessesNothingOther3Implements or Uses an Authentication MechanismimplementsAuthenticationSchemeNoYes0Implements or Uses an Authorization MechanismimplementsCustomAuthorizationMechanismNoYes0Implements or Uses a Communication ProtocolimplementsCommunicationProtocolNoYes0Sanitizes InputhasInputSanitizersNot SelectedYesNo0Sanitizes OutputhasOutputSanitizersNot SelectedYesNo0SE.P.TMCore.WebSvc100423189100e4032d84-bc82-4860-8c1b-fa6f935004c4GE.TB.Be4032d84-bc82-4860-8c1b-fa6f935004c4Other Browsers BoundariesNameDocker Container / Docker NetworkDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Configurable AttributesChrome JavaScript SandboxChromeJavaNoYes0Chrome SandboxChromeNoYes0Firefox JavaScript SandboxFirefoxJavaNoYes0As Generic Trust Border BoundarySE.TB.B.TMCore.NonIEB28010110586EdgeX Service to Service message bus comms84ab56ed-946c-4c35-8cbd-1a7cad08bc5cGE.DF84ab56ed-946c-4c35-8cbd-1a7cad08bc5cGeneric Data FlowNamemessage bus (MQTT, NATS)Dataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo1SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes1Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0GE.DF272175EastWested1e0b06-c0ed-417d-a58c-3931d335d11d145127ec4eda59-e673-43e6-a4a1-47e374d0cd534281391DRAWINGSURFACE82009bb2-af4f-49dd-96d9-4a267590e72dDiagramNameAccess via VPNDRAWINGSURFACEd69fff37-bf83-4230-97c2-3d3feb49dcd1GE.Ad69fff37-bf83-4230-97c2-3d3feb49dcd1Free Text AnnotationNameAddress access to EdgeX via VPNOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A10035148100Access via VPN1DRAWINGSURFACE3dedaf65-c6a6-4c25-8ee3-bb60fc54a9a5DiagramNameHost AccessDRAWINGSURFACEd2eacb50-4a8a-41be-a522-9b8d5e8fcbcdGE.Ad2eacb50-4a8a-41be-a522-9b8d5e8fcbcdFree Text AnnotationNameWhat happens when person with host access does bad thingsOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A19439138180Host Access1DRAWINGSURFACE7156966c-5bae-4445-9563-5d42d573c1a9DiagramNameOpen Port ProtectionsDRAWINGSURFACE74e27845-6e6f-4840-9246-1e12e9defe56GE.A74e27845-6e6f-4840-9246-1e12e9defe56Free Text AnnotationNameOpen ports (external) per Docker Compose
8000 - Kong
8443 - Kong
4000 - Web GUI
Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A1379111102313239b99b-7e3f-4bca-a121-f96179541c93GE.A3239b99b-7e3f-4bca-a121-f96179541c93Free Text AnnotationNameOpen ports on the localhost (requires host access)
59701 - app services rules
59882 - command
8500 - Consul UI
59880 - core data
5563 - ZMQ (deprecated)
6379 - Redis
59986 - REST DS
59900 - Virtual DS
8100 - Kong
5432 - Kong DB
59881 - core meta data
59860 - notifications
59720 - eKuiper
59861 - scheduler
58890 - system management (deprecated)
8200 - VaultOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579GE.A342326153466Open Port Protections1DRAWINGSURFACE5f21f211-8073-4d92-ba1b-32919845cddaDiagramNameDevice Protocol Threats - Modbus exampleDRAWINGSURFACEb8f8b056-2cdd-4049-afe3-3bfd91b340fdGE.DSb8f8b056-2cdd-4049-afe3-3bfd91b340fdDeviceNameModbus Device/SensorOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesStore TypestoreTypeDevice0Configurable AttributesGPSGPSNoYes0ContactsContactsNoYes0Calendar EventsCalendarNoYes0SMS messagesSMSmessagesNoYes0Cached CredentialsCredsNoYes0Enterprise DataEnterpriseNoYes0Messaging Data (Mail, IM, SMS)e-mailNoYes0SIM StorageSIMNoYes0Other DatamiscNoYes0As Generic Data StoreStores CredentialsstoresCredentialsNoYes0Stores Log DatastoresLogDataNoYes0EncryptedEncryptedNoYes0SignedSignedNoYes0Write AccessAccessTypeNoYes0Removable StorageRemoveableStorageNoYes0BackupBackupNoYes0SharedsharedNoYes0SE.DS.TMCore.Device1004471154100fdc51b30-7d8d-44cd-a99d-14b96d425dcaGE.Pfdc51b30-7d8d-44cd-a99d-14b96d425dcaApplications Running on a non Microsoft OSNameModbus Device ServiceOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic ProcessCode TypecodeTypeNot SelectedManagedUnmanaged0Running AsrunningAsNot SelectedKernelSystemNetwork ServiceLocal ServiceAdministratorStandard User With ElevationStandard User Without ElevationWindows Store App0Isolation LevelIsolationNot SelectedAppContainerLow Integrity LevelMicrosoft Office Isolated Conversion Environment (MOICE)Sandbox1Accepts Input FromacceptsInputFromNot SelectedAny Remote User or EntityKernel, System, or Local AdminLocal or Network ServiceLocal Standard User With ElevationLocal Standard User Without ElevationWindows Store Apps or App Container ProcessesNothingOther0Implements or Uses an Authentication MechanismimplementsAuthenticationSchemeNoYes0Implements or Uses an Authorization MechanismimplementsCustomAuthorizationMechanismNoYes0Implements or Uses a Communication ProtocolimplementsCommunicationProtocolNoYes0Sanitizes InputhasInputSanitizersNot SelectedYesNo0Sanitizes OutputhasOutputSanitizersNot SelectedYesNo0SE.P.TMCore.NonMS100351168100Device Protocol Threats - Modbus exampleca356efc-e982-4ad9-a216-f576ffac026bGE.DFca356efc-e982-4ad9-a216-f576ffac026bBinaryNameBinary RTU (GET or SET)Dataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G1Source AuthenticatedauthenticatesSourceNot SelectedNoYes1Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.Binary245157EastWestfdc51b30-7d8d-44cd-a99d-14b96d425dca130218b8f8b056-2cdd-4049-afe3-3bfd91b340fd4522042b3dcd37-10b4-45d2-a66c-4b1030012244GE.DF2b3dcd37-10b4-45d2-a66c-4b1030012244BinaryNameBinary RTU Response (GET or SEDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Source AuthenticatedauthenticatesSourceNot SelectedNoYes0Destination AuthenticatedauthenticatesDestinationNoYes0Provides ConfidentialityprovidesConfidentialityNoYes0Provides IntegrityprovidesIntegrityNoYes0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.Binary294280WestSouthEastb8f8b056-2cdd-4049-afe3-3bfd91b340fd452204fdc51b30-7d8d-44cd-a99d-14b96d425dca1162490d8406e6-366b-4241-93e1-6891598ab20fGE.TB.L0d8406e6-366b-4241-93e1-6891598ab20fMachine Trust BoundaryNameMachine Trust BoundaryConfigurable AttributesAs Generic Trust Line BoundarySE.TB.L.TMCore.Machine367348NoneNone00000000-0000-0000-0000-0000000000002513400000000-0000-0000-0000-0000000000002764331DRAWINGSURFACE13641e12-f20c-4227-9962-e21d4198570dDiagramNameOpen BaoDRAWINGSURFACEd7889a6e-fba0-4d5c-9699-626489c0c69eGE.DSd7889a6e-fba0-4d5c-9699-626489c0c69eDeviceNameTPMOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesStore TypestoreTypeDevice0Configurable AttributesGPSGPSNoYes0ContactsContactsNoYes0Calendar EventsCalendarNoYes0SMS messagesSMSmessagesNoYes0Cached CredentialsCredsNoYes0Enterprise DataEnterpriseNoYes0Messaging Data (Mail, IM, SMS)e-mailNoYes0SIM StorageSIMNoYes0Other DatamiscNoYes0As Generic Data StoreStores CredentialsstoresCredentialsNoYes1Stores Log DatastoresLogDataNoYes0EncryptedEncryptedNoYes1SignedSignedNoYes1Write AccessAccessTypeNoYes0Removable StorageRemoveableStorageNoYes0BackupBackupNoYes0SharedsharedNoYes0SE.DS.TMCore.Device100622168100cb803704-e604-4205-93fd-a1775d708e4aGE.Pcb803704-e604-4205-93fd-a1775d708e4aApplications Running on a non Microsoft OSNameOpenBao Server (Hosted on Device)
Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Configurable AttributesAs Generic ProcessCode TypecodeTypeNot SelectedManagedUnmanaged1Running AsrunningAsNot SelectedKernelSystemNetwork ServiceLocal ServiceAdministratorStandard User With ElevationStandard User Without ElevationWindows Store App3Isolation LevelIsolationNot SelectedAppContainerLow Integrity LevelMicrosoft Office Isolated Conversion Environment (MOICE)Sandbox1Accepts Input FromacceptsInputFromNot SelectedAny Remote User or EntityKernel, System, or Local AdminLocal or Network ServiceLocal Standard User With ElevationLocal Standard User Without ElevationWindows Store Apps or App Container ProcessesNothingOther0Implements or Uses an Authentication MechanismimplementsAuthenticationSchemeNoYes1Implements or Uses an Authorization MechanismimplementsCustomAuthorizationMechanismNoYes1Implements or Uses a Communication ProtocolimplementsCommunicationProtocolNoYes1Sanitizes InputhasInputSanitizersNot SelectedYesNo2Sanitizes OutputhasOutputSanitizersNot SelectedYesNo2SE.P.TMCore.NonMS1003021218137d75c9077-77d6-4ab9-bf41-016acacd6b7fGE.TB.Bd75c9077-77d6-4ab9-bf41-016acacd6b7fGeneric Trust Border BoundaryNameGeneric Trust Border BoundaryDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800GE.TB.B3761881145755db4ad5d-2141-4119-9450-d1aef2f2c942GE.P5db4ad5d-2141-4119-9450-d1aef2f2c942Native ApplicationNameClientOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesCode TypecodeTypeUnmanaged0Configurable AttributesAs Generic ProcessRunning AsrunningAsNot SelectedKernelSystemNetwork ServiceLocal ServiceAdministratorStandard User With ElevationStandard User Without ElevationWindows Store App7Isolation LevelIsolationNot SelectedAppContainerLow Integrity LevelMicrosoft Office Isolated Conversion Environment (MOICE)Sandbox2Accepts Input FromacceptsInputFromNot SelectedAny Remote User or EntityKernel, System, or Local AdminLocal or Network ServiceLocal Standard User With ElevationLocal Standard User Without ElevationWindows Store Apps or App Container ProcessesNothingOther3Implements or Uses an Authentication MechanismimplementsAuthenticationSchemeNoYes1Implements or Uses an Authorization MechanismimplementsCustomAuthorizationMechanismNoYes1Implements or Uses a Communication ProtocolimplementsCommunicationProtocolNoYes1Sanitizes InputhasInputSanitizersNot SelectedYesNo1Sanitizes OutputhasOutputSanitizersNot SelectedYesNo2SE.P.TMCore.WinApp100481282100a7d9df74-a466-4e44-bc7d-fb1b3f61072aGE.DSa7d9df74-a466-4e44-bc7d-fb1b3f61072aDeviceNameStorageOut Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesStore TypestoreTypeDevice0Configurable AttributesGPSGPSNoYes0ContactsContactsNoYes0Calendar EventsCalendarNoYes0SMS messagesSMSmessagesNoYes0Cached CredentialsCredsNoYes0Enterprise DataEnterpriseNoYes0Messaging Data (Mail, IM, SMS)e-mailNoYes0SIM StorageSIMNoYes0Other DatamiscNoYes0As Generic Data StoreStores CredentialsstoresCredentialsNoYes1Stores Log DatastoresLogDataNoYes0EncryptedEncryptedNoYes1SignedSignedNoYes1Write AccessAccessTypeNoYes0Removable StorageRemoveableStorageNoYes0BackupBackupNoYes0SharedsharedNoYes0SE.DS.TMCore.Device100230133100Open Bao613c1956-91ed-4c75-8fd2-d06372442998GE.DF613c1956-91ed-4c75-8fd2-d06372442998IPsecNameResponseDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesSource AuthenticatedauthenticatesSourceYes0Destination AuthenticatedauthenticatesDestinationYes0Provides ConfidentialityprovidesConfidentialityYes0Provides IntegrityprovidesIntegrityYes0Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.IPsec264330SouthWestEastcb803704-e604-4205-93fd-a1775d708e4a3262995db4ad5d-2141-4119-9450-d1aef2f2c942143332cdee3569-dba8-4587-9400-ad82110f834aGE.DFcdee3569-dba8-4587-9400-ad82110f834aIPsecNameRequestDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesSource AuthenticatedauthenticatesSourceYes0Destination AuthenticatedauthenticatesDestinationYes0Provides ConfidentialityprovidesConfidentialityYes0Provides IntegrityprovidesIntegrityYes0Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.IPsec196273NorthEastWest5db4ad5d-2141-4119-9450-d1aef2f2c942129300cb803704-e604-4205-93fd-a1775d708e4a307268e0e26fe5-8e23-41c9-81d0-d1fa08dced45GE.TB.Le0e26fe5-8e23-41c9-81d0-d1fa08dced45User mode or Kernel mode BoundaryNameKernel mode BoundaryConfigurable AttributesAs Generic Trust Line BoundarySE.TB.L.TMCore.Kernel469322NoneNone00000000-0000-0000-0000-0000000000004711500000000-0000-0000-0000-0000000000004693788978d012-5991-429d-a4ed-6491fe112cafGE.DF8978d012-5991-429d-a4ed-6491fe112cafIPsecNamePKCS11 RequestDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesSource AuthenticatedauthenticatesSourceYes0Destination AuthenticatedauthenticatesDestinationYes0Provides ConfidentialityprovidesConfidentialityYes0Provides IntegrityprovidesIntegrityYes0Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.IPsec489157NorthEastWestcb803704-e604-4205-93fd-a1775d708e4a414236d7889a6e-fba0-4d5c-9699-626489c0c69e627118db81ab77-7a67-45c3-b021-f9c4f37df9d0GE.DFdb81ab77-7a67-45c3-b021-f9c4f37df9d0IPsecNameResponseDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesSource AuthenticatedauthenticatesSourceYes0Destination AuthenticatedauthenticatesDestinationYes0Provides ConfidentialityprovidesConfidentialityYes0Provides IntegrityprovidesIntegrityYes0Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.IPsec552197WestEastd7889a6e-fba0-4d5c-9699-626489c0c69e627118cb803704-e604-4205-93fd-a1775d708e4a4342687f847e97-0bfb-4d3d-836c-baef8c0550a8GE.DF7f847e97-0bfb-4d3d-836c-baef8c0550a8IPsecNameWriteDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesSource AuthenticatedauthenticatesSourceYes0Destination AuthenticatedauthenticatesDestinationYes0Provides ConfidentialityprovidesConfidentialityYes0Provides IntegrityprovidesIntegrityYes0Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.IPsec324181NorthSouthEastcb803704-e604-4205-93fd-a1775d708e4a370224a7d9df74-a466-4e44-bc7d-fb1b3f61072a3251289b100bd8-b645-4f24-aa94-37540a458493GE.DF9b100bd8-b645-4f24-aa94-37540a458493IPsecNameReadDataflow Order15ccd509-98eb-49ad-b9c2-b4a2926d17800Out Of Scope71f3d9aa-b8ef-4e54-8126-607a1d903103falseReason For Out Of Scope752473b6-52d4-4776-9a24-202153f7d579Predefined Static AttributesSource AuthenticatedauthenticatesSourceYes0Destination AuthenticatedauthenticatesDestinationYes0Provides ConfidentialityprovidesConfidentialityYes0Provides IntegrityprovidesIntegrityYes0Configurable AttributesAs Generic Data FlowPhysical NetworkchannelNot SelectedWireWi-FiBluetooth2G-4G0Transmits XMLXMLencNoYes0Contains CookiesCookiesYesNo0SOAP PayloadSOAPNoYes0REST PayloadRESTNoYes0RSS PayloadRSSNoYes0JSON PayloadJSONNoYes0Forgery Protection54851a3b-65da-4902-b4e0-94ef015be735Not SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change data0SE.DF.TMCore.IPsec376161SouthEastNortha7d9df74-a466-4e44-bc7d-fb1b3f61072a325128cb803704-e604-4205-93fd-a1775d708e4a3702241EdgeX is platform agnostic, but this Threat model assumes the underlying OS is a Linux distribution. EdgeX can run containerized or non-containerized (natively). This Threat Model assumes EdgeX is running in a containerized environment (Docker). EdgeX micro services can run distributed, but this Threat Model assumes EdgeX is running on a single host (single Docker deamon with a single Docker network unless otherwise specified). Many different devices/sensors can be connected to EdgeX via its device services. This Threat model treats all sensors/devices the same (which is not always the case given the varoius protocols of support). Per https://docs.edgexfoundry.org/4.0/threat-models/secret-store/threat_model/, additional hardening such as secure boot with hardware root of trust, and secure disk encryption are outside of EdgeX control but would greatly improve the threat mitigation.Jim White, Cloud Tsai, Siril Ganjai, Jude HungOperating system and hardware (including devices/sensors)
Device/sensor drivers
Possibly a cloud system or external enterprise system that EdgeX gets data to
A message bus broker (such as an MQTT broker)
General Threat Model for EdgeX Foundry - inclusive of security elements (Nginx, SecretStore, etc).
This revision additionally documents mitigations gained when EdgeX is deployed under a rootless Docker daemon (see https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/). Threats whose Possible Mitigation field contains "Additional mitigation when running EdgeX in rootless Docker:" have been revised to reflect the reduced blast radius (no host-root via container escape, user-namespace UID remapping, host filesystem isolation, and unprivileged ownership of container volumes and the Docker socket).
In a second pass, threats whose Possible Mitigation contains "Additional mitigation when EdgeX container images are signed" have been revised to reflect supply-chain integrity provided by Sigstore/cosign, Docker Content Trust or Notary v2 when signature verification is enforced at pull/admission time with the signing key protected by an HSM or KMS; that mitigation is paired with SBOM and SLSA provenance attestations and timely patching, since signing covers image authenticity only. All revisions are appended to the original author's text inside Possible Mitigation.EdgeX Foundry Threat ModelDESKTOP-SL3KKHH\jpwhi2022-08-26T09:40:40.1665057+08:001Tampering with Data - This is a threat where information in the system is changed by an attacker. For example, an attacker changes an account balance Unauthorized changes made to persistent data, such as that held in a database, and the alteration of data as it flows between two computers over an open network, such as the InternetDESKTOP-SL3KKHH\jpwhi2022-08-26T09:54:16.8400666+08:002XSS protections: filter input on arrival (don't do), encode data on oputput (don't do), use appropriate headers (do), use CSP (dont do)DESKTOP-SL3KKHH\jpwhi2022-08-26T10:11:40.1680856+08:003priority is determined by the likelihood of a threat occuring and the severity of the impact of its occuranceDESKTOP-SL3KKHH\jpwhi2022-08-26T10:13:14.4600142+08:004Repudiation - don't track and log users actions; can't prove a transaction took placeDESKTOP-SL3KKHH\jpwhi2022-08-26T10:16:24.6493894+08:005Elevation of privil - authorized or unauthorized user gains access to info not authorizedDESKTOP-SL3KKHH\jpwhi2022-08-26T10:21:28.1145046+08:006Remote code execution: https://www.comparitech.com/blog/information-security/remote-code-execution-attacks/
buffer overflow
sanitize user inputs
proper auth
use a firewallDESKTOP-SL3KKHH\jpwhi2022-08-28T04:57:18.1302105+08:007Privilege escalation attacks occur when bad actors exploit misconfigurations, bugs, weak passwords, and other vulnerabilitiesI2367bbe575-f8c1-4780-a960-b3156df25dfcaf10d55d-6933-464f-9232-eecad6f83bcf09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3eaf10d55d-6933-464f-9232-eecad6f83bcf1067bbe575-f8c1-4780-a960-b3156df25dfc:af10d55d-6933-464f-9232-eecad6f83bcf:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-11T15:30:33.2837301+08:00MediumTitleWeak Access Control for a ResourceUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionImproper data protection of SecretStore can allow an attacker to read information not intended for disclosure. Review authorization settings.StateInformationInteractionStringservice secrets3302d8cb-4f2b-4563-aa32-f47333bd4be8The SecretStore root and service level tokens are revoked after setup and then all interactions is via the programmatic interface (with properly authenticated token). There are additional options to SecretStore Master Key encryption provided here: https://docs.edgexfoundry.org/4.0/threat-models/secret-store/vault_master_key_encryption/PriorityMediumf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed67bbe575-f8c1-4780-a960-b3156df25dfcMitigated09b85d08-5274-4c51-b43f-ccba994f67b8I23falsefalseS767bbe575-f8c1-4780-a960-b3156df25dfcaf10d55d-6933-464f-9232-eecad6f83bcf09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3eaf10d55d-6933-464f-9232-eecad6f83bcf1167bbe575-f8c1-4780-a960-b3156df25dfc:af10d55d-6933-464f-9232-eecad6f83bcf:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-12T17:44:37.9680043+08:00LowTitleSpoofing of Source Data Store SecretStoreUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionSecretStore may be spoofed by an attacker and this may lead to incorrect data delivered to EdgeX Foundry. Consider using a standard authentication mechanism to identify the source data store.StateInformationInteractionStringservice secrets3302d8cb-4f2b-4563-aa32-f47333bd4be8If someone was able to provide a container that was spoofing as SecretStore, the service would not know that the response came from something other than SecretStore. However, SecretStore is run as a container on the EdgeX Docker network. Replacing/spoofing the SecretStore container would require privileaged (root) access to the host. Additional adopter mitigation would include putting TLS in place between EdgeX and SecretStore(with TLS cert in place). A spoofing service (in this case SecretStore), would not have the appropriate cert in place to participate in the communications.
Additional mitigation when EdgeX container images are signed (e.g., with Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: an attacker cannot substitute a tampered or imposter image for the SecretStore (OpenBao) container via a compromised registry, a man-in-the-middle of `docker pull`, or a tampered local image cache. The signing key must be protected by an HSM or KMS and verification must be enforced by the runtime (for example a cosign policy controller or content-trust-enabled daemon). Image signing covers image authenticity only; pair it with SBOM and SLSA provenance attestations for build-time integrity and with timely patching, because a legitimately signed image with an exploitable flaw is still exploitable. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed67bbe575-f8c1-4780-a960-b3156df25dfcMitigated09b85d08-5274-4c51-b43f-ccba994f67b8S7falsefalseS7.109b85d08-5274-4c51-b43f-ccba994f67b86ea2c0b2-c152-4770-a19a-01efc378728b67bbe575-f8c1-4780-a960-b3156df25dfcDESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3e6ea2c0b2-c152-4770-a19a-01efc378728b1509b85d08-5274-4c51-b43f-ccba994f67b8:6ea2c0b2-c152-4770-a19a-01efc378728b:67bbe575-f8c1-4780-a960-b3156df25dfc2026-05-12T16:29:53.0297126+08:00LowTitleSpoofing of Destination Data Store SecretStoreUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionSecretStore may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of SecretStore. Consider using a standard authentication mechanism to identify the destination data store.StateInformationInteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8If someone was able to provide a container that was spoofing as SecretStore, the service would not know that the response came from something other than SecretStore. However, SecretStore is run as a container on the EdgeX Docker network. Replacing/spoofing the SecretStore container would require privileaged (root) access to the host. Additional adopter mitigation would include putting TLS in place between EdgeX and SecretStore (with TLS cert in place). A spoofing service (in this case SecretStore), would not have the appropriate cert in place to participate in the communications.
EdgeX services that use SecretStore must use the go-mod-secrets client or a SecretStore service token to access its secrets (which is revoked by default). See https://docs.edgexfoundry.org/4.0/security/Ch-SecretStore/#using-the-secret-store
SecretStore host and port are configured from static configuration or environment overrides (trusted input), making it difficult to misdirect services access to SecretStore.
See EdgeX Threat Model documentation (https://docs.edgexfoundry.org/4.0/threat-models/secret-store/threat_model/#threat-matrix) for additional considerations and mitigation.
Additional mitigation when EdgeX container images are signed (e.g., with Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: an attacker cannot substitute a tampered or imposter image for the SecretStore (OpenBao) container via a compromised registry, a man-in-the-middle of `docker pull`, or a tampered local image cache. The signing key must be protected by an HSM or KMS and verification must be enforced by the runtime (for example a cosign policy controller or content-trust-enabled daemon). Image signing covers image authenticity only; pair it with SBOM and SLSA provenance attestations for build-time integrity and with timely patching, because a legitimately signed image with an exploitable flaw is still exploitable. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated67bbe575-f8c1-4780-a960-b3156df25dfcS7.1falsefalseD209b85d08-5274-4c51-b43f-ccba994f67b86ea2c0b2-c152-4770-a19a-01efc378728b67bbe575-f8c1-4780-a960-b3156df25dfcCLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e6ea2c0b2-c152-4770-a19a-01efc378728b1609b85d08-5274-4c51-b43f-ccba994f67b8:6ea2c0b2-c152-4770-a19a-01efc378728b:67bbe575-f8c1-4780-a960-b3156df25dfc2025-08-13T15:11:57.4709852+08:00LowTitlePotential Excessive Resource Consumption for EdgeX Foundry or SecretStoreUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionDoes EdgeX Foundry or SecretStore take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.StateInformationInteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8SecretStore runs as a container in a Docker network that, by default with security on, does not allow direct access to the secret store. Access to query or push data into it to cause it to use excessive resources would require authorized access to the host as the port to the database is protected. In other words, EdgeX mitigates unauthorized attacks resulting in DoS event, but would not mitigate authorized attacks (such as a service making too many queries or pushing to many secrets into it) that result in a DoS event.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09Third Party7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated67bbe575-f8c1-4780-a960-b3156df25dfcD2falsefalseS7.109b85d08-5274-4c51-b43f-ccba994f67b8c8f4cb94-c04f-4c7c-9086-e07cca084c2ef1a6b0f6-ca2a-464b-b080-2e5c44379d80DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3ec8f4cb94-c04f-4c7c-9086-e07cca084c2e1709b85d08-5274-4c51-b43f-ccba994f67b8:c8f4cb94-c04f-4c7c-9086-e07cca084c2e:f1a6b0f6-ca2a-464b-b080-2e5c44379d802026-05-12T16:45:17.0156784+08:00LowTitleSpoofing of Destination Data Store Configuration FilesUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionConfiguration Files may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Configuration Files. Consider using a standard authentication mechanism to identify the destination data store.StateInformationInteractionStringread3302d8cb-4f2b-4563-aa32-f47333bd4be8Configuration files are used to seed EdgeX configuration service (core-keeper) before the services are started. Configuration files are made part of the service container (deployed with the container image). The only way to spoof the file is to replace the entire service container with new configuration or to transplant new configuration in the container - both require privileaged access to the host.
Additional mitigation when running EdgeX in rootless Docker: the Docker daemon, container processes and bind-mounted volumes are owned by an unprivileged host user rather than root. A compromised container that escapes its namespace inherits only that unprivileged user's permissions, so it cannot read or overwrite configuration files baked into other service containers, replace a service image on disk, or transplant configuration into a running container without first compromising the rootless-Docker user account itself. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigatedf1a6b0f6-ca2a-464b-b080-2e5c44379d80S7.1falsefalseD209b85d08-5274-4c51-b43f-ccba994f67b8c8f4cb94-c04f-4c7c-9086-e07cca084c2ef1a6b0f6-ca2a-464b-b080-2e5c44379d80DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ec8f4cb94-c04f-4c7c-9086-e07cca084c2e1809b85d08-5274-4c51-b43f-ccba994f67b8:c8f4cb94-c04f-4c7c-9086-e07cca084c2e:f1a6b0f6-ca2a-464b-b080-2e5c44379d802022-09-07T03:34:32.3834705+08:00LowTitlePotential Excessive Resource Consumption for EdgeX Foundry or Configuration FilesUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionDoes EdgeX Foundry or Configuration Files take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.StateInformationInteractionStringread3302d8cb-4f2b-4563-aa32-f47333bd4be8Config file does not consume resources other than file space. Configuration file is deployed with the service container and therefore, without access to the host and Docker, its size is controlled.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigatedf1a6b0f6-ca2a-464b-b080-2e5c44379d80D2falsefalseS7f1a6b0f6-ca2a-464b-b080-2e5c44379d80f7208838-fb60-4fc5-84ce-ac508d7cae0f09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3ef7208838-fb60-4fc5-84ce-ac508d7cae0f19f1a6b0f6-ca2a-464b-b080-2e5c44379d80:f7208838-fb60-4fc5-84ce-ac508d7cae0f:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-12T16:06:44.0931445+08:00LowTitleSpoofing of Source Data Store Configuration FilesUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionConfiguration Files may be spoofed by an attacker and this may lead to incorrect data delivered to EdgeX Foundry. Consider using a standard authentication mechanism to identify the source data store.StateInformationInteractionStringconfiguration3302d8cb-4f2b-4563-aa32-f47333bd4be8Configuration files are used to seed EdgeX configuration service (core-keeper) before the services are started. Configuration files are made part of the service container (deployed with the container image). The only way to spoof the file is to replace the entire service container with new configuration or to transplant new configuration in the container - both require privileaged access to the host.
Additional mitigation when running EdgeX in rootless Docker: the Docker daemon, container processes and bind-mounted volumes are owned by an unprivileged host user rather than root. A compromised container that escapes its namespace inherits only that unprivileged user's permissions, so it cannot read or overwrite configuration files baked into other service containers, replace a service image on disk, or transplant configuration into a running container without first compromising the rootless-Docker user account itself. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewedf1a6b0f6-ca2a-464b-b080-2e5c44379d80Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8S7falsefalseI23f1a6b0f6-ca2a-464b-b080-2e5c44379d80f7208838-fb60-4fc5-84ce-ac508d7cae0f09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3ef7208838-fb60-4fc5-84ce-ac508d7cae0f20f1a6b0f6-ca2a-464b-b080-2e5c44379d80:f7208838-fb60-4fc5-84ce-ac508d7cae0f:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-12T18:03:21.4832389+08:00LowTitleWeak Access Control for a ResourceUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionImproper data protection of Configuration Files can allow an attacker to read information not intended for disclosure. Review authorization settings.StateInformationInteractionStringconfiguration3302d8cb-4f2b-4563-aa32-f47333bd4be8Disclosure of configuration files is not important. Configuration data is not considered sensitive. As long as the configuration files are not manipulated, then access to configuration files is not deemed a threat. All secret configuration is made available through SecretStore.
Additional mitigation when running EdgeX in rootless Docker: containers cannot access non-root host directories, so the files backing this resource are reachable only via the service's own API or by compromising the unprivileged host user that owns the rootless daemon. This narrows the filesystem-side attack surface that a colocated, lower-privileged process could otherwise reach. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcablef1a6b0f6-ca2a-464b-b080-2e5c44379d80NotApplicable09b85d08-5274-4c51-b43f-ccba994f67b8I23falsefalseI23c40e365f-3866-4a76-b5a7-adab3c6700d9153d4bd4-4a88-4c4b-b22d-b278652a1b2609b85d08-5274-4c51-b43f-ccba994f67b8CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e153d4bd4-4a88-4c4b-b22d-b278652a1b2621c40e365f-3866-4a76-b5a7-adab3c6700d9:153d4bd4-4a88-4c4b-b22d-b278652a1b26:09b85d08-5274-4c51-b43f-ccba994f67b82025-08-13T15:15:40.2683325+08:00LowTitleWeak Access Control for a ResourceUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionImproper data protection of Message Bus Broker can allow an attacker to read information not intended for disclosure. Review authorization settings.StateInformationInteractionStringsubscribed message3302d8cb-4f2b-4563-aa32-f47333bd4be8When running EdgeX in secure mode the MQTT broker is secured with a username/password. This in turn creates a Secure MessageBus. See https://docs.edgexfoundry.org/4.0/security/Ch-Secure-MessageBus/. MQTTS can used for internal message bus communications but not provided by EdgeXPriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewedc40e365f-3866-4a76-b5a7-adab3c6700d9Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8I23falsefalseS7c40e365f-3866-4a76-b5a7-adab3c6700d9153d4bd4-4a88-4c4b-b22d-b278652a1b2609b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3e153d4bd4-4a88-4c4b-b22d-b278652a1b2622c40e365f-3866-4a76-b5a7-adab3c6700d9:153d4bd4-4a88-4c4b-b22d-b278652a1b26:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-12T17:45:11.8385156+08:00LowTitleSpoofing of Source Data Store Message Bus BrokerUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionMessage Bus Broker may be spoofed by an attacker and this may lead to incorrect data delivered to EdgeX Foundry. Consider using a standard authentication mechanism to identify the source data store.StateInformationInteractionStringsubscribed message3302d8cb-4f2b-4563-aa32-f47333bd4be8The message bus when requiring a broker (MQTT broker for example) is run as a container on the EdgeX Docker network. Replacing/spoofing the broker container would require privileaged access to the host.
Additional mitigation when EdgeX container images are signed (e.g., with Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: an attacker cannot substitute a tampered or imposter image for the message-bus broker container via a compromised registry, a man-in-the-middle of `docker pull`, or a tampered local image cache. The signing key must be protected by an HSM or KMS and verification must be enforced by the runtime (for example a cosign policy controller or content-trust-enabled daemon). Image signing covers image authenticity only; pair it with SBOM and SLSA provenance attestations for build-time integrity and with timely patching, because a legitimately signed image with an exploitable flaw is still exploitable. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewedc40e365f-3866-4a76-b5a7-adab3c6700d9Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8S7falsefalseD209b85d08-5274-4c51-b43f-ccba994f67b8fb395f2f-f563-4c6f-a7c8-8b6545ab6570c40e365f-3866-4a76-b5a7-adab3c6700d9CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3efb395f2f-f563-4c6f-a7c8-8b6545ab65702309b85d08-5274-4c51-b43f-ccba994f67b8:fb395f2f-f563-4c6f-a7c8-8b6545ab6570:c40e365f-3866-4a76-b5a7-adab3c6700d92025-08-13T15:16:55.3769443+08:00MediumTitlePotential Excessive Resource Consumption for EdgeX Foundry or Message Bus BrokerUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionDoes EdgeX Foundry or Message Bus Broker take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.StateInformationInteractionStringpublished message3302d8cb-4f2b-4563-aa32-f47333bd4be8The EdgeX message broker is an MQTT broker like Mosquitto and runs as a container in a Docker network that, by default with security on, does not allow direct access to the broker. Access to publish or subscribe to cause it to use excessive resources would require authorized access to the host as the port to the internal message broker is protected. In other words, EdgeX mitigates unauthorized attacks resulting in DoS event, but would not mitigate authorized attacks (such as a service producing too many message than the broker can handle) that result in a DoS event.PriorityMediumf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigatedc40e365f-3866-4a76-b5a7-adab3c6700d9D2falsefalseS7.109b85d08-5274-4c51-b43f-ccba994f67b8fb395f2f-f563-4c6f-a7c8-8b6545ab6570c40e365f-3866-4a76-b5a7-adab3c6700d9DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3efb395f2f-f563-4c6f-a7c8-8b6545ab65702409b85d08-5274-4c51-b43f-ccba994f67b8:fb395f2f-f563-4c6f-a7c8-8b6545ab6570:c40e365f-3866-4a76-b5a7-adab3c6700d92026-05-12T16:09:01.4335062+08:00LowTitleSpoofing of Destination Data Store Message BusUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionMessage Bus may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Message Bus. Consider using a standard authentication mechanism to identify the destination data store.StateInformationInteractionStringpublished message3302d8cb-4f2b-4563-aa32-f47333bd4be8The message bus when requiring a broker (MQTT broker for example) is run as a container on the EdgeX Docker network. Replacing/spoofing the broker container would require privileaged access to the host. Message broker host and port are part of services' configuration (covered under threats against configuration)
Additional mitigation when running EdgeX in rootless Docker: the Docker daemon, container processes and bind-mounted volumes are owned by an unprivileged host user rather than root. A compromised container that escapes its namespace inherits only that unprivileged user's permissions, so it cannot read or overwrite configuration files baked into other service containers, replace a service image on disk, or transplant configuration into a running container without first compromising the rootless-Docker user account itself. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., with Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: an attacker cannot substitute a tampered or imposter image for the message-bus broker container via a compromised registry, a man-in-the-middle of `docker pull`, or a tampered local image cache. The signing key must be protected by an HSM or KMS and verification must be enforced by the runtime (for example a cosign policy controller or content-trust-enabled daemon). Image signing covers image authenticity only; pair it with SBOM and SLSA provenance attestations for build-time integrity and with timely patching, because a legitimately signed image with an exploitable flaw is still exploitable. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigatedc40e365f-3866-4a76-b5a7-adab3c6700d9S7.1falsefalseE309b85d08-5274-4c51-b43f-ccba994f67b8cbcb6740-6fdf-4ccd-b2ad-073dba68b2e43719101d-cce1-4cc5-813e-ff655788aaf5CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3ecbcb6740-6fdf-4ccd-b2ad-073dba68b2e42609b85d08-5274-4c51-b43f-ccba994f67b8:cbcb6740-6fdf-4ccd-b2ad-073dba68b2e4:3719101d-cce1-4cc5-813e-ff655788aaf52025-08-13T15:19:02.3448642+08:00LowTitleWeakness in SSO AuthorizationUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionCommon SSO implementations such as OAUTH2 and OAUTH Wrap are vulnerable to MitM attacks.StateInformationInteractionStringresponse3302d8cb-4f2b-4563-aa32-f47333bd4be8In EdgeX, Nginx is configured to use JWT token authentication. OAUTH2 and OAUTH are not allowed as of EdgeX v4 (see https://docs.edgexfoundry.org/4.0/security/Ch-APIGateway/#configuration-of-jwt-authentication-for-api-gateway). JWT token expires in one hour by default.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated3719101d-cce1-4cc5-813e-ff655788aaf5E3falsefalseE53719101d-cce1-4cc5-813e-ff655788aaf5f1154dbe-8e32-4158-b631-d416b56b129a09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3ef1154dbe-8e32-4158-b631-d416b56b129a273719101d-cce1-4cc5-813e-ff655788aaf5:f1154dbe-8e32-4158-b631-d416b56b129a:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-12T16:46:28.1685445+08:00LowTitleElevation Using ImpersonationUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionEdgeX Foundry may be able to impersonate the context of Nginx in order to gain additional privilege.StateInformationInteractionStringrequest3302d8cb-4f2b-4563-aa32-f47333bd4be8There is no current ability to authenticate Nginx as a caller of EdgeX services from any other local process on the system. However, Impersonating EdgeX would require access to the host system and the Docker network. With this access, many other severe issues could occur (stopping the system, sending incorrect data, etc.).
Additional mitigation when running EdgeX in rootless Docker: impersonating an EdgeX service from another local process requires access to the host system and the Docker network. Under rootless Docker the daemon, its socket (/run/user/<uid>/docker.sock) and the bridge network are owned by an unprivileged user, and a compromised container cannot escalate to host root to attach to that network or manipulate other containers. The attacker must first compromise the specific unprivileged user that owns the rootless daemon, raising the bar significantly compared with rootful deployments. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written3719101d-cce1-4cc5-813e-ff655788aaf5Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8E5falsefalseS33719101d-cce1-4cc5-813e-ff655788aaf5f1154dbe-8e32-4158-b631-d416b56b129a09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3ef1154dbe-8e32-4158-b631-d416b56b129a283719101d-cce1-4cc5-813e-ff655788aaf5:f1154dbe-8e32-4158-b631-d416b56b129a:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-12T16:47:27.5511861+08:00LowTitleSpoofing the Nginx External EntityUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionNginx may be spoofed by an attacker and this may lead to unauthorized access to EdgeX Foundry. Consider using a standard authentication mechanism to identify the external entity.StateInformationInteractionStringrequest3302d8cb-4f2b-4563-aa32-f47333bd4be8If someone was able to provide a container that was spoofing as Nginx, the service would not know that the response came from something other than Nginx. I.e. - there is no current ability to authenticate Nginx as a caller of EdgeX services from any other local process on the system. However, Nginx is run as a container on the EdgeX Docker network. Replacing/spoofing the Nginx container would require privileaged (root) access to the host. Additional adopter mitigation would include putting TLS in place between EdgeX and Nginx (with TLS cert in place). A spoofing service (in this case Nginx), would not have the appropriate cert in place to participate in the communications.
Additional mitigation when EdgeX container images are signed (e.g., with Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: an attacker cannot substitute a tampered or imposter image for the Nginx API-gateway container via a compromised registry, a man-in-the-middle of `docker pull`, or a tampered local image cache. The signing key must be protected by an HSM or KMS and verification must be enforced by the runtime (for example a cosign policy controller or content-trust-enabled daemon). Image signing covers image authenticity only; pair it with SBOM and SLSA provenance attestations for build-time integrity and with timely patching, because a legitimately signed image with an exploitable flaw is still exploitable. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written3719101d-cce1-4cc5-813e-ff655788aaf5Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8S3falsefalseS109b85d08-5274-4c51-b43f-ccba994f67b8c888b476-3017-4bfc-a0f0-ac458f9ab7cb98f547a5-4d9d-4baa-9b5f-ea9d20d209b1DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ec888b476-3017-4bfc-a0f0-ac458f9ab7cb3209b85d08-5274-4c51-b43f-ccba994f67b8:c888b476-3017-4bfc-a0f0-ac458f9ab7cb:98f547a5-4d9d-4baa-9b5f-ea9d20d209b12022-09-12T08:56:46.127044+08:00HighTitleSpoofing the EdgeX Foundry ProcessUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionEdgeX Foundry may be spoofed by an attacker and this may lead to unauthorized access to Device/Sensor. Consider using a standard authentication mechanism to identify the source process.InteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8Without an authentication protocol, there is no mitigation for this threat. The device would not be able to determine that the Spoofing EdgeX caller is not EdgeX.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcable09b85d08-5274-4c51-b43f-ccba994f67b8NotApplicable98f547a5-4d9d-4baa-9b5f-ea9d20d209b1S1falsefalseS7.109b85d08-5274-4c51-b43f-ccba994f67b8c888b476-3017-4bfc-a0f0-ac458f9ab7cb98f547a5-4d9d-4baa-9b5f-ea9d20d209b1DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ec888b476-3017-4bfc-a0f0-ac458f9ab7cb3309b85d08-5274-4c51-b43f-ccba994f67b8:c888b476-3017-4bfc-a0f0-ac458f9ab7cb:98f547a5-4d9d-4baa-9b5f-ea9d20d209b12022-12-28T05:16:06.8204591+08:00HighTitleSpoofing of Destination Data Store Device/SensorUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionDevice/Sensor may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Device/Sensor. Consider using a standard authentication mechanism to identify the destination data store.InteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8Due to the nature of many protocols, an outside agent could spoof a legitimate device/sensor. This is of particular concern if the device service auto provisions the devices/sensors without any authentication. Auto provisioning shold be limited to pick up trusted devices. Protocols such as BACnet do allow for authentication with the device/sensor. Commercial 3rd party software or extensions to EdgeX (see, for example, RSA’s Netwitness IoT: https://www.netwitness.com/en-us/products/iot/) could be used to detect anomalous sensor/device communications and isolate the sensor from the system, but there is no ability in EdgeX directly to protect against a spoofed device/sensor that does not authenticate (which is the norm in some older OT protocols).PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written09b85d08-5274-4c51-b43f-ccba994f67b8NeedsInvestigation98f547a5-4d9d-4baa-9b5f-ea9d20d209b1S7.1falsefalseT1809b85d08-5274-4c51-b43f-ccba994f67b8c888b476-3017-4bfc-a0f0-ac458f9ab7cb98f547a5-4d9d-4baa-9b5f-ea9d20d209b1DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ec888b476-3017-4bfc-a0f0-ac458f9ab7cb3409b85d08-5274-4c51-b43f-ccba994f67b8:c888b476-3017-4bfc-a0f0-ac458f9ab7cb:98f547a5-4d9d-4baa-9b5f-ea9d20d209b12022-09-12T09:21:08.9198397+08:00HighTitleThe Device/Sensor Data Store Could Be CorruptedUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionData flowing across query or actuation may be tampered with by an attacker. This may lead to corruption of Device/Sensor. Ensure the integrity of the data flow to the data store. I.e. - example: a man in the middle attack on the wire between EdgeX and the wired device/sensor or an attack on the sensor (giggling a vibration sensor)InteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence on a sensor or device or intercept/use of the data to the device/sensor is one of the biggest threats to an edge system and one of the hardest to mitigate. If tampered with, a sensor or device could be used to send the wrong data (e.g., force a temp sensor to send a signal that it is too hot when it is really too cold), too much data (overwhelming the edge system by causing the sensor to send data too often), or not enough data (e.g., disconnecting a critical monitor sensor that would cause a system to stop).
EdgeX has no means to protect the "wire" to a physically connected device/sensor. Physical security is required to protect the wire and mitigate this threat.
Additional optional mitigation ideas require modifications to the EdgeX device service. The device service could be constructed to filter data to avoid the “too much” data DoS. The device service can be constructed to report and alert when there is not enough data coming from the device or sensor or the sensor/device appears to be offline (provided by the last connected tracking in EdgeX). Wrong data can be mitigated by having the device service look for expected ranges of values (as supported by min/max attributes on device profiles). All of these have limits and only mitigate the data from being used in the rest of EdgeX once received by the device service. Commercial 3rd party software or extensions to EdgeX (see, for example, RSA’s Netwitness IoT: https://www.netwitness.com/en-us/products/iot/) could also be used to detect anomalous sensor/device communications and isolate the sensor from the system.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcable09b85d08-5274-4c51-b43f-ccba994f67b8NotApplicable98f547a5-4d9d-4baa-9b5f-ea9d20d209b1T18falsefalseR809b85d08-5274-4c51-b43f-ccba994f67b8c888b476-3017-4bfc-a0f0-ac458f9ab7cb98f547a5-4d9d-4baa-9b5f-ea9d20d209b1DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ec888b476-3017-4bfc-a0f0-ac458f9ab7cb3509b85d08-5274-4c51-b43f-ccba994f67b8:c888b476-3017-4bfc-a0f0-ac458f9ab7cb:98f547a5-4d9d-4baa-9b5f-ea9d20d209b12022-09-12T09:34:56.9150846+08:00LowTitleData Store Denies Device/Sensor Potentially Writing DataUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionDevice/Sensor claims that it did not write data received from an entity on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.StateInformationInteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8Use of elevated log level (set writable configuration log level to DEBUG in the device service) can be used to log all data communications. PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated98f547a5-4d9d-4baa-9b5f-ea9d20d209b1R8falsefalseI609b85d08-5274-4c51-b43f-ccba994f67b8c888b476-3017-4bfc-a0f0-ac458f9ab7cb98f547a5-4d9d-4baa-9b5f-ea9d20d209b1DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ec888b476-3017-4bfc-a0f0-ac458f9ab7cb3609b85d08-5274-4c51-b43f-ccba994f67b8:c888b476-3017-4bfc-a0f0-ac458f9ab7cb:98f547a5-4d9d-4baa-9b5f-ea9d20d209b12022-09-12T10:43:28.7946942+08:00HighTitleData Flow SniffingUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionData flowing across query or actuation may be sniffed by an attacker. Depending on what type of data an attacker can read, it may be used to attack other parts of the system or simply be a disclosure of information leading to compliance violations. Consider encrypting the data flow.StateInformationInteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8Securing the data flow to/from a device or sensor is dependent on the OT protocol. In the case of most simple and typically older OT protocols (Modbus or GPIO as examples), there is no way to secure the communications with the device/sensor under that protocol. Critical sensors/devices of this nature should be physically secured (along with their physical connection to the EdgeX host).PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8NotApplicable98f547a5-4d9d-4baa-9b5f-ea9d20d209b1I6falsefalseD209b85d08-5274-4c51-b43f-ccba994f67b8c888b476-3017-4bfc-a0f0-ac458f9ab7cb98f547a5-4d9d-4baa-9b5f-ea9d20d209b1DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ec888b476-3017-4bfc-a0f0-ac458f9ab7cb3709b85d08-5274-4c51-b43f-ccba994f67b8:c888b476-3017-4bfc-a0f0-ac458f9ab7cb:98f547a5-4d9d-4baa-9b5f-ea9d20d209b12022-09-12T10:24:57.7791119+08:00HighTitlePotential Excessive Resource Consumption for EdgeX Foundry or Device/SensorUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionDoes EdgeX Foundry or Device/Sensor take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.StateInformationInteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8EdgeX could send too many requests for data or actuation requests that cause the sensor / device to go offline or appear unresponsive - depending on the sophistication of the device/sensor. In the opposite direction, a device/sensor could be tampered with or improperly configured to send too much data (overwhelming the EdgeX system) causing a DoS. Other than writing the device service to filter data to avoid the “too much” data DoS, this threat is not mitigated.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8NotApplicable98f547a5-4d9d-4baa-9b5f-ea9d20d209b1D2falsefalseD409b85d08-5274-4c51-b43f-ccba994f67b8c888b476-3017-4bfc-a0f0-ac458f9ab7cb98f547a5-4d9d-4baa-9b5f-ea9d20d209b1DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ec888b476-3017-4bfc-a0f0-ac458f9ab7cb3809b85d08-5274-4c51-b43f-ccba994f67b8:c888b476-3017-4bfc-a0f0-ac458f9ab7cb:98f547a5-4d9d-4baa-9b5f-ea9d20d209b12022-09-12T10:35:01.9722542+08:00HighTitleData Flow query or actuation Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.StateInformationInteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the communication connection or remove a device/senosr causing major disruption of service (ex: removing or cutting off comms to a critical temperature sensor of a heating or cooling machine). EdgeX has no means to protect the "wire" to a physically connected device/sensor. Physical security is required to protect the wire and mitigate this threat.
Query or actuation requests that do not receive a response would result in an error that could be responded to.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated98f547a5-4d9d-4baa-9b5f-ea9d20d209b1D4falsefalseD509b85d08-5274-4c51-b43f-ccba994f67b8c888b476-3017-4bfc-a0f0-ac458f9ab7cb98f547a5-4d9d-4baa-9b5f-ea9d20d209b1DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ec888b476-3017-4bfc-a0f0-ac458f9ab7cb3909b85d08-5274-4c51-b43f-ccba994f67b8:c888b476-3017-4bfc-a0f0-ac458f9ab7cb:98f547a5-4d9d-4baa-9b5f-ea9d20d209b12022-09-12T10:37:24.3881864+08:00HighTitleData Store InaccessibleUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent prevents access to a data store on the other side of the trust boundary.StateInformationInteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the communication connection or remove a device/senosr causing major disruption of service (ex: removing or cutting off comms to a critical temperature sensor of a heating or cooling machine). EdgeX has no means to protect the "wire" to a physically connected device/sensor. Physical security is required to protect the wire and mitigate this threat.
Query or actuation requests that do not receive a response would result in an error that could be responded to.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated98f547a5-4d9d-4baa-9b5f-ea9d20d209b1D5falsefalseS298f547a5-4d9d-4baa-9b5f-ea9d20d209b1491d8727-e78a-48ad-b36e-642e5111729709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e491d8727-e78a-48ad-b36e-642e511172974098f547a5-4d9d-4baa-9b5f-ea9d20d209b1:491d8727-e78a-48ad-b36e-642e51117297:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T08:56:41.705908+08:00HighTitleSpoofing the EdgeX Foundry ProcessUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionEdgeX Foundry may be spoofed by an attacker and this may lead to information disclosure by Device/Sensor. Consider using a standard authentication mechanism to identify the destination process.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Without an authentication protocol, there is no mitigation for this threat. The device would not be able to determine that the Spoofing EdgeX caller is not EdgeX.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcable98f547a5-4d9d-4baa-9b5f-ea9d20d209b1NotApplicable09b85d08-5274-4c51-b43f-ccba994f67b8S2falsefalseS798f547a5-4d9d-4baa-9b5f-ea9d20d209b1491d8727-e78a-48ad-b36e-642e5111729709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e491d8727-e78a-48ad-b36e-642e511172974198f547a5-4d9d-4baa-9b5f-ea9d20d209b1:491d8727-e78a-48ad-b36e-642e51117297:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T09:08:53.6272833+08:00HighTitleSpoofing of Source Data Store Device/SensorUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionDevice/Sensor may be spoofed by an attacker and this may lead to incorrect data delivered to EdgeX Foundry. Consider using a standard authentication mechanism to identify the source data store.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Due to the nature of many protocols, an outside agent could spoof as a ligitimage device/sensor. This is of particular concern if the device service auto provisions the devices/sensors without any authentication. Auto provisioning shold be limited to pick up trusted devices. Protocols such as BACnet do allow for authentication with the device/sensor. Commercial 3rd party software or extensions to EdgeX (see, for example, RSA’s Netwitness IoT: https://www.netwitness.com/en-us/products/iot/) could be used to detect anomalous sensor/device communications and isolate the sensor from the system, but there is no ability in EdgeX directly to protect against a spoofed device/sensor that does not authenticate (which is the norm in some older OT protocols).PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed98f547a5-4d9d-4baa-9b5f-ea9d20d209b1NotApplicable09b85d08-5274-4c51-b43f-ccba994f67b8S7falsefalseR698f547a5-4d9d-4baa-9b5f-ea9d20d209b1491d8727-e78a-48ad-b36e-642e5111729709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e491d8727-e78a-48ad-b36e-642e511172974298f547a5-4d9d-4baa-9b5f-ea9d20d209b1:491d8727-e78a-48ad-b36e-642e51117297:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T09:35:13.5494844+08:00LowTitlePotential Data Repudiation by EdgeX FoundryUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionEdgeX Foundry claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.StateInformationInteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Use of elevated log level (set writable configuration log level to DEBUG in the device service) can be used to log all data communications. PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed98f547a5-4d9d-4baa-9b5f-ea9d20d209b1Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8R6falsefalseI2398f547a5-4d9d-4baa-9b5f-ea9d20d209b1491d8727-e78a-48ad-b36e-642e5111729709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e491d8727-e78a-48ad-b36e-642e511172974398f547a5-4d9d-4baa-9b5f-ea9d20d209b1:491d8727-e78a-48ad-b36e-642e51117297:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T10:43:42.291932+08:00HighTitleWeak Access Control for a ResourceUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionImproper data protection of Device/Sensor can allow an attacker to read information not intended for disclosure. Review authorization settings.StateInformationInteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Securing the data flow to/from a device or sensor is dependent on the OT protocol. In the case of most simple and typically older OT protocols (Modbus or GPIO as examples), there is no way to secure the communications with the device/sensor under that protocol. Critical sensors/devices of this nature should be physically secured (along with their physical connection to the EdgeX host).PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed98f547a5-4d9d-4baa-9b5f-ea9d20d209b1NotApplicable09b85d08-5274-4c51-b43f-ccba994f67b8I23falsefalseD398f547a5-4d9d-4baa-9b5f-ea9d20d209b1491d8727-e78a-48ad-b36e-642e5111729709b85d08-5274-4c51-b43f-ccba994f67b8CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e491d8727-e78a-48ad-b36e-642e511172974498f547a5-4d9d-4baa-9b5f-ea9d20d209b1:491d8727-e78a-48ad-b36e-642e51117297:09b85d08-5274-4c51-b43f-ccba994f67b82025-08-13T15:30:06.9669991+08:00MediumTitlePotential Process Crash or Stop for EdgeX FoundryUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionEdgeX Foundry crashes, halts, stops or runs slowly; in all cases violating an availability metric.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Stopping EdgeX services requires host access (and access to the Docker engine, Docker containers and Docker network) with eleveated privileges or access to the EdgeX system management APIs (requiring the Nginx JWT token).PriorityMediumf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed98f547a5-4d9d-4baa-9b5f-ea9d20d209b1Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8D3falsefalseD498f547a5-4d9d-4baa-9b5f-ea9d20d209b1491d8727-e78a-48ad-b36e-642e5111729709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e491d8727-e78a-48ad-b36e-642e511172974598f547a5-4d9d-4baa-9b5f-ea9d20d209b1:491d8727-e78a-48ad-b36e-642e51117297:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T10:36:29.8933253+08:00HighTitleData Flow sensor data Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.StateInformationInteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the communication connection or remove a device/senosr causing major disruption of service (ex: removing or cutting off comms to a critical temperature sensor of a heating or cooling machine). EdgeX has no means to protect the "wire" to a physically connected device/sensor. Physical security is required to protect the wire and device/sensor and mitigate this threat.
The device service does track "last connected" and that timestamp could be monitored for outside of normal reporting ranges.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed98f547a5-4d9d-4baa-9b5f-ea9d20d209b1Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8D4falsefalseD598f547a5-4d9d-4baa-9b5f-ea9d20d209b1491d8727-e78a-48ad-b36e-642e5111729709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e491d8727-e78a-48ad-b36e-642e511172974698f547a5-4d9d-4baa-9b5f-ea9d20d209b1:491d8727-e78a-48ad-b36e-642e51117297:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T10:37:20.7753917+08:00HighTitleData Store InaccessibleUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent prevents access to a data store on the other side of the trust boundary.StateInformationInteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the communication connection or remove a device/senosr causing major disruption of service (ex: removing or cutting off comms to a critical temperature sensor of a heating or cooling machine). EdgeX has no means to protect the "wire" to a physically connected device/sensor. Physical security is required to protect the wire and device/sensor and mitigate this threat.
The device service does track "last connected" and that timestamp could be monitored for outside of normal reporting ranges.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed98f547a5-4d9d-4baa-9b5f-ea9d20d209b1Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8D5falsefalseE698f547a5-4d9d-4baa-9b5f-ea9d20d209b1491d8727-e78a-48ad-b36e-642e5111729709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3e491d8727-e78a-48ad-b36e-642e511172974798f547a5-4d9d-4baa-9b5f-ea9d20d209b1:491d8727-e78a-48ad-b36e-642e51117297:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-08T21:58:49.514111+08:00LowTitleEdgeX Foundry May be Subject to Elevation of Privilege Using Remote Code ExecutionUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionDevice/Sensor may be able to remotely execute code for EdgeX Foundry.StateInformationInteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8EdgeX does not execute random code based on input from a device or sensor (as if it was from a web application with something like unsanitized inputs). All data is santized by extracting expected data values from the sensor input data, creating an EdgeX event/reading message and sending that into the rest of EdgeX. The data coming from a sensor could be used to kill the service (ex: buffer overflow attack and sending too much data for the service to consume for example - see DoS threats). The device service in EdgeX can be written to reject to large of a request (for example). In some cases, a protocol may offer dual authentication, and if used, help to mitigate RCE. Additional mitigation when running EdgeX in rootless Docker: even if remote code execution succeeds inside a service container, the attacker only obtains the privileges of the unprivileged host user that owns the rootless-Docker daemon, via user-namespace UID remapping. UID 0 inside the container is not UID 0 on the host, so post-exploit actions that normally rely on host root - loading kernel modules, attaching to other containers' processes, mounting host paths, opening raw sockets, or modifying system services - are blocked even after a successful container escape. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcable98f547a5-4d9d-4baa-9b5f-ea9d20d209b1NotApplicable09b85d08-5274-4c51-b43f-ccba994f67b8E6falsefalseE798f547a5-4d9d-4baa-9b5f-ea9d20d209b1491d8727-e78a-48ad-b36e-642e5111729709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3e491d8727-e78a-48ad-b36e-642e511172974898f547a5-4d9d-4baa-9b5f-ea9d20d209b1:491d8727-e78a-48ad-b36e-642e51117297:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-08T22:02:22.4359468+08:00HighTitleElevation by Changing the Execution Flow in EdgeX FoundryUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionAn attacker may pass data into EdgeX Foundry in order to change the flow of program execution within EdgeX Foundry to the attacker's choosing.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence on a sensor or device is one of the biggest threats to an edge system and one of the hardest to mitigate. If tampered with, a sensor or device could be used to send the wrong data (e.g., force a temp sensor to send a signal that it is too hot when it is really too cold). EdgeX has no means to protect the "wire" to a physically connected device/sensor. Physical security is required to protect the wire and device/sensor and mitigate this threat.
Wrong data can be mitigated by having the device service look for expected ranges of values (as supported by min/max attributes on device profiles). Commercial 3rd party software or extensions to EdgeX (see, for example, RSA’s Netwitness IoT: https://www.netwitness.com/en-us/products/iot/) could be used to detect anomalous sensor/device communications and isolate the sensor from the system.
Additional mitigation when running EdgeX in rootless Docker: even if remote code execution succeeds inside a service container, the attacker only obtains the privileges of the unprivileged host user that owns the rootless-Docker daemon, via user-namespace UID remapping. UID 0 inside the container is not UID 0 on the host, so post-exploit actions that normally rely on host root - loading kernel modules, attaching to other containers' processes, mounting host paths, opening raw sockets, or modifying system services - are blocked even after a successful container escape. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed98f547a5-4d9d-4baa-9b5f-ea9d20d209b1Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8E7falsefalseR709b85d08-5274-4c51-b43f-ccba994f67b81dec2eb3-b47b-4675-befc-a1f1dfdf6f078a339c5a-4d6f-4321-b1b8-5d90b1eb1e8cDESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e1dec2eb3-b47b-4675-befc-a1f1dfdf6f074909b85d08-5274-4c51-b43f-ccba994f67b8:1dec2eb3-b47b-4675-befc-a1f1dfdf6f07:8a339c5a-4d6f-4321-b1b8-5d90b1eb1e8c2022-09-07T03:43:35.8538913+08:00LowTitleExternal Entity Megaservice - Cloud or Enterprise Potentially Denies Receiving DataUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionMegaservice - Cloud or Enterprise claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Application services can use elevated log level to log all exports.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated8a339c5a-4d6f-4321-b1b8-5d90b1eb1e8cR7falsefalseS809b85d08-5274-4c51-b43f-ccba994f67b81dec2eb3-b47b-4675-befc-a1f1dfdf6f078a339c5a-4d6f-4321-b1b8-5d90b1eb1e8cDESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e1dec2eb3-b47b-4675-befc-a1f1dfdf6f075009b85d08-5274-4c51-b43f-ccba994f67b8:1dec2eb3-b47b-4675-befc-a1f1dfdf6f07:8a339c5a-4d6f-4321-b1b8-5d90b1eb1e8c2022-09-07T03:43:43.3245518+08:00LowTitleSpoofing of the Megaservice - Cloud or Enterprise External Destination EntityUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionMegaservice - Cloud or Enterprise may be spoofed by an attacker and this may lead to data being sent to the attacker's target instead of Megaservice - Cloud or Enterprise. Consider using a standard authentication mechanism to identify the external entity.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Spoofing as the browser or any tool or system of EdgeX is immaterial. Any browser or API tool like Postman would need to request access using the API gateway token. With the token, they are considered a legitimate user of EdgeX. In the case of a megacloud or enterprise, most communication is from EdgeX to that system vs sending requests to EdgeX (as an export)PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcable09b85d08-5274-4c51-b43f-ccba994f67b8NotApplicable8a339c5a-4d6f-4321-b1b8-5d90b1eb1e8cS8falsefalseE3b3473744-b34d-4ac5-98f0-dd21b69964e871a715ad-fe15-4f57-831a-1bd931bec7c23719101d-cce1-4cc5-813e-ff655788aaf5CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e71a715ad-fe15-4f57-831a-1bd931bec7c265b3473744-b34d-4ac5-98f0-dd21b69964e8:71a715ad-fe15-4f57-831a-1bd931bec7c2:3719101d-cce1-4cc5-813e-ff655788aaf52025-08-13T15:34:20.4774606+08:00LowTitleWeakness in SSO AuthorizationUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionCommon SSO implementations such as OAUTH2 and OAUTH Wrap are vulnerable to MitM attacks.InteractionStringrequest3302d8cb-4f2b-4563-aa32-f47333bd4be8In EdgeX, Nginx is configured to use JWT token authentication. OAUTH2 and OAUTH are not allowed as of EdgeX v4 (Ireland release - see https://docs.edgexfoundry.org/4.0/security/Ch-APIGateway/#configuration-of-jwt-authentication-for-api-gateway). JWT token expires in one hour by default. PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation writtenb3473744-b34d-4ac5-98f0-dd21b69964e8Mitigated3719101d-cce1-4cc5-813e-ff655788aaf5E3falsefalseD4b3473744-b34d-4ac5-98f0-dd21b69964e871a715ad-fe15-4f57-831a-1bd931bec7c23719101d-cce1-4cc5-813e-ff655788aaf5CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e71a715ad-fe15-4f57-831a-1bd931bec7c266b3473744-b34d-4ac5-98f0-dd21b69964e8:71a715ad-fe15-4f57-831a-1bd931bec7c2:3719101d-cce1-4cc5-813e-ff655788aaf52025-08-13T16:18:52.7365107+08:00LowTitleData Flow request Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.StateInformationInteractionStringrequest3302d8cb-4f2b-4563-aa32-f47333bd4be8Nginx can be configured the rate limiting to prevent a DoS attack. See https://blog.nginx.org/blog/rate-limiting-nginxPriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09Third Party7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation writtenb3473744-b34d-4ac5-98f0-dd21b69964e8Mitigated3719101d-cce1-4cc5-813e-ff655788aaf5D4falsefalseR7b3473744-b34d-4ac5-98f0-dd21b69964e871a715ad-fe15-4f57-831a-1bd931bec7c23719101d-cce1-4cc5-813e-ff655788aaf5CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e71a715ad-fe15-4f57-831a-1bd931bec7c267b3473744-b34d-4ac5-98f0-dd21b69964e8:71a715ad-fe15-4f57-831a-1bd931bec7c2:3719101d-cce1-4cc5-813e-ff655788aaf52025-08-13T16:19:52.5529353+08:00LowTitleExternal Entity Nginx Potentially Denies Receiving DataUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionNginx claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringrequest3302d8cb-4f2b-4563-aa32-f47333bd4be8Nginx provides logging, but if it did not see a request from a browser or API caller like Postman, then nothing gets issued to EdgeX.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcableb3473744-b34d-4ac5-98f0-dd21b69964e8NotApplicable3719101d-cce1-4cc5-813e-ff655788aaf5R7falsefalseD43719101d-cce1-4cc5-813e-ff655788aaf52e6a39d1-ebd7-4102-941f-56422f55d37bb3473744-b34d-4ac5-98f0-dd21b69964e8CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e2e6a39d1-ebd7-4102-941f-56422f55d37b683719101d-cce1-4cc5-813e-ff655788aaf5:2e6a39d1-ebd7-4102-941f-56422f55d37b:b3473744-b34d-4ac5-98f0-dd21b69964e82025-08-13T16:22:46.4312807+08:00LowTitleData Flow response Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.StateInformationInteractionStringresponse3302d8cb-4f2b-4563-aa32-f47333bd4be8Nginx can be configured the rate limiting to prevent a DoS attack. See https://blog.nginx.org/blog/rate-limiting-nginxPriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09Third Party7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written3719101d-cce1-4cc5-813e-ff655788aaf5Mitigatedb3473744-b34d-4ac5-98f0-dd21b69964e8D4falsefalseR73719101d-cce1-4cc5-813e-ff655788aaf52e6a39d1-ebd7-4102-941f-56422f55d37bb3473744-b34d-4ac5-98f0-dd21b69964e8CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e2e6a39d1-ebd7-4102-941f-56422f55d37b693719101d-cce1-4cc5-813e-ff655788aaf5:2e6a39d1-ebd7-4102-941f-56422f55d37b:b3473744-b34d-4ac5-98f0-dd21b69964e82025-08-13T16:54:36.0423846+08:00LowTitleExternal Entity Browser/API Caller Potentially Denies Receiving DataUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionBrowser/API Caller claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringresponse3302d8cb-4f2b-4563-aa32-f47333bd4be8Nginx provides logging to document all requests.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09Third Party7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written3719101d-cce1-4cc5-813e-ff655788aaf5Mitigatedb3473744-b34d-4ac5-98f0-dd21b69964e8R7falsefalseD409b85d08-5274-4c51-b43f-ccba994f67b81dec2eb3-b47b-4675-befc-a1f1dfdf6f078a339c5a-4d6f-4321-b1b8-5d90b1eb1e8cDESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e1dec2eb3-b47b-4675-befc-a1f1dfdf6f077009b85d08-5274-4c51-b43f-ccba994f67b8:1dec2eb3-b47b-4675-befc-a1f1dfdf6f07:8a339c5a-4d6f-4321-b1b8-5d90b1eb1e8c2022-09-07T03:43:46.5344122+08:00LowTitleData Flow sensor data Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.StateInformationInteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Data flow is in one direction (exporting from EdgeX to the cloud). If the data is deemed critical and if by some means the data flow was interrupted, then store and forward mechisms in EdgeX allow the data to be sent once the communications are re-established. If using MQTT, the quality of service (QoS) setting on a message broker can also be used to ensure all data is delivered or it is resent later.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated8a339c5a-4d6f-4321-b1b8-5d90b1eb1e8cD4falsefalseD409b85d08-5274-4c51-b43f-ccba994f67b8c168dbe7-b75e-4c6d-90e6-3333bab54798af28bf3d-6d5f-43f8-a78e-f4f90eef846cDESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ec168dbe7-b75e-4c6d-90e6-3333bab547987109b85d08-5274-4c51-b43f-ccba994f67b8:c168dbe7-b75e-4c6d-90e6-3333bab54798:af28bf3d-6d5f-43f8-a78e-f4f90eef846c2022-09-07T03:43:07.8103908+08:00LowTitleData Flow sensor data Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.StateInformationInteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Data flow is in one direction (exporting from EdgeX to the external message bus). If the data is deemed critical and if by some means the data flow was interrupted, store and forward mechisms in EdgeX allow the data to be sent once the communications are re-established. If using MQTT, the quality of service (QoS) setting on a message broker can also be used to ensure all data is delivered or it is resent later.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written09b85d08-5274-4c51-b43f-ccba994f67b8Mitigatedaf28bf3d-6d5f-43f8-a78e-f4f90eef846cD4falsefalseR709b85d08-5274-4c51-b43f-ccba994f67b8c168dbe7-b75e-4c6d-90e6-3333bab54798af28bf3d-6d5f-43f8-a78e-f4f90eef846cDESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ec168dbe7-b75e-4c6d-90e6-3333bab547987209b85d08-5274-4c51-b43f-ccba994f67b8:c168dbe7-b75e-4c6d-90e6-3333bab54798:af28bf3d-6d5f-43f8-a78e-f4f90eef846c2022-09-07T03:43:10.8951782+08:00LowTitleExternal Entity Message Topic Potentially Denies Receiving DataUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionMessage Topic claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Application services can use elevated log level to log all exports.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written09b85d08-5274-4c51-b43f-ccba994f67b8Mitigatedaf28bf3d-6d5f-43f8-a78e-f4f90eef846cR7falsefalseS809b85d08-5274-4c51-b43f-ccba994f67b8c168dbe7-b75e-4c6d-90e6-3333bab54798af28bf3d-6d5f-43f8-a78e-f4f90eef846cDESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ec168dbe7-b75e-4c6d-90e6-3333bab547987309b85d08-5274-4c51-b43f-ccba994f67b8:c168dbe7-b75e-4c6d-90e6-3333bab54798:af28bf3d-6d5f-43f8-a78e-f4f90eef846c2022-09-07T03:43:16.9881362+08:00LowTitleSpoofing of the Message Topic External Destination EntityUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionMessage Topic may be spoofed by an attacker and this may lead to data being sent to the attacker's target instead of Message Topic. Consider using a standard authentication mechanism to identify the external entity.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Spoofing as the browser or any tool or system of EdgeX is immaterial. Any browser or API tool like Postman would need to request access using the API gateway token. With the token, they are considered a legitimate user of EdgeX. In the case of an external message bus, most communication is from EdgeX to that system vs sending requests to EdgeX (as an export).PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcable09b85d08-5274-4c51-b43f-ccba994f67b8NotApplicableaf28bf3d-6d5f-43f8-a78e-f4f90eef846cS8falsefalseT29deca5e3-a677-4de2-a02e-64f24134488bacff89ff-1b84-440e-b7ae-7be7c9a64f964cb71a6d-c547-4fc2-a846-412cb685614dDESKTOP-RLHC3VQ\cchou6b125b78-d9ee-4190-8366-8f0a159d2ddfacff89ff-1b84-440e-b7ae-7be7c9a64f96749deca5e3-a677-4de2-a02e-64f24134488b:acff89ff-1b84-440e-b7ae-7be7c9a64f96:4cb71a6d-c547-4fc2-a846-412cb685614d2026-05-12T17:45:58.8140613+08:00HighTitleEdgeX Service A Process Memory TamperedUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionIf EdgeX Service A is given access to memory, such as shared memory or pointers, or is given the ability to control what EdgeX Service B executes (for example, passing back a function pointer.), then EdgeX Service A can tamper with EdgeX Service B. Consider if the function could work with less access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.InteractionStringHTTP3302d8cb-4f2b-4563-aa32-f47333bd4be8Not applicable in containerized environments. Separate processes running in separate containers.
Additional mitigation when running EdgeX in rootless Docker: user-namespace and PID-namespace isolation means a compromised service cannot ptrace, signal or read the memory of processes in sibling containers. UID 0 inside container A maps to a different unprivileged host UID than UID 0 inside container B, so cross-service in-memory tampering via /proc, ptrace or shared kernel facilities is blocked unless the attacker first compromises the unprivileged host user that owns the rootless daemon. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written9deca5e3-a677-4de2-a02e-64f24134488bNeedsInvestigation4cb71a6d-c547-4fc2-a846-412cb685614dT2falsefalseE59deca5e3-a677-4de2-a02e-64f24134488bacff89ff-1b84-440e-b7ae-7be7c9a64f964cb71a6d-c547-4fc2-a846-412cb685614dDESKTOP-RLHC3VQ\cchou6b125b78-d9ee-4190-8366-8f0a159d2ddfacff89ff-1b84-440e-b7ae-7be7c9a64f96759deca5e3-a677-4de2-a02e-64f24134488b:acff89ff-1b84-440e-b7ae-7be7c9a64f96:4cb71a6d-c547-4fc2-a846-412cb685614d2026-05-12T17:46:52.9786703+08:00HighTitleElevation Using ImpersonationUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionEdgeX Service B may be able to impersonate the context of EdgeX Service A in order to gain additional privilege.InteractionStringHTTP3302d8cb-4f2b-4563-aa32-f47333bd4be8Impersonating another EdgeX service would require access to the host system and the Docker network. Ports to the service APIs is restricted except through Nginx. If extra security is needed or if an adopter is running EdgeX services in a distributed environment (multiple hosts), then overlay network encryption can be used (see example: https://github.com/edgexfoundry/edgex-examples/tree/update-custom-trigger-multiple-pipelines/security/remote_devices/docker-swarm). Alternately, TLS can be used to encrypt all traffic. Service-to-service calls behind Nginx are unauthenticated in the current implementation.
Additional mitigation when running EdgeX in rootless Docker: impersonating an EdgeX service from another local process requires access to the host system and the Docker network. Under rootless Docker the daemon, its socket (/run/user/<uid>/docker.sock) and the bridge network are owned by an unprivileged user, and a compromised container cannot escalate to host root to attach to that network or manipulate other containers. The attacker must first compromise the specific unprivileged user that owns the rootless daemon, raising the bar significantly compared with rootful deployments. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written9deca5e3-a677-4de2-a02e-64f24134488bNeedsInvestigation4cb71a6d-c547-4fc2-a846-412cb685614dE5falsefalseE5ed1e0b06-c0ed-417d-a58c-3931d335d11d84ab56ed-946c-4c35-8cbd-1a7cad08bc5cec4eda59-e673-43e6-a4a1-47e374d0cd53DESKTOP-RLHC3VQ\cchoub7defd52-a927-41a7-baf9-572715b6dfca84ab56ed-946c-4c35-8cbd-1a7cad08bc5c76ed1e0b06-c0ed-417d-a58c-3931d335d11d:84ab56ed-946c-4c35-8cbd-1a7cad08bc5c:ec4eda59-e673-43e6-a4a1-47e374d0cd532026-05-12T17:47:25.639886+08:00MediumTitleElevation Using ImpersonationUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionEdgeX Service B may be able to impersonate the context of EdgeX Service A in order to gain additional privilege.InteractionStringmessage bus (MQTT, NATS)3302d8cb-4f2b-4563-aa32-f47333bd4be8All services are required to authroize to the message bus, but all services authorized on the message bus have equal privilege to send and receive messages.
Impersonating another EdgeX service would require access to the host system and the Docker network. Ports to the service message bus is restricted to internal communications only. If extra security is needed or if an adopter is running EdgeX services in a distributed environment (multiple hosts), then overlay network encryption can be used (see example: https://github.com/edgexfoundry/edgex-examples/tree/update-custom-trigger-multiple-pipelines/security/remote_devices/docker-swarm). Alternately, secure MQTT (MQTTS) message bus communications can be used.
Additional mitigation when running EdgeX in rootless Docker: impersonating an EdgeX service from another local process requires access to the host system and the Docker network. Under rootless Docker the daemon, its socket (/run/user/<uid>/docker.sock) and the bridge network are owned by an unprivileged user, and a compromised container cannot escalate to host root to attach to that network or manipulate other containers. The attacker must first compromise the specific unprivileged user that owns the rootless daemon, raising the bar significantly compared with rootful deployments. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityMediumf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation writtened1e0b06-c0ed-417d-a58c-3931d335d11dMitigatedec4eda59-e673-43e6-a4a1-47e374d0cd53E5falsefalseT2ed1e0b06-c0ed-417d-a58c-3931d335d11d84ab56ed-946c-4c35-8cbd-1a7cad08bc5cec4eda59-e673-43e6-a4a1-47e374d0cd53DESKTOP-RLHC3VQ\cchoub7defd52-a927-41a7-baf9-572715b6dfca84ab56ed-946c-4c35-8cbd-1a7cad08bc5c77ed1e0b06-c0ed-417d-a58c-3931d335d11d:84ab56ed-946c-4c35-8cbd-1a7cad08bc5c:ec4eda59-e673-43e6-a4a1-47e374d0cd532026-05-12T17:48:11.185995+08:00HighTitleEdgeX Service A Process Memory TamperedUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionIf EdgeX Service A is given access to memory, such as shared memory or pointers, or is given the ability to control what EdgeX Service B executes (for example, passing back a function pointer.), then EdgeX Service A can tamper with EdgeX Service B. Consider if the function could work with less access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.InteractionStringmessage bus (MQTT, NATS)3302d8cb-4f2b-4563-aa32-f47333bd4be8Not applicable in containerized environments. Separate processes running in separate containers.
Additional mitigation when running EdgeX in rootless Docker: user-namespace and PID-namespace isolation means a compromised service cannot ptrace, signal or read the memory of processes in sibling containers. UID 0 inside container A maps to a different unprivileged host UID than UID 0 inside container B, so cross-service in-memory tampering via /proc, ptrace or shared kernel facilities is blocked unless the attacker first compromises the unprivileged host user that owns the rootless daemon. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcableed1e0b06-c0ed-417d-a58c-3931d335d11dMitigatedec4eda59-e673-43e6-a4a1-47e374d0cd53T2falsefalseS7.1fdc51b30-7d8d-44cd-a99d-14b96d425dcaca356efc-e982-4ad9-a216-f576ffac026bb8f8b056-2cdd-4049-afe3-3bfd91b340fdDESKTOP-SL3KKHH\jpwhi5f21f211-8073-4d92-ba1b-32919845cddaca356efc-e982-4ad9-a216-f576ffac026b78fdc51b30-7d8d-44cd-a99d-14b96d425dca:ca356efc-e982-4ad9-a216-f576ffac026b:b8f8b056-2cdd-4049-afe3-3bfd91b340fd2022-09-07T03:44:20.4877307+08:00HighTitleSpoofing of Destination Data Store Modbus Device/SensorUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionModbus Device/Sensor may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Modbus Device/Sensor. Consider using a standard authentication mechanism to identify the destination data store.InteractionStringBinary RTU (GET or SET)3302d8cb-4f2b-4563-aa32-f47333bd4be8As there are no means to secure Modbus communications via the protocol exchange, the Modbus device/sensor and its wired connection must be physically secured to insure no spoofing or unauthorized collection of data or actuation with the device. PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation writtenfdc51b30-7d8d-44cd-a99d-14b96d425dcaNeedsInvestigationb8f8b056-2cdd-4049-afe3-3bfd91b340fdS7.1falsefalseD2fdc51b30-7d8d-44cd-a99d-14b96d425dcaca356efc-e982-4ad9-a216-f576ffac026bb8f8b056-2cdd-4049-afe3-3bfd91b340fdDESKTOP-SL3KKHH\jpwhi5f21f211-8073-4d92-ba1b-32919845cddaca356efc-e982-4ad9-a216-f576ffac026b79fdc51b30-7d8d-44cd-a99d-14b96d425dca:ca356efc-e982-4ad9-a216-f576ffac026b:b8f8b056-2cdd-4049-afe3-3bfd91b340fd2022-09-07T03:44:24.8880609+08:00HighTitlePotential Excessive Resource Consumption for Modbus Device Service or Modbus Device/SensorUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionDoes Modbus Device Service or Modbus Device/Sensor take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.InteractionStringBinary RTU (GET or SET)3302d8cb-4f2b-4563-aa32-f47333bd4be8As an unprotected (physically) Modbus device/sensor can be used to create a DOS attack (sending too much data), or send erroneous/faulty data, or disrupted / cut off and thereofore not send any data, the device service must be written to monitor and thwart the flow of too much data, notify when data is outside of expected ranges and notify when it appears the device/sensor is no longer connected and reporting. Provisioning of the device using known or specific ranges of MAC addresses (or IP addresses if using Modbus TCP/IP), etc. can help onboarding with an unauthorized device.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation writtenfdc51b30-7d8d-44cd-a99d-14b96d425dcaNeedsInvestigationb8f8b056-2cdd-4049-afe3-3bfd91b340fdD2falsefalseS7b8f8b056-2cdd-4049-afe3-3bfd91b340fd2b3dcd37-10b4-45d2-a66c-4b1030012244fdc51b30-7d8d-44cd-a99d-14b96d425dcaDESKTOP-SL3KKHH\jpwhi5f21f211-8073-4d92-ba1b-32919845cdda2b3dcd37-10b4-45d2-a66c-4b103001224480b8f8b056-2cdd-4049-afe3-3bfd91b340fd:2b3dcd37-10b4-45d2-a66c-4b1030012244:fdc51b30-7d8d-44cd-a99d-14b96d425dca2022-09-07T03:44:28.2724315+08:00HighTitleSpoofing of Source Data Store Modbus Device/SensorUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionModbus Device/Sensor may be spoofed by an attacker and this may lead to incorrect data delivered to Modbus Device Service. Consider using a standard authentication mechanism to identify the source data store.InteractionStringBinary RTU Response (GET or SE3302d8cb-4f2b-4563-aa32-f47333bd4be8As an unprotected (physically) Modbus device/sensor can be used to create a DOS attack (sending too much data), or send erroneous/faulty data, or disrupted / cut off and thereofore not send any data, the device service must be written to monitor and thwart the flow of too much data, notify when data is outside of expected ranges and notify when it appears the device/sensor is no longer connected and reporting. Provisioning of the device using known or specific ranges of MAC addresses (or IP addresses if using Modbus TCP/IP), etc. can help onboarding with an unauthorized device.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation writtenb8f8b056-2cdd-4049-afe3-3bfd91b340fdNeedsInvestigationfdc51b30-7d8d-44cd-a99d-14b96d425dcaS7falsefalseI23b8f8b056-2cdd-4049-afe3-3bfd91b340fd2b3dcd37-10b4-45d2-a66c-4b1030012244fdc51b30-7d8d-44cd-a99d-14b96d425dcaDESKTOP-SL3KKHH\jpwhi5f21f211-8073-4d92-ba1b-32919845cdda2b3dcd37-10b4-45d2-a66c-4b103001224481b8f8b056-2cdd-4049-afe3-3bfd91b340fd:2b3dcd37-10b4-45d2-a66c-4b1030012244:fdc51b30-7d8d-44cd-a99d-14b96d425dca2022-09-07T03:44:45.212617+08:00LowTitleWeak Access Control for a ResourceUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionImproper data protection of Modbus Device/Sensor can allow an attacker to read information not intended for disclosure. Review authorization settings.InteractionStringBinary RTU Response (GET or SE3302d8cb-4f2b-4563-aa32-f47333bd4be8As Modbus is a simple protocol (reporting data or reacting to accuation requests), it is not possible for the device or sensor to gain other data from the device service (or EdgeX as a whole).PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcableb8f8b056-2cdd-4049-afe3-3bfd91b340fdNotApplicablefdc51b30-7d8d-44cd-a99d-14b96d425dcaI23falsefalseS1fdc51b30-7d8d-44cd-a99d-14b96d425dcaca356efc-e982-4ad9-a216-f576ffac026bb8f8b056-2cdd-4049-afe3-3bfd91b340fdDESKTOP-RLHC3VQ\cchou5f21f211-8073-4d92-ba1b-32919845cddaca356efc-e982-4ad9-a216-f576ffac026b82fdc51b30-7d8d-44cd-a99d-14b96d425dca:ca356efc-e982-4ad9-a216-f576ffac026b:b8f8b056-2cdd-4049-afe3-3bfd91b340fd2026-05-12T17:48:51.5457153+08:00HighTitleSpoofing the Modbus Device Service ProcessUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionModbus Device Service may be spoofed by an attacker and this may lead to unauthorized access to Modbus Device/Sensor. Consider using a standard authentication mechanism to identify the source process.InteractionStringBinary RTU (GET or SET)3302d8cb-4f2b-4563-aa32-f47333bd4be8As the communication to a Modbus device / sensor is not authenticated/authorized by the Protocol, any service (any spoof) could appear to be the EdgeX device service and either get data from or (worse) actuate the device illegally. Given the nature of Modbus, the only way to protect against this threat is to physically secure the device and connectivity (wire).
Additional mitigation when running EdgeX in rootless Docker: spoofing the device-service process on the host requires compromising the unprivileged user account that runs the rootless Docker daemon. A compromised container cannot gain host root and therefore cannot register itself as the device-service container or open the corresponding device files unless the operator has explicitly granted access (for example, by chmod 666 on the serial port as documented for rootless EdgeX). The rootless-Docker guide warns that those permission relaxations carry their own risk. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcablefdc51b30-7d8d-44cd-a99d-14b96d425dcaNeedsInvestigationb8f8b056-2cdd-4049-afe3-3bfd91b340fdS1falsefalseT18fdc51b30-7d8d-44cd-a99d-14b96d425dcaca356efc-e982-4ad9-a216-f576ffac026bb8f8b056-2cdd-4049-afe3-3bfd91b340fdDESKTOP-SL3KKHH\jpwhi5f21f211-8073-4d92-ba1b-32919845cddaca356efc-e982-4ad9-a216-f576ffac026b83fdc51b30-7d8d-44cd-a99d-14b96d425dca:ca356efc-e982-4ad9-a216-f576ffac026b:b8f8b056-2cdd-4049-afe3-3bfd91b340fd2022-09-07T03:44:56.6002794+08:00HighTitleThe Modbus Device/Sensor Data Store Could Be CorruptedUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionData flowing across Binary RTU (GET or SET) may be tampered with by an attacker. This may lead to corruption of Modbus Device/Sensor. Ensure the integrity of the data flow to the data store.InteractionStringBinary RTU (GET or SET)3302d8cb-4f2b-4563-aa32-f47333bd4be8As the communication to a Modbus device / sensor is not authenticated/authorized by the protocol, the communication across the wire could be tampered with or shut off to cause DOS attacts or actuate the device illegally. Given the nature of Modbus, the only way to protect against this threat is to physically secure the device and connectivity (wire).PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation writtenfdc51b30-7d8d-44cd-a99d-14b96d425dcaNeedsInvestigationb8f8b056-2cdd-4049-afe3-3bfd91b340fdT18falsefalseR8fdc51b30-7d8d-44cd-a99d-14b96d425dcaca356efc-e982-4ad9-a216-f576ffac026bb8f8b056-2cdd-4049-afe3-3bfd91b340fdDESKTOP-SL3KKHH\jpwhi5f21f211-8073-4d92-ba1b-32919845cddaca356efc-e982-4ad9-a216-f576ffac026b84fdc51b30-7d8d-44cd-a99d-14b96d425dca:ca356efc-e982-4ad9-a216-f576ffac026b:b8f8b056-2cdd-4049-afe3-3bfd91b340fd2022-09-07T03:45:21.0076478+08:00HighTitleData Store Denies Modbus Device/Sensor Potentially Writing DataUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionModbus Device/Sensor claims that it did not write data received from an entity on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringBinary RTU (GET or SET)3302d8cb-4f2b-4563-aa32-f47333bd4be8It is unlikely that a Modbus device/sensor has a log to provide an audit of requests.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcablefdc51b30-7d8d-44cd-a99d-14b96d425dcaNotApplicableb8f8b056-2cdd-4049-afe3-3bfd91b340fdR8falsefalseI6fdc51b30-7d8d-44cd-a99d-14b96d425dcaca356efc-e982-4ad9-a216-f576ffac026bb8f8b056-2cdd-4049-afe3-3bfd91b340fdDESKTOP-SL3KKHH\jpwhi5f21f211-8073-4d92-ba1b-32919845cddaca356efc-e982-4ad9-a216-f576ffac026b85fdc51b30-7d8d-44cd-a99d-14b96d425dca:ca356efc-e982-4ad9-a216-f576ffac026b:b8f8b056-2cdd-4049-afe3-3bfd91b340fd2022-09-07T03:45:25.6890267+08:00HighTitleData Flow SniffingUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionData flowing across Binary RTU (GET or SET) may be sniffed by an attacker. Depending on what type of data an attacker can read, it may be used to attack other parts of the system or simply be a disclosure of information leading to compliance violations. Consider encrypting the data flow.InteractionStringBinary RTU (GET or SET)3302d8cb-4f2b-4563-aa32-f47333bd4be8As the communication to a Modbus device / sensor is not authenticated/authorized nor encrypted by the Protocol, any service (any spoof) could appear to be the EdgeX device service and either get data from or (worse) actuate the device illegally. Given the nature of Modbus, the only way to protect against this threat is to physically secure the device and connectivity (wire).PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcablefdc51b30-7d8d-44cd-a99d-14b96d425dcaNotApplicableb8f8b056-2cdd-4049-afe3-3bfd91b340fdI6falsefalseI25fdc51b30-7d8d-44cd-a99d-14b96d425dcaca356efc-e982-4ad9-a216-f576ffac026bb8f8b056-2cdd-4049-afe3-3bfd91b340fdDESKTOP-SL3KKHH\jpwhi5f21f211-8073-4d92-ba1b-32919845cddaca356efc-e982-4ad9-a216-f576ffac026b86fdc51b30-7d8d-44cd-a99d-14b96d425dca:ca356efc-e982-4ad9-a216-f576ffac026b:b8f8b056-2cdd-4049-afe3-3bfd91b340fd2022-09-07T03:45:07.7550263+08:00HighTitleWeak Credential TransitUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionCredentials on the wire are often subject to sniffing by an attacker. Are the credentials re-usable/re-playable? Are credentials included in a message? For example, sending a zip file with the password in the email. Use strong cryptography for the transmission of credentials. Use the OS libraries if at all possible, and consider cryptographic algorithm agility, rather than hardcoding a choice.InteractionStringBinary RTU (GET or SET)3302d8cb-4f2b-4563-aa32-f47333bd4be8Modbus does not support any type of authentication/authorization in communications. Physical security of the device and wire are the only ways to thwart information disclosure.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation writtenfdc51b30-7d8d-44cd-a99d-14b96d425dcaNeedsInvestigationb8f8b056-2cdd-4049-afe3-3bfd91b340fdI25falsefalseD4fdc51b30-7d8d-44cd-a99d-14b96d425dcaca356efc-e982-4ad9-a216-f576ffac026bb8f8b056-2cdd-4049-afe3-3bfd91b340fdDESKTOP-SL3KKHH\jpwhi5f21f211-8073-4d92-ba1b-32919845cddaca356efc-e982-4ad9-a216-f576ffac026b87fdc51b30-7d8d-44cd-a99d-14b96d425dca:ca356efc-e982-4ad9-a216-f576ffac026b:b8f8b056-2cdd-4049-afe3-3bfd91b340fd2022-09-07T03:45:29.0964523+08:00HighTitleData Flow Binary RTU (GET or SET) Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.InteractionStringBinary RTU (GET or SET)3302d8cb-4f2b-4563-aa32-f47333bd4be8As the communication to a Modbus device / sensor is not authenticated/authorized by the protocol, the communication across the wire could be tampered with or shut off to cause DOS attacts or actuate the device illegally. Given the nature of Modbus, the only way to protect against this threat is to physically secure the device and connectivity (wire).PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcablefdc51b30-7d8d-44cd-a99d-14b96d425dcaNotApplicableb8f8b056-2cdd-4049-afe3-3bfd91b340fdD4falsefalseD5fdc51b30-7d8d-44cd-a99d-14b96d425dcaca356efc-e982-4ad9-a216-f576ffac026bb8f8b056-2cdd-4049-afe3-3bfd91b340fdDESKTOP-SL3KKHH\jpwhi5f21f211-8073-4d92-ba1b-32919845cddaca356efc-e982-4ad9-a216-f576ffac026b88fdc51b30-7d8d-44cd-a99d-14b96d425dca:ca356efc-e982-4ad9-a216-f576ffac026b:b8f8b056-2cdd-4049-afe3-3bfd91b340fd2022-09-07T03:46:04.7070776+08:00HighTitleData Store InaccessibleUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent prevents access to a data store on the other side of the trust boundary.InteractionStringBinary RTU (GET or SET)3302d8cb-4f2b-4563-aa32-f47333bd4be8As the communication to a Modbus device / sensor is not authenticated/authorized by the protocol, the communication across the wire could be tampered with to cause DOS attacts or actuate the device illegally. Given the nature of Modbus, the only way to protect against this threat is to physically secure the device and connectivity (wire).PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation writtenfdc51b30-7d8d-44cd-a99d-14b96d425dcaNeedsInvestigationb8f8b056-2cdd-4049-afe3-3bfd91b340fdD5falsefalseS2b8f8b056-2cdd-4049-afe3-3bfd91b340fd2b3dcd37-10b4-45d2-a66c-4b1030012244fdc51b30-7d8d-44cd-a99d-14b96d425dcaDESKTOP-RLHC3VQ\cchou5f21f211-8073-4d92-ba1b-32919845cdda2b3dcd37-10b4-45d2-a66c-4b103001224489b8f8b056-2cdd-4049-afe3-3bfd91b340fd:2b3dcd37-10b4-45d2-a66c-4b1030012244:fdc51b30-7d8d-44cd-a99d-14b96d425dca2026-05-12T17:49:26.670104+08:00HighTitleSpoofing the Modbus Device Service ProcessUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionModbus Device Service may be spoofed by an attacker and this may lead to information disclosure by Modbus Device/Sensor. Consider using a standard authentication mechanism to identify the destination process.InteractionStringBinary RTU Response (GET or SE3302d8cb-4f2b-4563-aa32-f47333bd4be8As there are no means to secure Modbus communications via the protocol exchange, the Modbus device/sensor and its wired connection must be physically secured to insure no spoofing or unauthorized collection of data or actuation with the device.
Additional mitigation when running EdgeX in rootless Docker: spoofing the device-service process on the host requires compromising the unprivileged user account that runs the rootless Docker daemon. A compromised container cannot gain host root and therefore cannot register itself as the device-service container or open the corresponding device files unless the operator has explicitly granted access (for example, by chmod 666 on the serial port as documented for rootless EdgeX). The rootless-Docker guide warns that those permission relaxations carry their own risk. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcableb8f8b056-2cdd-4049-afe3-3bfd91b340fdNotApplicablefdc51b30-7d8d-44cd-a99d-14b96d425dcaS2falsefalseR6b8f8b056-2cdd-4049-afe3-3bfd91b340fd2b3dcd37-10b4-45d2-a66c-4b1030012244fdc51b30-7d8d-44cd-a99d-14b96d425dcaDESKTOP-SL3KKHH\jpwhi5f21f211-8073-4d92-ba1b-32919845cdda2b3dcd37-10b4-45d2-a66c-4b103001224490b8f8b056-2cdd-4049-afe3-3bfd91b340fd:2b3dcd37-10b4-45d2-a66c-4b1030012244:fdc51b30-7d8d-44cd-a99d-14b96d425dca2022-09-07T03:45:35.8713315+08:00HighTitlePotential Data Repudiation by Modbus Device ServiceUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionModbus Device Service claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringBinary RTU Response (GET or SE3302d8cb-4f2b-4563-aa32-f47333bd4be8Use of elevated log level can be used to log all data communications from a device/sensor.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation writtenb8f8b056-2cdd-4049-afe3-3bfd91b340fdMitigatedfdc51b30-7d8d-44cd-a99d-14b96d425dcaR6falsefalseD3b8f8b056-2cdd-4049-afe3-3bfd91b340fd2b3dcd37-10b4-45d2-a66c-4b1030012244fdc51b30-7d8d-44cd-a99d-14b96d425dcaCLOUDALIENFIRE\loncl5f21f211-8073-4d92-ba1b-32919845cdda2b3dcd37-10b4-45d2-a66c-4b103001224491b8f8b056-2cdd-4049-afe3-3bfd91b340fd:2b3dcd37-10b4-45d2-a66c-4b1030012244:fdc51b30-7d8d-44cd-a99d-14b96d425dca2025-08-13T18:00:49.378456+08:00MediumTitlePotential Process Crash or Stop for Modbus Device ServiceUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionModbus Device Service crashes, halts, stops or runs slowly; in all cases violating an availability metric.InteractionStringBinary RTU Response (GET or SE3302d8cb-4f2b-4563-aa32-f47333bd4be8Stopping EdgeX services requires host access (and access to the Docker engine, Docker containers and Docker network) with eleveated privileges.PriorityMediumf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation writtenb8f8b056-2cdd-4049-afe3-3bfd91b340fdMitigatedfdc51b30-7d8d-44cd-a99d-14b96d425dcaD3falsefalseD4b8f8b056-2cdd-4049-afe3-3bfd91b340fd2b3dcd37-10b4-45d2-a66c-4b1030012244fdc51b30-7d8d-44cd-a99d-14b96d425dcaDESKTOP-SL3KKHH\jpwhi5f21f211-8073-4d92-ba1b-32919845cdda2b3dcd37-10b4-45d2-a66c-4b103001224492b8f8b056-2cdd-4049-afe3-3bfd91b340fd:2b3dcd37-10b4-45d2-a66c-4b1030012244:fdc51b30-7d8d-44cd-a99d-14b96d425dca2022-09-07T03:45:47.0706957+08:00HighTitleData Flow Binary RTU Response (GET or SET Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.InteractionStringBinary RTU Response (GET or SE3302d8cb-4f2b-4563-aa32-f47333bd4be8As the communication to a Modbus device / sensor is not authenticated/authorized by the protocol, the communication across the wire could be tampered with or shut off to cause DOS attacts or actuate the device illegally. Given the nature of Modbus, the only way to protect against this threat is to physically secure the device and connectivity (wire).PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcableb8f8b056-2cdd-4049-afe3-3bfd91b340fdNotApplicablefdc51b30-7d8d-44cd-a99d-14b96d425dcaD4falsefalseD5b8f8b056-2cdd-4049-afe3-3bfd91b340fd2b3dcd37-10b4-45d2-a66c-4b1030012244fdc51b30-7d8d-44cd-a99d-14b96d425dcaDESKTOP-SL3KKHH\jpwhi5f21f211-8073-4d92-ba1b-32919845cdda2b3dcd37-10b4-45d2-a66c-4b103001224493b8f8b056-2cdd-4049-afe3-3bfd91b340fd:2b3dcd37-10b4-45d2-a66c-4b1030012244:fdc51b30-7d8d-44cd-a99d-14b96d425dca2022-09-07T03:45:50.1040577+08:00HighTitleData Store InaccessibleUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent prevents access to a data store on the other side of the trust boundary.InteractionStringBinary RTU Response (GET or SE3302d8cb-4f2b-4563-aa32-f47333bd4be8As the communication to a Modbus device / sensor is not authenticated/authorized by the protocol, the communication across the wire could be tampered with to cause DOS attacts or actuate the device illegally. Given the nature of Modbus, the only way to protect against this threat is to physically secure the device and connectivity (wire).PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcableb8f8b056-2cdd-4049-afe3-3bfd91b340fdNeedsInvestigationfdc51b30-7d8d-44cd-a99d-14b96d425dcaD5falsefalseE6b8f8b056-2cdd-4049-afe3-3bfd91b340fd2b3dcd37-10b4-45d2-a66c-4b1030012244fdc51b30-7d8d-44cd-a99d-14b96d425dcaDESKTOP-RLHC3VQ\cchou5f21f211-8073-4d92-ba1b-32919845cdda2b3dcd37-10b4-45d2-a66c-4b103001224494b8f8b056-2cdd-4049-afe3-3bfd91b340fd:2b3dcd37-10b4-45d2-a66c-4b1030012244:fdc51b30-7d8d-44cd-a99d-14b96d425dca2026-05-12T17:50:01.3884609+08:00HighTitleModbus Device Service May be Subject to Elevation of Privilege Using Remote Code ExecutionUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionModbus Device/Sensor may be able to remotely execute code for Modbus Device Service.InteractionStringBinary RTU Response (GET or SE3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence on a sensor or device is one of the biggest threats to an edge system and one of the hardest to mitigate. If tampered with, a sensor or device could be used to send the wrong data (e.g., force a temp sensor to send a signal that it is too hot when it is really too cold), too much data (overwhelming the edge system by causing the sensor to send data too often), or not enough data (e.g., disconnecting a critical monitor sensor that would cause a system to stop). The device service can be constructed to filter data to avoid the “too much” data DoS. The device service can be constructed to report and alert when there is not enough data coming from the device or sensor or the sensor/device appears to be offline (provided by the last connected tracking in EdgeX). Wrong data can be mitigated by having the device service look for expected ranges of values (as supported by min/max attributes on device profiles). Commercial 3rd party software or extensions to EdgeX (see, for example, RSA’s Netwitness IoT: https://www.netwitness.com/en-us/products/iot/) could be used to detect anomalous sensor/device communications and isolate the sensor from the system.
Additional mitigation when running EdgeX in rootless Docker: even if remote code execution succeeds inside a service container, the attacker only obtains the privileges of the unprivileged host user that owns the rootless-Docker daemon, via user-namespace UID remapping. UID 0 inside the container is not UID 0 on the host, so post-exploit actions that normally rely on host root - loading kernel modules, attaching to other containers' processes, mounting host paths, opening raw sockets, or modifying system services - are blocked even after a successful container escape. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed and signature verification is enforced at pull or admission time (e.g., Sigstore/cosign with a policy controller, or a content-trust-enabled daemon): the supply-chain path for introducing a backdoored or maliciously rebuilt image is closed, provided the signing key is protected by an HSM or KMS. Signing does not prevent exploitation of a flaw inside a legitimately signed image, so it must be combined with SBOM and SLSA provenance attestations, vulnerability scanning of the signed artifact, and timely patching. See https://www.sigstore.dev/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation Research neededb8f8b056-2cdd-4049-afe3-3bfd91b340fdNeedsInvestigationfdc51b30-7d8d-44cd-a99d-14b96d425dcaE6falsefalseE7b8f8b056-2cdd-4049-afe3-3bfd91b340fd2b3dcd37-10b4-45d2-a66c-4b1030012244fdc51b30-7d8d-44cd-a99d-14b96d425dcaDESKTOP-RLHC3VQ\cchou5f21f211-8073-4d92-ba1b-32919845cdda2b3dcd37-10b4-45d2-a66c-4b103001224495b8f8b056-2cdd-4049-afe3-3bfd91b340fd:2b3dcd37-10b4-45d2-a66c-4b1030012244:fdc51b30-7d8d-44cd-a99d-14b96d425dca2026-05-12T17:50:27.3690426+08:00HighTitleElevation by Changing the Execution Flow in Modbus Device ServiceUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionAn attacker may pass data into Modbus Device Service in order to change the flow of program execution within Modbus Device Service to the attacker's choosing.InteractionStringBinary RTU Response (GET or SE3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence on a sensor or device is one of the biggest threats to an edge system and one of the hardest to mitigate. If tampered with, a sensor or device could be used to send the wrong data (e.g., force a temp sensor to send a signal that it is too hot when it is really too cold), too much data (overwhelming the edge system by causing the sensor to send data too often), or not enough data (e.g., disconnecting a critical monitor sensor that would cause a system to stop). The device service can be constructed to filter data to avoid the “too much” data DoS. The device service can be constructed to report and alert when there is not enough data coming from the device or sensor or the sensor/device appears to be offline (provided by the last connected tracking in EdgeX). Wrong data can be mitigated by having the device service look for expected ranges of values (as supported by min/max attributes on device profiles). Physical security of the sensor and communications (wire) offer the best hope to mitigate this threat. Commercial 3rd party software or extensions to EdgeX (see, for example, RSA’s Netwitness IoT: https://www.netwitness.com/en-us/products/iot/) could be used to detect anomalous sensor/device communications and isolate the sensor from the system.
Additional mitigation when running EdgeX in rootless Docker: even if remote code execution succeeds inside a service container, the attacker only obtains the privileges of the unprivileged host user that owns the rootless-Docker daemon, via user-namespace UID remapping. UID 0 inside the container is not UID 0 on the host, so post-exploit actions that normally rely on host root - loading kernel modules, attaching to other containers' processes, mounting host paths, opening raw sockets, or modifying system services - are blocked even after a successful container escape. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed and signature verification is enforced at pull or admission time (e.g., Sigstore/cosign with a policy controller, or a content-trust-enabled daemon): the supply-chain path for introducing a backdoored or maliciously rebuilt image is closed, provided the signing key is protected by an HSM or KMS. Signing does not prevent exploitation of a flaw inside a legitimately signed image, so it must be combined with SBOM and SLSA provenance attestations, vulnerability scanning of the signed artifact, and timely patching. See https://www.sigstore.dev/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcableb8f8b056-2cdd-4049-afe3-3bfd91b340fdNotApplicablefdc51b30-7d8d-44cd-a99d-14b96d425dcaE7falsefalseD509b85d08-5274-4c51-b43f-ccba994f67b817f818eb-5312-4cd2-89ec-620e0a39faa0871456bf-3811-4925-bc0e-47d7a56b778fDESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e17f818eb-5312-4cd2-89ec-620e0a39faa012109b85d08-5274-4c51-b43f-ccba994f67b8:17f818eb-5312-4cd2-89ec-620e0a39faa0:871456bf-3811-4925-bc0e-47d7a56b778f2022-09-12T10:47:50.8370603+08:00HighTitleData Store InaccessibleUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent prevents access to a data store on the other side of the trust boundary.InteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the communication connection or remove a device/senosr causing major disruption of service (ex: removing or cutting off comms to a critical temperature sensor of a heating or cooling machine). EdgeX has no means to protect the "wire" to a physically connected device/sensor. Physical security is required to protect the wire and mitigate this threat.
Query or actuation requests that do not receive a response would result in an error that could be responded to.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation needed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated871456bf-3811-4925-bc0e-47d7a56b778fD5falsefalseD409b85d08-5274-4c51-b43f-ccba994f67b817f818eb-5312-4cd2-89ec-620e0a39faa0871456bf-3811-4925-bc0e-47d7a56b778fDESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e17f818eb-5312-4cd2-89ec-620e0a39faa012009b85d08-5274-4c51-b43f-ccba994f67b8:17f818eb-5312-4cd2-89ec-620e0a39faa0:871456bf-3811-4925-bc0e-47d7a56b778f2022-09-12T10:48:48.1745305+08:00HighTitleData Flow query or actuation Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.InteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the communication connection or remove a device/senosr causing major disruption of service (ex: removing or cutting off comms to a critical temperature sensor of a heating or cooling machine). EdgeX has no means to protect the "wire" to a physically connected device/sensor. Physical security is required to protect the wire and mitigate this threat.
Query or actuation requests that do not receive a response would result in an error that could be responded to.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated871456bf-3811-4925-bc0e-47d7a56b778fD4falsefalseD209b85d08-5274-4c51-b43f-ccba994f67b817f818eb-5312-4cd2-89ec-620e0a39faa0871456bf-3811-4925-bc0e-47d7a56b778fDESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e17f818eb-5312-4cd2-89ec-620e0a39faa011909b85d08-5274-4c51-b43f-ccba994f67b8:17f818eb-5312-4cd2-89ec-620e0a39faa0:871456bf-3811-4925-bc0e-47d7a56b778f2022-09-12T10:50:16.3281321+08:00HighTitlePotential Excessive Resource Consumption for EdgeX Foundry or Device/Sensor (physically connected authenticated)UserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionDoes EdgeX Foundry or Device/Sensor (physically connected authenticated) take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.InteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8EdgeX could send too many requests for data or actuation requests that cause the sensor / device to go offline or appear unresponsive - depending on the sophistication of the device/sensor. In the opposite direction, a device/sensor could be tampered with or improperly configured to send too much data (overwhelming the EdgeX system) causing a DoS. Other than writing the device service to filter data to avoid the “too much” data DoS, this threat is not mitigated.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated871456bf-3811-4925-bc0e-47d7a56b778fD2falsefalseI609b85d08-5274-4c51-b43f-ccba994f67b817f818eb-5312-4cd2-89ec-620e0a39faa0871456bf-3811-4925-bc0e-47d7a56b778fDESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e17f818eb-5312-4cd2-89ec-620e0a39faa011809b85d08-5274-4c51-b43f-ccba994f67b8:17f818eb-5312-4cd2-89ec-620e0a39faa0:871456bf-3811-4925-bc0e-47d7a56b778f2022-09-12T10:55:41.0567844+08:00HighTitleData Flow SniffingUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionData flowing across query or actuation may be sniffed by an attacker. Depending on what type of data an attacker can read, it may be used to attack other parts of the system or simply be a disclosure of information leading to compliance violations. Consider encrypting the data flow.InteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8Securing the data flow to/from a device or sensor is dependent on the OT protocol. In the case of something like BACnet secure (which is based on TLS - see https://www.bacnetinternational.org/page/secureconnect), the flow between EdgeX and the BACnet device can be encryped. The Device Service would need to be written to use that secure communications. In cases where there is no way to secure the communications with the device/sensor under that protocol, then mitigation is via physical security of the device/sensor (along with their connection to the EdgeX host).PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8NotApplicable871456bf-3811-4925-bc0e-47d7a56b778fI6falsefalseR809b85d08-5274-4c51-b43f-ccba994f67b817f818eb-5312-4cd2-89ec-620e0a39faa0871456bf-3811-4925-bc0e-47d7a56b778fDESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e17f818eb-5312-4cd2-89ec-620e0a39faa011709b85d08-5274-4c51-b43f-ccba994f67b8:17f818eb-5312-4cd2-89ec-620e0a39faa0:871456bf-3811-4925-bc0e-47d7a56b778f2022-09-12T09:35:53.2993305+08:00LowTitleData Store Denies Device/Sensor (physically connected authenticated) Potentially Writing DataUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionDevice/Sensor (physically connected authenticated) claims that it did not write data received from an entity on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8Use of elevated log level (set writable configuration log level to DEBUG in the device service) can be used to log all data communications. PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated871456bf-3811-4925-bc0e-47d7a56b778fR8falsefalseT1809b85d08-5274-4c51-b43f-ccba994f67b817f818eb-5312-4cd2-89ec-620e0a39faa0871456bf-3811-4925-bc0e-47d7a56b778fDESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e17f818eb-5312-4cd2-89ec-620e0a39faa011609b85d08-5274-4c51-b43f-ccba994f67b8:17f818eb-5312-4cd2-89ec-620e0a39faa0:871456bf-3811-4925-bc0e-47d7a56b778f2022-09-12T09:27:17.5372315+08:00HighTitleThe Device/Sensor (physically connected authenticated) Data Store Could Be CorruptedUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionData flowing across query or actuation may be tampered with by an attacker. This may lead to corruption of Device/Sensor (physically connected authenticated). Ensure the integrity of the data flow to the data store.InteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8With authentication and encrypting the data between EdgeX and the device/sensor (ex: using TLS), the data on the wire can be protected. The physcial security of the device/sensor still needs to be achieved to protect someone tampering with the device/sensor (ex: holding a match to a thermostat).
As with device/sensors that are not authenticated, additional optional mitigation ideas to mitigate unprotected devices/sensors require modifications to the EdgeX device service. The device service could be constructed to filter data or report and alert when there is not enough data coming from the device or sensor or the sensor/device appears to be offline. Wrong data can be mitigated by having the device service look for expected ranges of values (as supported by min/max attributes on device profiles). All of these have limits and only mitigate the data from being used in the rest of EdgeX once received by the device service. Commercial 3rd party software or extensions to EdgeX (see, for example, RSA’s Netwitness IoT: https://www.netwitness.com/en-us/products/iot/) could also be used to detect anomalous sensor/device communications and isolate the sensor from the system.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation needed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated871456bf-3811-4925-bc0e-47d7a56b778fT18falsefalseS7.109b85d08-5274-4c51-b43f-ccba994f67b817f818eb-5312-4cd2-89ec-620e0a39faa0871456bf-3811-4925-bc0e-47d7a56b778fDESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e17f818eb-5312-4cd2-89ec-620e0a39faa011509b85d08-5274-4c51-b43f-ccba994f67b8:17f818eb-5312-4cd2-89ec-620e0a39faa0:871456bf-3811-4925-bc0e-47d7a56b778f2022-09-12T09:03:50.7794617+08:00HighTitleSpoofing of Destination Data Store Device/Sensor (physically connected authenticated)UserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionDevice/Sensor (physically connected authenticated) may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Device/Sensor (physically connected authenticated). Consider using a standard authentication mechanism to identify the destination data store.InteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8With authentication protocol in place (as examplified by BACnet secured or ONVIF cameras with security on), the spoofing device or sensor would not be able to properly authenticated and thereby be denied the ability to send data, be queried. The EdgeX framework has the support to store secrets to authenticate devices.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated871456bf-3811-4925-bc0e-47d7a56b778fS7.1falsefalseS109b85d08-5274-4c51-b43f-ccba994f67b817f818eb-5312-4cd2-89ec-620e0a39faa0871456bf-3811-4925-bc0e-47d7a56b778fDESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e17f818eb-5312-4cd2-89ec-620e0a39faa011409b85d08-5274-4c51-b43f-ccba994f67b8:17f818eb-5312-4cd2-89ec-620e0a39faa0:871456bf-3811-4925-bc0e-47d7a56b778f2022-09-12T08:58:17.1430434+08:00HighTitleSpoofing the EdgeX Foundry ProcessUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionEdgeX Foundry may be spoofed by an attacker and this may lead to unauthorized access to Device/Sensor (physically connected authenticated). Consider using a standard authentication mechanism to identify the source process.InteractionStringquery or actuation3302d8cb-4f2b-4563-aa32-f47333bd4be8With authentication protocol in place (as examplified by BACnet secured or ONVIF cameras with security on), the device would not get the proper authenticated requests and thereby deny any query or actuation request.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated871456bf-3811-4925-bc0e-47d7a56b778fS1falsefalseS2871456bf-3811-4925-bc0e-47d7a56b778fd7d4793f-ea7a-4d7d-9e2e-3844af87c51709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ed7d4793f-ea7a-4d7d-9e2e-3844af87c517105871456bf-3811-4925-bc0e-47d7a56b778f:d7d4793f-ea7a-4d7d-9e2e-3844af87c517:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T08:38:49.841458+08:00HighTitleSpoofing the EdgeX Foundry ProcessUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionEdgeX Foundry may be spoofed by an attacker and this may lead to information disclosure by Device/Sensor (physically connected authenticated). Consider using a standard authentication mechanism to identify the destination process.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8With authentication protocol in place (as examplified by BACnet secured or ONVIF cameras with security on), the device would not get the proper authenticated requests and thereby deny any query or actuation request.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation needed871456bf-3811-4925-bc0e-47d7a56b778fMitigated09b85d08-5274-4c51-b43f-ccba994f67b8S2falsefalseS7871456bf-3811-4925-bc0e-47d7a56b778fd7d4793f-ea7a-4d7d-9e2e-3844af87c51709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ed7d4793f-ea7a-4d7d-9e2e-3844af87c517106871456bf-3811-4925-bc0e-47d7a56b778f:d7d4793f-ea7a-4d7d-9e2e-3844af87c517:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T09:04:14.8777555+08:00HighTitleSpoofing of Source Data Store Device/Sensor (physically connected authenticated)UserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionDevice/Sensor (physically connected authenticated) may be spoofed by an attacker and this may lead to incorrect data delivered to EdgeX Foundry. Consider using a standard authentication mechanism to identify the source data store.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8With authentication protocol in place (as examplified by BACnet secured or ONVIF cameras with security on), the spoofing device or sensor would not be able to properly authenticated and thereby be denied the ability to send data, be queried. The EdgeX framework has the support to store secrets to authenticate devices.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed871456bf-3811-4925-bc0e-47d7a56b778fMitigated09b85d08-5274-4c51-b43f-ccba994f67b8S7falsefalseR6871456bf-3811-4925-bc0e-47d7a56b778fd7d4793f-ea7a-4d7d-9e2e-3844af87c51709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ed7d4793f-ea7a-4d7d-9e2e-3844af87c517107871456bf-3811-4925-bc0e-47d7a56b778f:d7d4793f-ea7a-4d7d-9e2e-3844af87c517:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T09:35:38.5528871+08:00HighTitlePotential Data Repudiation by EdgeX FoundryUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionEdgeX Foundry claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Use of elevated log level (set writable configuration log level to DEBUG in the device service) can be used to log all data communications. PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed871456bf-3811-4925-bc0e-47d7a56b778fMitigated09b85d08-5274-4c51-b43f-ccba994f67b8R6falsefalseI23871456bf-3811-4925-bc0e-47d7a56b778fd7d4793f-ea7a-4d7d-9e2e-3844af87c51709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ed7d4793f-ea7a-4d7d-9e2e-3844af87c517108871456bf-3811-4925-bc0e-47d7a56b778f:d7d4793f-ea7a-4d7d-9e2e-3844af87c517:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T10:55:50.1225669+08:00HighTitleWeak Access Control for a ResourceUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionImproper data protection of Device/Sensor (physically connected authenticated) can allow an attacker to read information not intended for disclosure. Review authorization settings.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Securing the data flow to/from a device or sensor is dependent on the OT protocol. In the case of something like BACnet secure (which is based on TLS - see https://www.bacnetinternational.org/page/secureconnect), the flow between EdgeX and the BACnet device can be encryped. The Device Service would need to be written to use that secure communications. In cases where there is no way to secure the communications with the device/sensor under that protocol, then mitigation is via physical security of the device/sensor (along with their connection to the EdgeX host).PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed871456bf-3811-4925-bc0e-47d7a56b778fNotApplicable09b85d08-5274-4c51-b43f-ccba994f67b8I23falsefalseD3871456bf-3811-4925-bc0e-47d7a56b778fd7d4793f-ea7a-4d7d-9e2e-3844af87c51709b85d08-5274-4c51-b43f-ccba994f67b8CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3ed7d4793f-ea7a-4d7d-9e2e-3844af87c517109871456bf-3811-4925-bc0e-47d7a56b778f:d7d4793f-ea7a-4d7d-9e2e-3844af87c517:09b85d08-5274-4c51-b43f-ccba994f67b82025-08-13T18:04:40.7475123+08:00MediumTitlePotential Process Crash or Stop for EdgeX FoundryUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionEdgeX Foundry crashes, halts, stops or runs slowly; in all cases violating an availability metric.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Stopping EdgeX services requires host access (and access to the Docker engine, Docker containers and Docker network) with eleveated privileges.PriorityMediumf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed871456bf-3811-4925-bc0e-47d7a56b778fMitigated09b85d08-5274-4c51-b43f-ccba994f67b8D3falsefalseD4871456bf-3811-4925-bc0e-47d7a56b778fd7d4793f-ea7a-4d7d-9e2e-3844af87c51709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ed7d4793f-ea7a-4d7d-9e2e-3844af87c517110871456bf-3811-4925-bc0e-47d7a56b778f:d7d4793f-ea7a-4d7d-9e2e-3844af87c517:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T10:48:42.0086166+08:00HighTitleData Flow sensor data Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the communication connection or remove a device/senosr causing major disruption of service (ex: removing or cutting off comms to a critical temperature sensor of a heating or cooling machine). EdgeX has no means to protect the "wire" to a physically connected device/sensor. Physical security is required to protect the wire and device/sensor and mitigate this threat.
The device service does track "last connected" and that timestamp could be monitored for outside of normal reporting ranges.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed871456bf-3811-4925-bc0e-47d7a56b778fMitigated09b85d08-5274-4c51-b43f-ccba994f67b8D4falsefalseD5871456bf-3811-4925-bc0e-47d7a56b778fd7d4793f-ea7a-4d7d-9e2e-3844af87c51709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3ed7d4793f-ea7a-4d7d-9e2e-3844af87c517111871456bf-3811-4925-bc0e-47d7a56b778f:d7d4793f-ea7a-4d7d-9e2e-3844af87c517:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T10:48:29.993981+08:00HighTitleData Store InaccessibleUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent prevents access to a data store on the other side of the trust boundary.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the communication connection or remove a device/senosr causing major disruption of service (ex: removing or cutting off comms to a critical temperature sensor of a heating or cooling machine). EdgeX has no means to protect the "wire" to a physically connected device/sensor. Physical security is required to protect the wire and device/sensor and mitigate this threat.
The device service does track "last connected" and that timestamp could be monitored for outside of normal reporting ranges.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed871456bf-3811-4925-bc0e-47d7a56b778fMitigated09b85d08-5274-4c51-b43f-ccba994f67b8D5falsefalseE6871456bf-3811-4925-bc0e-47d7a56b778fd7d4793f-ea7a-4d7d-9e2e-3844af87c51709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3ed7d4793f-ea7a-4d7d-9e2e-3844af87c517112871456bf-3811-4925-bc0e-47d7a56b778f:d7d4793f-ea7a-4d7d-9e2e-3844af87c517:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-12T16:50:19.8337846+08:00LowTitleEdgeX Foundry May be Subject to Elevation of Privilege Using Remote Code ExecutionUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionDevice/Sensor (physically connected authenticated) may be able to remotely execute code for EdgeX Foundry.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8EdgeX does not execute random code based on input from a device or sensor (as if it was from a web application with something like unsanitized inputs). All data is santized by extracting expected data values from the sensor input data, creating an EdgeX event/reading message and sending that into the rest of EdgeX. The data coming from a sensor could be used to kill the service (ex: buffer overflow attack and sending too much data for the service to consume for example - see DoS threats). The device service in EdgeX can be written to reject to large of a request (for example). In some cases, a protocol may offer dual authentication, and if used, help to mitigate RCE
Additional mitigation when running EdgeX in rootless Docker: even if remote code execution succeeds inside a service container, the attacker only obtains the privileges of the unprivileged host user that owns the rootless-Docker daemon, via user-namespace UID remapping. UID 0 inside the container is not UID 0 on the host, so post-exploit actions that normally rely on host root - loading kernel modules, attaching to other containers' processes, mounting host paths, opening raw sockets, or modifying system services - are blocked even after a successful container escape. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed and signature verification is enforced at pull or admission time (e.g., Sigstore/cosign with a policy controller, or a content-trust-enabled daemon): the supply-chain path for introducing a backdoored or maliciously rebuilt image is closed, provided the signing key is protected by an HSM or KMS. Signing does not prevent exploitation of a flaw inside a legitimately signed image, so it must be combined with SBOM and SLSA provenance attestations, vulnerability scanning of the signed artifact, and timely patching. See https://www.sigstore.dev/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09No mitigation or not applicable7a70fe71-64fa-4b97-b171-38b5a064c295Cannot mitigate or not appilcable871456bf-3811-4925-bc0e-47d7a56b778fNotApplicable09b85d08-5274-4c51-b43f-ccba994f67b8E6falsefalseE7871456bf-3811-4925-bc0e-47d7a56b778fd7d4793f-ea7a-4d7d-9e2e-3844af87c51709b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3ed7d4793f-ea7a-4d7d-9e2e-3844af87c517113871456bf-3811-4925-bc0e-47d7a56b778f:d7d4793f-ea7a-4d7d-9e2e-3844af87c517:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-12T16:49:07.2700292+08:00HighTitleElevation by Changing the Execution Flow in EdgeX FoundryUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionAn attacker may pass data into EdgeX Foundry in order to change the flow of program execution within EdgeX Foundry to the attacker's choosing.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence on a sensor or device is one of the biggest threats to an edge system and one of the hardest to mitigate. If tampered with, a sensor or device could be used to send the wrong data (e.g., force a temp sensor to send a signal that it is too hot when it is really too cold). EdgeX has no means to protect the "wire" to a physically connected device/sensor. Physical security is required to protect the wire and device/sensor and mitigate this threat.
Wrong data can be mitigated by having the device service look for expected ranges of values (as supported by min/max attributes on device profiles). Commercial 3rd party software or extensions to EdgeX (see, for example, RSA’s Netwitness IoT: https://www.netwitness.com/en-us/products/iot/) could be used to detect anomalous sensor/device communications and isolate the sensor from the system.
Additional mitigation when running EdgeX in rootless Docker: even if remote code execution succeeds inside a service container, the attacker only obtains the privileges of the unprivileged host user that owns the rootless-Docker daemon, via user-namespace UID remapping. UID 0 inside the container is not UID 0 on the host, so post-exploit actions that normally rely on host root - loading kernel modules, attaching to other containers' processes, mounting host paths, opening raw sockets, or modifying system services - are blocked even after a successful container escape. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed and signature verification is enforced at pull or admission time (e.g., Sigstore/cosign with a policy controller, or a content-trust-enabled daemon): the supply-chain path for introducing a backdoored or maliciously rebuilt image is closed, provided the signing key is protected by an HSM or KMS. Signing does not prevent exploitation of a flaw inside a legitimately signed image, so it must be combined with SBOM and SLSA provenance attestations, vulnerability scanning of the signed artifact, and timely patching. See https://www.sigstore.dev/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed871456bf-3811-4925-bc0e-47d7a56b778fMitigated09b85d08-5274-4c51-b43f-ccba994f67b8E7falsefalseS7.13719101d-cce1-4cc5-813e-ff655788aaf59c0e082f-7392-4b49-b104-83c15000a03e412ae30a-0d2d-4db3-852b-540eb2797c13CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e9c0e082f-7392-4b49-b104-83c15000a03e1323719101d-cce1-4cc5-813e-ff655788aaf5:9c0e082f-7392-4b49-b104-83c15000a03e:412ae30a-0d2d-4db3-852b-540eb2797c132025-08-13T18:07:37.7448962+08:00LowTitleSpoofing of Destination Data Store Device/Sensor (REST authenticated)UserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionDevice/Sensor (REST authenticated) may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Device/Sensor (REST authenticated). Consider using a standard authentication mechanism to identify the destination data store.InteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8With authentication in place the REST caller would not get the proper authenticated by a spoofed Nginx and thereby deny any query request.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed3719101d-cce1-4cc5-813e-ff655788aaf5Mitigated412ae30a-0d2d-4db3-852b-540eb2797c13S7.1falsefalseT183719101d-cce1-4cc5-813e-ff655788aaf59c0e082f-7392-4b49-b104-83c15000a03e412ae30a-0d2d-4db3-852b-540eb2797c13CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e9c0e082f-7392-4b49-b104-83c15000a03e1333719101d-cce1-4cc5-813e-ff655788aaf5:9c0e082f-7392-4b49-b104-83c15000a03e:412ae30a-0d2d-4db3-852b-540eb2797c132025-08-13T18:07:59.7140809+08:00HighTitleThe Device/Sensor (REST authenticated) Data Store Could Be CorruptedUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionData flowing across query may be tampered with by an attacker. This may lead to corruption of Device/Sensor (REST authenticated). Ensure the integrity of the data flow to the data store.InteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8REST requests and responses to/through Nginx are encrypted by default.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Third Party7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed3719101d-cce1-4cc5-813e-ff655788aaf5Mitigated412ae30a-0d2d-4db3-852b-540eb2797c13T18falsefalseR83719101d-cce1-4cc5-813e-ff655788aaf59c0e082f-7392-4b49-b104-83c15000a03e412ae30a-0d2d-4db3-852b-540eb2797c13DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e9c0e082f-7392-4b49-b104-83c15000a03e1343719101d-cce1-4cc5-813e-ff655788aaf5:9c0e082f-7392-4b49-b104-83c15000a03e:412ae30a-0d2d-4db3-852b-540eb2797c132022-09-12T09:37:41.3672894+08:00LowTitleData Store Denies Device/Sensor (REST authenticated) Potentially Writing DataUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionDevice/Sensor (REST authenticated) claims that it did not write data received from an entity on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8Use of elevated log level (set writable configuration log level to DEBUG in the device service) can be used to log all data communications. PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed3719101d-cce1-4cc5-813e-ff655788aaf5Mitigated412ae30a-0d2d-4db3-852b-540eb2797c13R8falsefalseD43719101d-cce1-4cc5-813e-ff655788aaf59c0e082f-7392-4b49-b104-83c15000a03e412ae30a-0d2d-4db3-852b-540eb2797c13DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e9c0e082f-7392-4b49-b104-83c15000a03e1353719101d-cce1-4cc5-813e-ff655788aaf5:9c0e082f-7392-4b49-b104-83c15000a03e:412ae30a-0d2d-4db3-852b-540eb2797c132022-09-12T11:10:30.1128954+08:00MediumTitleData Flow query Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.InteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the network communication connection causing major disruption of service (ex: removing or cutting off comms to a critical temperature resource of a heating or cooling machine). EdgeX has no means to protect the network connection. Physical security is required to protect the wire and device/sensor and mitigate this threat.
The device service does track "last connected" and that timestamp could be monitored for outside of normal reporting ranges.PriorityMediumf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written3719101d-cce1-4cc5-813e-ff655788aaf5Mitigated412ae30a-0d2d-4db3-852b-540eb2797c13D4falsefalseD53719101d-cce1-4cc5-813e-ff655788aaf59c0e082f-7392-4b49-b104-83c15000a03e412ae30a-0d2d-4db3-852b-540eb2797c13DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e9c0e082f-7392-4b49-b104-83c15000a03e1363719101d-cce1-4cc5-813e-ff655788aaf5:9c0e082f-7392-4b49-b104-83c15000a03e:412ae30a-0d2d-4db3-852b-540eb2797c132022-09-12T11:09:29.1322201+08:00MediumTitleData Store InaccessibleUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent prevents access to a data store on the other side of the trust boundary.InteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the network communication connection causing major disruption of service (ex: removing or cutting off comms to a critical temperature resource of a heating or cooling machine). EdgeX has no means to protect the network connection. Physical security is required to protect the wire and device/sensor and mitigate this threat.
The device service does track "last connected" and that timestamp could be monitored for outside of normal reporting ranges.PriorityMediumf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written3719101d-cce1-4cc5-813e-ff655788aaf5Mitigated412ae30a-0d2d-4db3-852b-540eb2797c13D5falsefalseS7412ae30a-0d2d-4db3-852b-540eb2797c13266740e4-4d1d-48e2-b9f6-9c0cf6d447163719101d-cce1-4cc5-813e-ff655788aaf5CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e266740e4-4d1d-48e2-b9f6-9c0cf6d44716137412ae30a-0d2d-4db3-852b-540eb2797c13:266740e4-4d1d-48e2-b9f6-9c0cf6d44716:3719101d-cce1-4cc5-813e-ff655788aaf52025-08-13T18:09:10.7471239+08:00LowTitleSpoofing of Source Data Store Device/Sensor (REST authenticated)UserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionDevice/Sensor (REST authenticated) may be spoofed by an attacker and this may lead to incorrect data delivered to Nginx. Consider using a standard authentication mechanism to identify the source data store.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8With authentication in place the REST caller would not get the proper authenticated by a spoofed Nginx and thereby deny any query request.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed412ae30a-0d2d-4db3-852b-540eb2797c13Mitigated3719101d-cce1-4cc5-813e-ff655788aaf5S7falsefalseR7412ae30a-0d2d-4db3-852b-540eb2797c13266740e4-4d1d-48e2-b9f6-9c0cf6d447163719101d-cce1-4cc5-813e-ff655788aaf5CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e266740e4-4d1d-48e2-b9f6-9c0cf6d44716138412ae30a-0d2d-4db3-852b-540eb2797c13:266740e4-4d1d-48e2-b9f6-9c0cf6d44716:3719101d-cce1-4cc5-813e-ff655788aaf52025-08-13T18:09:27.6967185+08:00LowTitleExternal Entity Nginx Potentially Denies Receiving DataUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionNginx claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Use of elevated log level (set writable configuration log level to DEBUG in the device service) can be used to log all data communications. PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed412ae30a-0d2d-4db3-852b-540eb2797c13Mitigated3719101d-cce1-4cc5-813e-ff655788aaf5R7falsefalseI23412ae30a-0d2d-4db3-852b-540eb2797c13266740e4-4d1d-48e2-b9f6-9c0cf6d447163719101d-cce1-4cc5-813e-ff655788aaf5CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e266740e4-4d1d-48e2-b9f6-9c0cf6d44716139412ae30a-0d2d-4db3-852b-540eb2797c13:266740e4-4d1d-48e2-b9f6-9c0cf6d44716:3719101d-cce1-4cc5-813e-ff655788aaf52025-08-13T18:09:45.8083233+08:00HighTitleWeak Access Control for a ResourceUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionImproper data protection of Device/Sensor (REST authenticated) can allow an attacker to read information not intended for disclosure. Review authorization settings.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8REST requests and responses to/through Nginx are encrypted by default.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Third Party7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed412ae30a-0d2d-4db3-852b-540eb2797c13Mitigated3719101d-cce1-4cc5-813e-ff655788aaf5I23falsefalseD4412ae30a-0d2d-4db3-852b-540eb2797c13266740e4-4d1d-48e2-b9f6-9c0cf6d447163719101d-cce1-4cc5-813e-ff655788aaf5CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e266740e4-4d1d-48e2-b9f6-9c0cf6d44716140412ae30a-0d2d-4db3-852b-540eb2797c13:266740e4-4d1d-48e2-b9f6-9c0cf6d44716:3719101d-cce1-4cc5-813e-ff655788aaf52025-08-13T18:10:56.9622193+08:00LowTitleData Flow sensor data Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Nginx can be configured rate limiting to prevent a DoS attack. See https://blog.nginx.org/blog/rate-limiting-nginxPriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09Third Party7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written412ae30a-0d2d-4db3-852b-540eb2797c13Mitigated3719101d-cce1-4cc5-813e-ff655788aaf5D4falsefalseD5412ae30a-0d2d-4db3-852b-540eb2797c13266740e4-4d1d-48e2-b9f6-9c0cf6d447163719101d-cce1-4cc5-813e-ff655788aaf5DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e266740e4-4d1d-48e2-b9f6-9c0cf6d44716141412ae30a-0d2d-4db3-852b-540eb2797c13:266740e4-4d1d-48e2-b9f6-9c0cf6d44716:3719101d-cce1-4cc5-813e-ff655788aaf52022-09-12T11:09:37.3190005+08:00MediumTitleData Store InaccessibleUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent prevents access to a data store on the other side of the trust boundary.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the network communication connection causing major disruption of service (ex: removing or cutting off comms to a critical temperature resource of a heating or cooling machine). EdgeX has no means to protect the network connection. Physical security is required to protect the wire and device/sensor and mitigate this threat.
The device service does track "last connected" and that timestamp could be monitored for outside of normal reporting ranges.PriorityMediumf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written412ae30a-0d2d-4db3-852b-540eb2797c13Mitigated3719101d-cce1-4cc5-813e-ff655788aaf5D5falsefalseE3412ae30a-0d2d-4db3-852b-540eb2797c13266740e4-4d1d-48e2-b9f6-9c0cf6d447163719101d-cce1-4cc5-813e-ff655788aaf5CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e266740e4-4d1d-48e2-b9f6-9c0cf6d44716142412ae30a-0d2d-4db3-852b-540eb2797c13:266740e4-4d1d-48e2-b9f6-9c0cf6d44716:3719101d-cce1-4cc5-813e-ff655788aaf52025-08-13T18:13:15.8842506+08:00HighTitleWeakness in SSO AuthorizationUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionCommon SSO implementations such as OAUTH2 and OAUTH Wrap are vulnerable to MitM attacks.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8In EdgeX, Nginx is configured to use JWT token authentication. OAUTH2 and OAUTH are not allowed as of EdgeX v4 (see https://docs.edgexfoundry.org/4.0/security/Ch-APIGateway/#configuration-of-jwt-authentication-for-api-gateway). JWT token expires in one hour by default.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Third Party7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation written412ae30a-0d2d-4db3-852b-540eb2797c13Mitigated3719101d-cce1-4cc5-813e-ff655788aaf5E3falsefalseE7ff036d7b-b43f-4f90-a80a-6294cfd627b600a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3e00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f182ff036d7b-b43f-4f90-a80a-6294cfd627b6:00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-12T16:51:35.7478562+08:00LowTitleElevation by Changing the Execution Flow in EdgeX FoundryUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionAn attacker may pass data into EdgeX Foundry in order to change the flow of program execution within EdgeX Foundry to the attacker's choosing.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Access to publish data through the external MQTT broker is protected with authentication.
Wrong data can also be mitigated by having the device service look for expected ranges of values (as supported by min/max attributes on device profiles). Commercial 3rd party software or extensions to EdgeX (see, for example, RSA’s Netwitness IoT: https://www.netwitness.com/en-us/products/iot/) could be used to detect anomalous sensor/device communications and isolate the sensor from the system.
Additional mitigation when running EdgeX in rootless Docker: even if remote code execution succeeds inside a service container, the attacker only obtains the privileges of the unprivileged host user that owns the rootless-Docker daemon, via user-namespace UID remapping. UID 0 inside the container is not UID 0 on the host, so post-exploit actions that normally rely on host root - loading kernel modules, attaching to other containers' processes, mounting host paths, opening raw sockets, or modifying system services - are blocked even after a successful container escape. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed and signature verification is enforced at pull or admission time (e.g., Sigstore/cosign with a policy controller, or a content-trust-enabled daemon): the supply-chain path for introducing a backdoored or maliciously rebuilt image is closed, provided the signing key is protected by an HSM or KMS. Signing does not prevent exploitation of a flaw inside a legitimately signed image, so it must be combined with SBOM and SLSA provenance attestations, vulnerability scanning of the signed artifact, and timely patching. See https://www.sigstore.dev/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewedff036d7b-b43f-4f90-a80a-6294cfd627b6Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8E7falsefalseE6ff036d7b-b43f-4f90-a80a-6294cfd627b600a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3e00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f181ff036d7b-b43f-4f90-a80a-6294cfd627b6:00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-12T16:48:32.1660883+08:00LowTitleEdgeX Foundry May be Subject to Elevation of Privilege Using Remote Code ExecutionUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionDevice/Sensor (via external MQTT broker - authenticated) may be able to remotely execute code for EdgeX Foundry.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8EdgeX does not execute random code based on input from a device or sensor (as if it was from a web application with something like unsanitized inputs). All data is santized by extracting expected data values from the sensor input data, creating an EdgeX event/reading message and sending that into the rest of EdgeX. The data coming from a sensor could be used to kill the service (ex: buffer overflow attack and sending too much data for the service to consume for example - see DoS threats). The device service in EdgeX can be written to reject to large of a request (for example). In some cases, a protocol may offer dual authentication, and if used, help to mitigate RCE
Additional mitigation when running EdgeX in rootless Docker: even if remote code execution succeeds inside a service container, the attacker only obtains the privileges of the unprivileged host user that owns the rootless-Docker daemon, via user-namespace UID remapping. UID 0 inside the container is not UID 0 on the host, so post-exploit actions that normally rely on host root - loading kernel modules, attaching to other containers' processes, mounting host paths, opening raw sockets, or modifying system services - are blocked even after a successful container escape. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed and signature verification is enforced at pull or admission time (e.g., Sigstore/cosign with a policy controller, or a content-trust-enabled daemon): the supply-chain path for introducing a backdoored or maliciously rebuilt image is closed, provided the signing key is protected by an HSM or KMS. Signing does not prevent exploitation of a flaw inside a legitimately signed image, so it must be combined with SBOM and SLSA provenance attestations, vulnerability scanning of the signed artifact, and timely patching. See https://www.sigstore.dev/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewedff036d7b-b43f-4f90-a80a-6294cfd627b6Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8E6falsefalseD5ff036d7b-b43f-4f90-a80a-6294cfd627b600a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f180ff036d7b-b43f-4f90-a80a-6294cfd627b6:00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T11:21:42.1237579+08:00HighTitleData Store InaccessibleUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent prevents access to a data store on the other side of the trust boundary.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the communication connection or MQTT broker causing major disruption of service (ex: removing or cutting off comms to a critical temperature sensor of a heating or cooling machine). EdgeX has no means to protect the connection to the external MQTT broker, the broker itself, or publisher to the broker. Physical and sytem security is required to protect these and mitigate this threat.
The device service does track "last connected" and that timestamp could be monitored for outside of normal reporting ranges.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewedff036d7b-b43f-4f90-a80a-6294cfd627b6Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8D5falsefalseD4ff036d7b-b43f-4f90-a80a-6294cfd627b600a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f179ff036d7b-b43f-4f90-a80a-6294cfd627b6:00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T11:20:27.9025826+08:00HighTitleData Flow sensor data Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the communication connection or MQTT broker causing major disruption of service (ex: removing or cutting off comms to a critical temperature sensor of a heating or cooling machine). EdgeX has no means to protect the connection to the external MQTT broker, the broker itself, or publisher to the broker. Physical and sytem security is required to protect these and mitigate this threat.
The device service does track "last connected" and that timestamp could be monitored for outside of normal reporting ranges.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewedff036d7b-b43f-4f90-a80a-6294cfd627b6Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8D4falsefalseD3ff036d7b-b43f-4f90-a80a-6294cfd627b600a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f09b85d08-5274-4c51-b43f-ccba994f67b8CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f178ff036d7b-b43f-4f90-a80a-6294cfd627b6:00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f:09b85d08-5274-4c51-b43f-ccba994f67b82025-08-13T18:16:07.2232762+08:00MediumTitlePotential Process Crash or Stop for EdgeX FoundryUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionEdgeX Foundry crashes, halts, stops or runs slowly; in all cases violating an availability metric.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Stopping EdgeX services requires host access (and access to the Docker engine, Docker containers and Docker network) with eleveated privileges or access to the EdgeX system management APIs (requiring the Nginx JWT token).PriorityMediumf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation writtenff036d7b-b43f-4f90-a80a-6294cfd627b6Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8D3falsefalseI23ff036d7b-b43f-4f90-a80a-6294cfd627b600a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f177ff036d7b-b43f-4f90-a80a-6294cfd627b6:00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T11:12:57.7804515+08:00HighTitleWeak Access Control for a ResourceUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionImproper data protection of Device/Sensor (via external MQTT broker - authenticated) can allow an attacker to read information not intended for disclosure. Review authorization settings.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Requires encryption of the communications (on both the EdgeX and device/sensor ends) which is not in place by default. MQTTS could be implemented by the adopter with the appropriate MQTT broker.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewedff036d7b-b43f-4f90-a80a-6294cfd627b6Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8I23falsefalseR6ff036d7b-b43f-4f90-a80a-6294cfd627b600a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f176ff036d7b-b43f-4f90-a80a-6294cfd627b6:00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T09:59:36.67224+08:00HighTitlePotential Data Repudiation by EdgeX FoundryUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionEdgeX Foundry claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8Use of elevated log level (set writable configuration log level to DEBUG in the device service) can be used to log all data communications. Log level on the message bus may also be elevated.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewedff036d7b-b43f-4f90-a80a-6294cfd627b6Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8R6falsefalseS7ff036d7b-b43f-4f90-a80a-6294cfd627b600a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f175ff036d7b-b43f-4f90-a80a-6294cfd627b6:00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T10:06:58.9908726+08:00HighTitleSpoofing of Source Data Store Device/Sensor (via external MQTT broker - authenticated)UserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionDevice/Sensor (via external MQTT broker - authenticated) may be spoofed by an attacker and this may lead to incorrect data delivered to EdgeX Foundry. Consider using a standard authentication mechanism to identify the source data store.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8With authentication in place the spoofing MQTT publisher of sensor data (or the spoofed external message broker) would not be properly authenticated and thereby deny any request. The EdgeX framework has the support to store secrets to authenticate devices.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewedff036d7b-b43f-4f90-a80a-6294cfd627b6Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8S7falsefalseS2ff036d7b-b43f-4f90-a80a-6294cfd627b600a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f174ff036d7b-b43f-4f90-a80a-6294cfd627b6:00a2dd60-a3d2-4481-a9b8-6ed07b3ebb6f:09b85d08-5274-4c51-b43f-ccba994f67b82022-09-12T10:08:41.6535467+08:00HighTitleSpoofing the EdgeX Foundry ProcessUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionEdgeX Foundry may be spoofed by an attacker and this may lead to information disclosure by Device/Sensor (via external MQTT broker - authenticated). Consider using a standard authentication mechanism to identify the destination process.InteractionStringsensor data3302d8cb-4f2b-4563-aa32-f47333bd4be8With authentication in place the spoofing MQTT receiver of sensor data (or the spoofed external message broker) would not be properly authenticated and thereby be unable to receive. The EdgeX framework has the support to store secrets to authenticate devices.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewedff036d7b-b43f-4f90-a80a-6294cfd627b6Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8S2falsefalseD509b85d08-5274-4c51-b43f-ccba994f67b86567e774-9357-4d03-91e5-95776298b686ff036d7b-b43f-4f90-a80a-6294cfd627b6DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e6567e774-9357-4d03-91e5-95776298b68617309b85d08-5274-4c51-b43f-ccba994f67b8:6567e774-9357-4d03-91e5-95776298b686:ff036d7b-b43f-4f90-a80a-6294cfd627b62022-09-12T11:21:31.1578045+08:00HighTitleData Store InaccessibleUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent prevents access to a data store on the other side of the trust boundary.InteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the communication connection or MQTT broker causing major disruption of service (ex: removing or cutting off comms to a critical temperature sensor of a heating or cooling machine). EdgeX has no means to protect the connection to the external MQTT broker, the broker itself, or subscriber to the broker. Physical and sytem security is required to protect these and mitigate this threat.
Query requests that do not receive a response would result in an error that could be responded to.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigatedff036d7b-b43f-4f90-a80a-6294cfd627b6D5falsefalseD409b85d08-5274-4c51-b43f-ccba994f67b86567e774-9357-4d03-91e5-95776298b686ff036d7b-b43f-4f90-a80a-6294cfd627b6DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e6567e774-9357-4d03-91e5-95776298b68617209b85d08-5274-4c51-b43f-ccba994f67b8:6567e774-9357-4d03-91e5-95776298b686:ff036d7b-b43f-4f90-a80a-6294cfd627b62022-09-12T11:28:44.8769944+08:00HighTitleData Flow query Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.InteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8Outside influence could break the communication connection or MQTT broker causing major disruption of service (ex: removing or cutting off comms to a critical temperature sensor of a heating or cooling machine). EdgeX has no means to protect the connection to the external MQTT broker, the broker itself, or publisher to the broker. Physical and sytem security is required to protect these and mitigate this threat.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation needed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigatedff036d7b-b43f-4f90-a80a-6294cfd627b6D4falsefalseD209b85d08-5274-4c51-b43f-ccba994f67b86567e774-9357-4d03-91e5-95776298b686ff036d7b-b43f-4f90-a80a-6294cfd627b6DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e6567e774-9357-4d03-91e5-95776298b68617109b85d08-5274-4c51-b43f-ccba994f67b8:6567e774-9357-4d03-91e5-95776298b686:ff036d7b-b43f-4f90-a80a-6294cfd627b62022-09-12T11:16:23.6324798+08:00HighTitlePotential Excessive Resource Consumption for EdgeX Foundry or Device/Sensor (via external MQTT broker - authenticated)UserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionDoes EdgeX Foundry or Device/Sensor (via external MQTT broker - authenticated) take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.InteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8EdgeX could send too many requests for data that cause the broker or subscriber to go offline or appear unresponsive - depending on the capabilities of the broker or subscribing application. In the opposite direction, an MQTT publisher could be tampered with or improperly configured to send too much data (overwhelming the EdgeX system or MQTT broker) causing a DoS. Other than writing the device service to filter data to avoid the “too much” data DoS, this threat is not mitigated.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigatedff036d7b-b43f-4f90-a80a-6294cfd627b6D2falsefalseI609b85d08-5274-4c51-b43f-ccba994f67b86567e774-9357-4d03-91e5-95776298b686ff036d7b-b43f-4f90-a80a-6294cfd627b6DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e6567e774-9357-4d03-91e5-95776298b68617009b85d08-5274-4c51-b43f-ccba994f67b8:6567e774-9357-4d03-91e5-95776298b686:ff036d7b-b43f-4f90-a80a-6294cfd627b62022-09-12T10:14:20.4458844+08:00HighTitleData Flow SniffingUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionData flowing across query may be sniffed by an attacker. Depending on what type of data an attacker can read, it may be used to attack other parts of the system or simply be a disclosure of information leading to compliance violations. Consider encrypting the data flow.InteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8Requires encryption of the communications (on both the EdgeX and device/sensor ends) which is not in place by default. MQTTS could be implemented by the adopter with the appropriate MQTT broker.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigatedff036d7b-b43f-4f90-a80a-6294cfd627b6I6falsefalseR809b85d08-5274-4c51-b43f-ccba994f67b86567e774-9357-4d03-91e5-95776298b686ff036d7b-b43f-4f90-a80a-6294cfd627b6DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e6567e774-9357-4d03-91e5-95776298b68616909b85d08-5274-4c51-b43f-ccba994f67b8:6567e774-9357-4d03-91e5-95776298b686:ff036d7b-b43f-4f90-a80a-6294cfd627b62022-09-12T10:00:14.358035+08:00HighTitleData Store Denies Device/Sensor (via external MQTT broker - authenticated) Potentially Writing DataUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionDevice/Sensor (via external MQTT broker - authenticated) claims that it did not write data received from an entity on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8Use of elevated log level (set writable configuration log level to DEBUG in the device service) can be used to log all data communications. Log level on the message bus may also be elevated.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigatedff036d7b-b43f-4f90-a80a-6294cfd627b6R8falsefalseT1809b85d08-5274-4c51-b43f-ccba994f67b86567e774-9357-4d03-91e5-95776298b686ff036d7b-b43f-4f90-a80a-6294cfd627b6DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e6567e774-9357-4d03-91e5-95776298b68616809b85d08-5274-4c51-b43f-ccba994f67b8:6567e774-9357-4d03-91e5-95776298b686:ff036d7b-b43f-4f90-a80a-6294cfd627b62022-09-12T10:14:29.0570469+08:00HighTitleThe Device/Sensor (via external MQTT broker - authenticated) Data Store Could Be CorruptedUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionData flowing across query may be tampered with by an attacker. This may lead to corruption of Device/Sensor (via external MQTT broker - authenticated). Ensure the integrity of the data flow to the data store.InteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8Requires encryption of the communications (on both the EdgeX and device/sensor ends) which is not in place by default. MQTTS could be implemented by the adopter with the appropriate MQTT broker.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigatedff036d7b-b43f-4f90-a80a-6294cfd627b6T18falsefalseS7.109b85d08-5274-4c51-b43f-ccba994f67b86567e774-9357-4d03-91e5-95776298b686ff036d7b-b43f-4f90-a80a-6294cfd627b6DESKTOP-SL3KKHH\jpwhi09e889f5-eba7-42f5-b7ce-0768e1ba3a3e6567e774-9357-4d03-91e5-95776298b68616709b85d08-5274-4c51-b43f-ccba994f67b8:6567e774-9357-4d03-91e5-95776298b686:ff036d7b-b43f-4f90-a80a-6294cfd627b62022-12-28T05:13:10.4692024+08:00HighTitleSpoofing of Destination Data Store Device/Sensor (via external MQTT broker - authenticated)UserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionDevice/Sensor (via external MQTT broker - authenticated) may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Device/Sensor (via external MQTT broker - authenticated). Consider using a standard authentication mechanism to identify the destination data store.InteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8With authentication in place the spoofing MQTT query sendor (or the spoofed external message broker) would not be properly authenticated and thereby be unable to publish. The EdgeX framework has the support to store secrets to authenticate devices. Broker host and port are part of services' configuration (covered under threats against configuration)PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigatedff036d7b-b43f-4f90-a80a-6294cfd627b6S7.1falsefalseS109b85d08-5274-4c51-b43f-ccba994f67b86567e774-9357-4d03-91e5-95776298b686ff036d7b-b43f-4f90-a80a-6294cfd627b6DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3e6567e774-9357-4d03-91e5-95776298b68616609b85d08-5274-4c51-b43f-ccba994f67b8:6567e774-9357-4d03-91e5-95776298b686:ff036d7b-b43f-4f90-a80a-6294cfd627b62026-05-12T16:32:51.7503411+08:00HighTitleSpoofing the EdgeX Foundry ProcessUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionEdgeX Foundry may be spoofed by an attacker and this may lead to unauthorized access to Device/Sensor (via external MQTT broker - authenticated). Consider using a standard authentication mechanism to identify the source process.InteractionStringquery3302d8cb-4f2b-4563-aa32-f47333bd4be8With authentication in place the spoofing MQTT publisher of a query (or the spoofed external message broker) would not be properly authenticated and thereby be unable to make its request. The EdgeX framework has the support to store secrets to authenticate devices. Broker host and port are part of services' configuration (covered under threats against configuration)
Additional mitigation when EdgeX container images are signed (e.g., with Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: an attacker cannot substitute a tampered or imposter image for any EdgeX Foundry service container via a compromised registry, a man-in-the-middle of `docker pull`, or a tampered local image cache. The signing key must be protected by an HSM or KMS and verification must be enforced by the runtime (for example a cosign policy controller or content-trust-enabled daemon). Image signing covers image authenticity only; pair it with SBOM and SLSA provenance attestations for build-time integrity and with timely patching, because a legitimately signed image with an exploitable flaw is still exploitable. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigatedff036d7b-b43f-4f90-a80a-6294cfd627b6S1falsefalseS7.109b85d08-5274-4c51-b43f-ccba994f67b8724fe5dc-12cf-46b4-b9c9-3739376a494558b84b43-4e8b-4225-9c3a-695e45e8cbc4DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3e724fe5dc-12cf-46b4-b9c9-3739376a494518309b85d08-5274-4c51-b43f-ccba994f67b8:724fe5dc-12cf-46b4-b9c9-3739376a4945:58b84b43-4e8b-4225-9c3a-695e45e8cbc42026-05-12T16:09:33.4972435+08:00LowTitleSpoofing of Destination Data Store PostgreSQLUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionPostgreSQL may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of PostgreSQL. Consider using a standard authentication mechanism to identify the destination data store.InteractionStringqueries & data3302d8cb-4f2b-4563-aa32-f47333bd4be8If someone was able to provide a container that was spoofing as PostgreSQL, the service would not know that the response came from something other than PostgreSQL. However, PostgreSQL is run as a container on the EdgeX Docker network. Replacing/spoofing the PostgreSQL container would require privileaged (root) access to the host. Additional adopter mitigation would include putting TLS in place between EdgeX and PostgreSQL (with TLS cert in place). A spoofing service (in this case PostgreSQL), would not have the appropriate cert in place to participate in the communications. Database host and port are part of services' configuration (covered under threats against configuration)
Additional mitigation when EdgeX container images are signed (e.g., with Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: an attacker cannot substitute a tampered or imposter image for the PostgreSQL container via a compromised registry, a man-in-the-middle of `docker pull`, or a tampered local image cache. The signing key must be protected by an HSM or KMS and verification must be enforced by the runtime (for example a cosign policy controller or content-trust-enabled daemon). Image signing covers image authenticity only; pair it with SBOM and SLSA provenance attestations for build-time integrity and with timely patching, because a legitimately signed image with an exploitable flaw is still exploitable. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated58b84b43-4e8b-4225-9c3a-695e45e8cbc4S7.1falsefalseT609b85d08-5274-4c51-b43f-ccba994f67b8724fe5dc-12cf-46b4-b9c9-3739376a494558b84b43-4e8b-4225-9c3a-695e45e8cbc4DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3e724fe5dc-12cf-46b4-b9c9-3739376a494518409b85d08-5274-4c51-b43f-ccba994f67b8:724fe5dc-12cf-46b4-b9c9-3739376a4945:58b84b43-4e8b-4225-9c3a-695e45e8cbc42026-05-08T17:44:25.6048623+08:00LowTitleAuthenticated Data Flow CompromisedUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionAn attacker can read or modify data transmitted over an authenticated dataflow.InteractionStringqueries & data3302d8cb-4f2b-4563-aa32-f47333bd4be8EdgeX containers communicate via a Docker network. Docker containers do not share the host's network interface by default and instead is based on virtual ethernet adapters and bridges. A hacker would need to gain access to the host and have elevated privileages on the host to access the network traffic. For additional security, EdgeX can also run in a rootless Docker environment (see: https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/). If an adopter deploys EdgeX services in a distributed environment across multiple hosts, overlay network encryption can be enabled to secure inter-host communication (see example: https://github.com/edgexfoundry/edgex-examples/tree/update-custom-trigger-multiple-pipelines/security/remote_devices/docker-swarm)PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated58b84b43-4e8b-4225-9c3a-695e45e8cbc4T6falsefalseT709b85d08-5274-4c51-b43f-ccba994f67b8724fe5dc-12cf-46b4-b9c9-3739376a494558b84b43-4e8b-4225-9c3a-695e45e8cbc4CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e724fe5dc-12cf-46b4-b9c9-3739376a494518509b85d08-5274-4c51-b43f-ccba994f67b8:724fe5dc-12cf-46b4-b9c9-3739376a4945:58b84b43-4e8b-4225-9c3a-695e45e8cbc42025-08-13T19:02:10.9528009+08:00LowTitlePotential SQL Injection Vulnerability for PostgreSQLUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.InteractionStringqueries & data3302d8cb-4f2b-4563-aa32-f47333bd4be8EdgeX peresistence implementation uses the golang with proper SQL statements to prevent any SQL injection
https://go.dev/doc/database/sql-injectionPriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated58b84b43-4e8b-4225-9c3a-695e45e8cbc4T7falsefalseD209b85d08-5274-4c51-b43f-ccba994f67b8724fe5dc-12cf-46b4-b9c9-3739376a494558b84b43-4e8b-4225-9c3a-695e45e8cbc4CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3e724fe5dc-12cf-46b4-b9c9-3739376a494518609b85d08-5274-4c51-b43f-ccba994f67b8:724fe5dc-12cf-46b4-b9c9-3739376a4945:58b84b43-4e8b-4225-9c3a-695e45e8cbc42025-08-13T18:48:04.8488447+08:00LowTitlePotential Excessive Resource Consumption for EdgeX Foundry or PostgreSQLUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionDoes EdgeX Foundry or PostgreSQL take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.InteractionStringqueries & data3302d8cb-4f2b-4563-aa32-f47333bd4be8PostgreSQL runs as a container in a Docker network that, by default with security on, does not allow direct access to the database. Access to query or push data into it to cause it to use excessive resources would require authorized access to the host as the port to the database is protected. In other words, EdgeX mitigates unauthorized attacks resulting in DoS event, but would not mitigate authorized attacks (such as a service making too many queries or pushing to much data into it) that result in a DoS event. EdgeX does have a routine with customizable configuration that "cleans up" and removes older data so that "normal" or otherwise expected use of the database for persistenct does not result in DoS.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed09b85d08-5274-4c51-b43f-ccba994f67b8Mitigated58b84b43-4e8b-4225-9c3a-695e45e8cbc4D2falsefalseS758b84b43-4e8b-4225-9c3a-695e45e8cbc4ee9ec15e-56bb-4e08-ba1f-0ab578c236eb09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3eee9ec15e-56bb-4e08-ba1f-0ab578c236eb18758b84b43-4e8b-4225-9c3a-695e45e8cbc4:ee9ec15e-56bb-4e08-ba1f-0ab578c236eb:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-12T16:07:40.2232698+08:00LowTitleSpoofing of Source Data Store PostgreSQLUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionPostgreSQL may be spoofed by an attacker and this may lead to incorrect data delivered to EdgeX Foundry. Consider using a standard authentication mechanism to identify the source data store.InteractionStringdata3302d8cb-4f2b-4563-aa32-f47333bd4be8If someone was able to provide a container that was spoofing as PostgreSQL , the service would not know that the response came from something other than PostgreSQL. However, PostgreSQL is run as a container on the EdgeX Docker network. Replacing/spoofing the PostgreSQL container would require privileaged (root) access to the host. Additional adopter mitigation would include putting TLS in place between EdgeX and PostgreSQL (with TLS cert in place). A spoofing service (in this case PostgreSQL), would not have the appropriate cert in place to participate in the communications.
Additional mitigation when EdgeX container images are signed (e.g., with Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: an attacker cannot substitute a tampered or imposter image for the PostgreSQL container via a compromised registry, a man-in-the-middle of `docker pull`, or a tampered local image cache. The signing key must be protected by an HSM or KMS and verification must be enforced by the runtime (for example a cosign policy controller or content-trust-enabled daemon). Image signing covers image authenticity only; pair it with SBOM and SLSA provenance attestations for build-time integrity and with timely patching, because a legitimately signed image with an exploitable flaw is still exploitable. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed58b84b43-4e8b-4225-9c3a-695e45e8cbc4Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8S7falsefalseT658b84b43-4e8b-4225-9c3a-695e45e8cbc4ee9ec15e-56bb-4e08-ba1f-0ab578c236eb09b85d08-5274-4c51-b43f-ccba994f67b8DESKTOP-RLHC3VQ\cchou09e889f5-eba7-42f5-b7ce-0768e1ba3a3eee9ec15e-56bb-4e08-ba1f-0ab578c236eb18858b84b43-4e8b-4225-9c3a-695e45e8cbc4:ee9ec15e-56bb-4e08-ba1f-0ab578c236eb:09b85d08-5274-4c51-b43f-ccba994f67b82026-05-08T17:49:38.736989+08:00LowTitleAuthenticated Data Flow CompromisedUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionAn attacker can read or modify data transmitted over an authenticated dataflow.InteractionStringdata3302d8cb-4f2b-4563-aa32-f47333bd4be8EdgeX containers communicate via a Docker network. A hacker would need to gain access to the host and have elevated privileages on the host to access the network traffic. For additional security, EdgeX can also run in a rootless Docker environment (see: https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/). If an adopter deploys EdgeX services in a distributed environment across multiple hosts, overlay network encryption can be enabled to secure inter-host communication (see example: https://github.com/edgexfoundry/edgex-examples/tree/update-custom-trigger-multiple-pipelines/security/remote_devices/docker-swarm)PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed58b84b43-4e8b-4225-9c3a-695e45e8cbc4Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8T6falsefalseI2358b84b43-4e8b-4225-9c3a-695e45e8cbc4ee9ec15e-56bb-4e08-ba1f-0ab578c236eb09b85d08-5274-4c51-b43f-ccba994f67b8CLOUDALIENFIRE\loncl09e889f5-eba7-42f5-b7ce-0768e1ba3a3eee9ec15e-56bb-4e08-ba1f-0ab578c236eb18958b84b43-4e8b-4225-9c3a-695e45e8cbc4:ee9ec15e-56bb-4e08-ba1f-0ab578c236eb:09b85d08-5274-4c51-b43f-ccba994f67b82025-08-13T18:52:42.4206473+08:00LowTitleWeak Access Control for a ResourceUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionImproper data protection of PostgreSQL can allow an attacker to read information not intended for disclosure. Review authorization settings.InteractionStringdata3302d8cb-4f2b-4563-aa32-f47333bd4be8Access control credentials for PostgreSQL are secured in SecretStore (provided to EdgeX services at bootstrapping but otherwise unknown). Access without credentials is denied.PriorityLowf42499a2-b1a0-445b-88ac-f22aa5dc4e09EdgeX Foundry7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewed58b84b43-4e8b-4225-9c3a-695e45e8cbc4Mitigated09b85d08-5274-4c51-b43f-ccba994f67b8I23falsefalseT2cb803704-e604-4205-93fd-a1775d708e4a613c1956-91ed-4c75-8fd2-d063724429985db4ad5d-2141-4119-9450-d1aef2f2c942DESKTOP-RLHC3VQ\cchou13641e12-f20c-4227-9962-e21d4198570d613c1956-91ed-4c75-8fd2-d06372442998190cb803704-e604-4205-93fd-a1775d708e4a:613c1956-91ed-4c75-8fd2-d06372442998:5db4ad5d-2141-4119-9450-d1aef2f2c9422026-05-12T17:57:02.5464725+08:00HighTitleOpenBao Server (Hosted on Device) Process Memory TamperedUserThreatCategoryUser-definedUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionIf OpenBao Server (Hosted on Device) is given access to memory, such as shared memory or pointers, or is given the ability to control what Client executes (for example, passing back a function pointer.), then OpenBao Server (Hosted on Device) can tamper with Client. Consider if the function could work with less access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8Mitigation when running EdgeX in rootless Docker: user-namespace and PID-namespace isolation means a compromised service cannot ptrace, signal or read the memory of processes in sibling containers. UID 0 inside container A maps to a different unprivileged host UID than UID 0 inside container B, so cross-service in-memory tampering via /proc, ptrace or shared kernel facilities is blocked unless the attacker first compromises the unprivileged host user that owns the rootless daemon. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aAutoGenerated5db4ad5d-2141-4119-9450-d1aef2f2c942T2falsefalseT3cb803704-e604-4205-93fd-a1775d708e4a613c1956-91ed-4c75-8fd2-d063724429985db4ad5d-2141-4119-9450-d1aef2f2c942EATON\E073993913641e12-f20c-4227-9962-e21d4198570d613c1956-91ed-4c75-8fd2-d06372442998191cb803704-e604-4205-93fd-a1775d708e4a:613c1956-91ed-4c75-8fd2-d06372442998:5db4ad5d-2141-4119-9450-d1aef2f2c9422025-09-24T19:46:44.3695646+08:00HighTitleReplay AttacksUserThreatCategorySpoofingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionPackets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways. Implement or utilize an existing communication protocol that supports anti-replay techniques (investigate sequence numbers before timers) and strong integrity.InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aAutoGenerated5db4ad5d-2141-4119-9450-d1aef2f2c942T3falsefalseT4cb803704-e604-4205-93fd-a1775d708e4a613c1956-91ed-4c75-8fd2-d063724429985db4ad5d-2141-4119-9450-d1aef2f2c942EATON\E073993913641e12-f20c-4227-9962-e21d4198570d613c1956-91ed-4c75-8fd2-d06372442998192cb803704-e604-4205-93fd-a1775d708e4a:613c1956-91ed-4c75-8fd2-d06372442998:5db4ad5d-2141-4119-9450-d1aef2f2c9422025-09-24T19:47:18.3099512+08:00HighTitleCollision AttacksUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionAttackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before filtering it, and ensure you explicitly handle these sorts of cases.InteractionStringResponsePriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aNotApplicable5db4ad5d-2141-4119-9450-d1aef2f2c942T4falsefalseR6cb803704-e604-4205-93fd-a1775d708e4a613c1956-91ed-4c75-8fd2-d063724429985db4ad5d-2141-4119-9450-d1aef2f2c942EATON\E073993913641e12-f20c-4227-9962-e21d4198570d613c1956-91ed-4c75-8fd2-d06372442998193cb803704-e604-4205-93fd-a1775d708e4a:613c1956-91ed-4c75-8fd2-d06372442998:5db4ad5d-2141-4119-9450-d1aef2f2c9422025-09-24T19:47:41.1407146+08:00HighTitlePotential Data Repudiation by ClientUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionClient claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringResponsePriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aNotApplicable5db4ad5d-2141-4119-9450-d1aef2f2c942R6falsefalseI26cb803704-e604-4205-93fd-a1775d708e4a613c1956-91ed-4c75-8fd2-d063724429985db4ad5d-2141-4119-9450-d1aef2f2c942EATON\E073993913641e12-f20c-4227-9962-e21d4198570d613c1956-91ed-4c75-8fd2-d06372442998194cb803704-e604-4205-93fd-a1775d708e4a:613c1956-91ed-4c75-8fd2-d06372442998:5db4ad5d-2141-4119-9450-d1aef2f2c9422025-09-25T00:39:59.922386+08:00HighTitleWeak Authentication SchemeUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionCustom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system. Consider the impact and potential mitigations for your custom authentication scheme.InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8Role based access need to be present.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aNeedsInvestigation5db4ad5d-2141-4119-9450-d1aef2f2c942I26falsefalseD3cb803704-e604-4205-93fd-a1775d708e4a613c1956-91ed-4c75-8fd2-d063724429985db4ad5d-2141-4119-9450-d1aef2f2c942EATON\E073993913641e12-f20c-4227-9962-e21d4198570d613c1956-91ed-4c75-8fd2-d06372442998195cb803704-e604-4205-93fd-a1775d708e4a:613c1956-91ed-4c75-8fd2-d06372442998:5db4ad5d-2141-4119-9450-d1aef2f2c9422025-09-25T00:40:31.6895488+08:00HighTitlePotential Process Crash or Stop for ClientUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionClient crashes, halts, stops or runs slowly; in all cases violating an availability metric.InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8if client crashes, the problem would be on the client side.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aNotApplicable5db4ad5d-2141-4119-9450-d1aef2f2c942D3falsefalseD4cb803704-e604-4205-93fd-a1775d708e4a613c1956-91ed-4c75-8fd2-d063724429985db4ad5d-2141-4119-9450-d1aef2f2c942EATON\E073993913641e12-f20c-4227-9962-e21d4198570d613c1956-91ed-4c75-8fd2-d06372442998196cb803704-e604-4205-93fd-a1775d708e4a:613c1956-91ed-4c75-8fd2-d06372442998:5db4ad5d-2141-4119-9450-d1aef2f2c9422025-09-25T01:34:39.5164093+08:00HighTitleData Flow Response Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.InteractionStringResponsePriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aNotApplicable5db4ad5d-2141-4119-9450-d1aef2f2c942D4falsefalseE5cb803704-e604-4205-93fd-a1775d708e4a613c1956-91ed-4c75-8fd2-d063724429985db4ad5d-2141-4119-9450-d1aef2f2c942DESKTOP-RLHC3VQ\cchou13641e12-f20c-4227-9962-e21d4198570d613c1956-91ed-4c75-8fd2-d06372442998197cb803704-e604-4205-93fd-a1775d708e4a:613c1956-91ed-4c75-8fd2-d06372442998:5db4ad5d-2141-4119-9450-d1aef2f2c9422026-05-12T17:57:43.800406+08:00HighTitleElevation Using ImpersonationUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionClient may be able to impersonate the context of OpenBao Server (Hosted on Device) in order to gain additional privilege.InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8Mitigation when running EdgeX in rootless Docker: impersonating an EdgeX service from another local process requires access to the host system and the Docker network. Under rootless Docker the daemon, its socket (/run/user/<uid>/docker.sock) and the bridge network are owned by an unprivileged user, and a compromised container cannot escalate to host root to attach to that network or manipulate other containers. The attacker must first compromise the specific unprivileged user that owns the rootless daemon, raising the bar significantly compared with rootful deployments. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aNotApplicable5db4ad5d-2141-4119-9450-d1aef2f2c942E5falsefalseE6cb803704-e604-4205-93fd-a1775d708e4a613c1956-91ed-4c75-8fd2-d063724429985db4ad5d-2141-4119-9450-d1aef2f2c942DESKTOP-RLHC3VQ\cchou13641e12-f20c-4227-9962-e21d4198570d613c1956-91ed-4c75-8fd2-d06372442998198cb803704-e604-4205-93fd-a1775d708e4a:613c1956-91ed-4c75-8fd2-d06372442998:5db4ad5d-2141-4119-9450-d1aef2f2c9422026-05-12T17:58:15.0280893+08:00HighTitleClient May be Subject to Elevation of Privilege Using Remote Code ExecutionUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionOpenBao Server (Hosted on Device) may be able to remotely execute code for Client.InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8Mitigation when running EdgeX in rootless Docker: even if remote code execution succeeds inside a service container, the attacker only obtains the privileges of the unprivileged host user that owns the rootless-Docker daemon, via user-namespace UID remapping. UID 0 inside the container is not UID 0 on the host, so post-exploit actions that normally rely on host root - loading kernel modules, attaching to other containers' processes, mounting host paths, opening raw sockets, or modifying system services - are blocked even after a successful container escape. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed and signature verification is enforced at pull or admission time (e.g., Sigstore/cosign with a policy controller, or a content-trust-enabled daemon): the supply-chain path for introducing a backdoored or maliciously rebuilt image is closed, provided the signing key is protected by an HSM or KMS. Signing does not prevent exploitation of a flaw inside a legitimately signed image, so it must be combined with SBOM and SLSA provenance attestations, vulnerability scanning of the signed artifact, and timely patching. See https://www.sigstore.dev/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aNotApplicable5db4ad5d-2141-4119-9450-d1aef2f2c942E6falsefalseE7cb803704-e604-4205-93fd-a1775d708e4a613c1956-91ed-4c75-8fd2-d063724429985db4ad5d-2141-4119-9450-d1aef2f2c942DESKTOP-RLHC3VQ\cchou13641e12-f20c-4227-9962-e21d4198570d613c1956-91ed-4c75-8fd2-d06372442998199cb803704-e604-4205-93fd-a1775d708e4a:613c1956-91ed-4c75-8fd2-d06372442998:5db4ad5d-2141-4119-9450-d1aef2f2c9422026-05-12T17:58:50.6411911+08:00HighTitleElevation by Changing the Execution Flow in ClientUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionAn attacker may pass data into Client in order to change the flow of program execution within Client to the attacker's choosing.InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8Mitigation when running EdgeX in rootless Docker: even if remote code execution succeeds inside a service container, the attacker only obtains the privileges of the unprivileged host user that owns the rootless-Docker daemon, via user-namespace UID remapping. UID 0 inside the container is not UID 0 on the host, so post-exploit actions that normally rely on host root - loading kernel modules, attaching to other containers' processes, mounting host paths, opening raw sockets, or modifying system services - are blocked even after a successful container escape. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed and signature verification is enforced at pull or admission time (e.g., Sigstore/cosign with a policy controller, or a content-trust-enabled daemon): the supply-chain path for introducing a backdoored or maliciously rebuilt image is closed, provided the signing key is protected by an HSM or KMS. Signing does not prevent exploitation of a flaw inside a legitimately signed image, so it must be combined with SBOM and SLSA provenance attestations, vulnerability scanning of the signed artifact, and timely patching. See https://www.sigstore.dev/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aNeedsInvestigation5db4ad5d-2141-4119-9450-d1aef2f2c942E7falsefalse8404dcf5-bdd8-4902-abc2-3b6c967b0261cb803704-e604-4205-93fd-a1775d708e4a613c1956-91ed-4c75-8fd2-d063724429985db4ad5d-2141-4119-9450-d1aef2f2c942EATON\E073993913641e12-f20c-4227-9962-e21d4198570d613c1956-91ed-4c75-8fd2-d06372442998200cb803704-e604-4205-93fd-a1775d708e4a:613c1956-91ed-4c75-8fd2-d06372442998:5db4ad5d-2141-4119-9450-d1aef2f2c9422025-09-24T19:49:26.1923085+08:00HighTitleCross Site Request ForgeryUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionCross-site request forgery (CSRF or XSRF) is a type of attack in which an attacker forces a user's browser to make a forged request to a vulnerable site by exploiting an existing trust relationship between the browser and the vulnerable web site. In a simple scenario, a user is logged in to web site A using a cookie as a credential. The other browses to web site B. Web site B returns a page with a hidden form that posts to web site A. Since the browser will carry the user's cookie to web site A, web site B now can take any action on web site A, for example, adding an admin to an account. The attack can be used to exploit any requests that the browser automatically authenticates, e.g. by session cookie, integrated authentication, IP whitelisting. The attack can be carried out in many ways such as by luring the victim to a site under control of the attacker, getting the user to click a link in a phishing email, or hacking a reputable web site that the victim will visit. The issue can only be resolved on the server side by requiring that all authenticated state-changing requests include an additional piece of secret payload (canary or CSRF token) which is known only to the legitimate web site and the browser and which is protected in transit through SSL/TLS. See the Forgery Protection property on the flow stencil for a list of mitigations.InteractionStringResponsePriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aNeedsInvestigation5db4ad5d-2141-4119-9450-d1aef2f2c9428404dcf5-bdd8-4902-abc2-3b6c967b0261falsefalseT35db4ad5d-2141-4119-9450-d1aef2f2c942cdee3569-dba8-4587-9400-ad82110f834acb803704-e604-4205-93fd-a1775d708e4aEATON\E073993913641e12-f20c-4227-9962-e21d4198570dcdee3569-dba8-4587-9400-ad82110f834a2015db4ad5d-2141-4119-9450-d1aef2f2c942:cdee3569-dba8-4587-9400-ad82110f834a:cb803704-e604-4205-93fd-a1775d708e4a2025-09-24T19:49:37.1575311+08:00HighTitleReplay AttacksUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionPackets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways. Implement or utilize an existing communication protocol that supports anti-replay techniques (investigate sequence numbers before timers) and strong integrity.InteractionStringRequestPriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation needed5db4ad5d-2141-4119-9450-d1aef2f2c942NotApplicablecb803704-e604-4205-93fd-a1775d708e4aT3falsefalseT45db4ad5d-2141-4119-9450-d1aef2f2c942cdee3569-dba8-4587-9400-ad82110f834acb803704-e604-4205-93fd-a1775d708e4aEATON\E073993913641e12-f20c-4227-9962-e21d4198570dcdee3569-dba8-4587-9400-ad82110f834a2025db4ad5d-2141-4119-9450-d1aef2f2c942:cdee3569-dba8-4587-9400-ad82110f834a:cb803704-e604-4205-93fd-a1775d708e4a2025-09-25T01:29:02.3392126+08:00HighTitleCollision AttacksUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionAttackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before filtering it, and ensure you explicitly handle these sorts of cases.InteractionStringRequestPriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation needed5db4ad5d-2141-4119-9450-d1aef2f2c942NeedsInvestigationcb803704-e604-4205-93fd-a1775d708e4aT4falsefalseR65db4ad5d-2141-4119-9450-d1aef2f2c942cdee3569-dba8-4587-9400-ad82110f834acb803704-e604-4205-93fd-a1775d708e4aEATON\E073993913641e12-f20c-4227-9962-e21d4198570dcdee3569-dba8-4587-9400-ad82110f834a2035db4ad5d-2141-4119-9450-d1aef2f2c942:cdee3569-dba8-4587-9400-ad82110f834a:cb803704-e604-4205-93fd-a1775d708e4a2025-09-25T01:29:38.1687333+08:00HighTitlePotential Data Repudiation by OpenBao Server (Hosted on Device) UserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionOpenBao Server (Hosted on Device) claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringRequest3302d8cb-4f2b-4563-aa32-f47333bd4be8Data repudiation is not possible coz openbao logs everything related to its encryption services.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation needed5db4ad5d-2141-4119-9450-d1aef2f2c942Mitigatedcb803704-e604-4205-93fd-a1775d708e4aR6falsefalseI265db4ad5d-2141-4119-9450-d1aef2f2c942cdee3569-dba8-4587-9400-ad82110f834acb803704-e604-4205-93fd-a1775d708e4aEATON\E073993913641e12-f20c-4227-9962-e21d4198570dcdee3569-dba8-4587-9400-ad82110f834a2045db4ad5d-2141-4119-9450-d1aef2f2c942:cdee3569-dba8-4587-9400-ad82110f834a:cb803704-e604-4205-93fd-a1775d708e4a2025-09-25T01:30:20.8685078+08:00HighTitleWeak Authentication SchemeUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionCustom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system. Consider the impact and potential mitigations for your custom authentication scheme.InteractionStringRequest3302d8cb-4f2b-4563-aa32-f47333bd4be8Role based access would enable strong authentication mechanism. Need to investigate.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation needed5db4ad5d-2141-4119-9450-d1aef2f2c942NeedsInvestigationcb803704-e604-4205-93fd-a1775d708e4aI26falsefalseD35db4ad5d-2141-4119-9450-d1aef2f2c942cdee3569-dba8-4587-9400-ad82110f834acb803704-e604-4205-93fd-a1775d708e4aEATON\E073993913641e12-f20c-4227-9962-e21d4198570dcdee3569-dba8-4587-9400-ad82110f834a2055db4ad5d-2141-4119-9450-d1aef2f2c942:cdee3569-dba8-4587-9400-ad82110f834a:cb803704-e604-4205-93fd-a1775d708e4a2025-09-25T01:30:49.170343+08:00HighTitlePotential Process Crash or Stop for OpenBao Server (Hosted on Device) UserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionOpenBao Server (Hosted on Device) crashes, halts, stops or runs slowly; in all cases violating an availability metric.InteractionStringRequest3302d8cb-4f2b-4563-aa32-f47333bd4be8Client crashing is not applicable for this threat model.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation needed5db4ad5d-2141-4119-9450-d1aef2f2c942NeedsInvestigationcb803704-e604-4205-93fd-a1775d708e4aD3falsefalseD45db4ad5d-2141-4119-9450-d1aef2f2c942cdee3569-dba8-4587-9400-ad82110f834acb803704-e604-4205-93fd-a1775d708e4aEATON\E073993913641e12-f20c-4227-9962-e21d4198570dcdee3569-dba8-4587-9400-ad82110f834a2065db4ad5d-2141-4119-9450-d1aef2f2c942:cdee3569-dba8-4587-9400-ad82110f834a:cb803704-e604-4205-93fd-a1775d708e4a2025-09-25T01:32:19.6527482+08:00HighTitleData Flow Request Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.InteractionStringRequest3302d8cb-4f2b-4563-aa32-f47333bd4be8Out of scope of this threat model.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation needed5db4ad5d-2141-4119-9450-d1aef2f2c942NotApplicablecb803704-e604-4205-93fd-a1775d708e4aD4falsefalseE55db4ad5d-2141-4119-9450-d1aef2f2c942cdee3569-dba8-4587-9400-ad82110f834acb803704-e604-4205-93fd-a1775d708e4aDESKTOP-RLHC3VQ\cchou13641e12-f20c-4227-9962-e21d4198570dcdee3569-dba8-4587-9400-ad82110f834a2075db4ad5d-2141-4119-9450-d1aef2f2c942:cdee3569-dba8-4587-9400-ad82110f834a:cb803704-e604-4205-93fd-a1775d708e4a2026-05-12T17:54:15.4210076+08:00HighTitleElevation Using ImpersonationUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionOpenBao Server (Hosted on Device) may be able to impersonate the context of Client in order to gain additional privilege.InteractionStringRequest3302d8cb-4f2b-4563-aa32-f47333bd4be8Role based access would mitigate this.
Additional mitigation when running EdgeX in rootless Docker: impersonating an EdgeX service from another local process requires access to the host system and the Docker network. Under rootless Docker the daemon, its socket (/run/user/<uid>/docker.sock) and the bridge network are owned by an unprivileged user, and a compromised container cannot escalate to host root to attach to that network or manipulate other containers. The attacker must first compromise the specific unprivileged user that owns the rootless daemon, raising the bar significantly compared with rootful deployments. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation needed5db4ad5d-2141-4119-9450-d1aef2f2c942NeedsInvestigationcb803704-e604-4205-93fd-a1775d708e4aE5falsefalseE65db4ad5d-2141-4119-9450-d1aef2f2c942cdee3569-dba8-4587-9400-ad82110f834acb803704-e604-4205-93fd-a1775d708e4aDESKTOP-RLHC3VQ\cchou13641e12-f20c-4227-9962-e21d4198570dcdee3569-dba8-4587-9400-ad82110f834a2085db4ad5d-2141-4119-9450-d1aef2f2c942:cdee3569-dba8-4587-9400-ad82110f834a:cb803704-e604-4205-93fd-a1775d708e4a2026-05-12T17:55:31.1585953+08:00HighTitleOpenBao Server (Hosted on Device) May be Subject to Elevation of Privilege Using Remote Code ExecutionUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionClient may be able to remotely execute code for OpenBao Server (Hosted on Device) .InteractionStringRequest3302d8cb-4f2b-4563-aa32-f47333bd4be8Overflows in data, or remote code execution needs investigation. PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation needed5db4ad5d-2141-4119-9450-d1aef2f2c942NeedsInvestigationcb803704-e604-4205-93fd-a1775d708e4aE6falsefalseE75db4ad5d-2141-4119-9450-d1aef2f2c942cdee3569-dba8-4587-9400-ad82110f834acb803704-e604-4205-93fd-a1775d708e4aDESKTOP-RLHC3VQ\cchou13641e12-f20c-4227-9962-e21d4198570dcdee3569-dba8-4587-9400-ad82110f834a2095db4ad5d-2141-4119-9450-d1aef2f2c942:cdee3569-dba8-4587-9400-ad82110f834a:cb803704-e604-4205-93fd-a1775d708e4a2026-05-12T17:56:12.3098778+08:00HighTitleElevation by Changing the Execution Flow in OpenBao Server (Hosted on Device) UserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionAn attacker may pass data into OpenBao Server (Hosted on Device) in order to change the flow of program execution within OpenBao Server (Hosted on Device) to the attacker's choosing.InteractionStringRequest3302d8cb-4f2b-4563-aa32-f47333bd4be8Role based access would mitigate this.
Additional mitigation when running EdgeX in rootless Docker: even if remote code execution succeeds inside a service container, the attacker only obtains the privileges of the unprivileged host user that owns the rootless-Docker daemon, via user-namespace UID remapping. UID 0 inside the container is not UID 0 on the host, so post-exploit actions that normally rely on host root - loading kernel modules, attaching to other containers' processes, mounting host paths, opening raw sockets, or modifying system services - are blocked even after a successful container escape. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed and signature verification is enforced at pull or admission time (e.g., Sigstore/cosign with a policy controller, or a content-trust-enabled daemon): the supply-chain path for introducing a backdoored or maliciously rebuilt image is closed, provided the signing key is protected by an HSM or KMS. Signing does not prevent exploitation of a flaw inside a legitimately signed image, so it must be combined with SBOM and SLSA provenance attestations, vulnerability scanning of the signed artifact, and timely patching. See https://www.sigstore.dev/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation needed5db4ad5d-2141-4119-9450-d1aef2f2c942AutoGeneratedcb803704-e604-4205-93fd-a1775d708e4aE7falsefalseS7.1cb803704-e604-4205-93fd-a1775d708e4a8978d012-5991-429d-a4ed-6491fe112cafd7889a6e-fba0-4d5c-9699-626489c0c69eDESKTOP-RLHC3VQ\cchou13641e12-f20c-4227-9962-e21d4198570d8978d012-5991-429d-a4ed-6491fe112caf210cb803704-e604-4205-93fd-a1775d708e4a:8978d012-5991-429d-a4ed-6491fe112caf:d7889a6e-fba0-4d5c-9699-626489c0c69e2026-05-12T17:51:32.9041046+08:00HighTitleSpoofing of Destination Data Store StorageUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionTPM may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of TPM. Consider using a standard authentication mechanism to identify the destination data store.InteractionStringPKCS11 Request3302d8cb-4f2b-4563-aa32-f47333bd4be8Spoofing is not possible with TPMPriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aMitigatedd7889a6e-fba0-4d5c-9699-626489c0c69eS7.1falsefalseT18cb803704-e604-4205-93fd-a1775d708e4a8978d012-5991-429d-a4ed-6491fe112cafd7889a6e-fba0-4d5c-9699-626489c0c69eDESKTOP-RLHC3VQ\cchou13641e12-f20c-4227-9962-e21d4198570d8978d012-5991-429d-a4ed-6491fe112caf211cb803704-e604-4205-93fd-a1775d708e4a:8978d012-5991-429d-a4ed-6491fe112caf:d7889a6e-fba0-4d5c-9699-626489c0c69e2026-05-12T17:52:04.9217407+08:00HighTitleThe Storage Data Store Could Be CorruptedUserThreatCategoryTamperingUserThreatShortDescriptionTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.UserThreatDescriptionData flowing across PKCS11 Request may be tampered with by an attacker. This may lead to corruption of TPM. Ensure the integrity of the data flow to the data store.InteractionStringPKCS11 Request3302d8cb-4f2b-4563-aa32-f47333bd4be8TPM is believed not to be corrupted.
Additional mitigation when running EdgeX in rootless Docker: container layers and bind-mounted volumes (including OpenBao's storage backend, log directories and key material) are owned by the unprivileged host user that runs the rootless daemon and live under that user's $XDG_DATA_HOME/docker tree, not under root-owned host paths. Other host users and escaped containers cannot bypass in-application access controls by reading or writing those files directly. This raises the cost of any filesystem-level disclosure or tampering attack but does not remove the need for at-rest encryption of the data the rootless user does control. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aAutoGeneratedd7889a6e-fba0-4d5c-9699-626489c0c69eT18falsefalseR8cb803704-e604-4205-93fd-a1775d708e4a8978d012-5991-429d-a4ed-6491fe112cafd7889a6e-fba0-4d5c-9699-626489c0c69eEATON\E073993913641e12-f20c-4227-9962-e21d4198570d8978d012-5991-429d-a4ed-6491fe112caf212cb803704-e604-4205-93fd-a1775d708e4a:8978d012-5991-429d-a4ed-6491fe112caf:d7889a6e-fba0-4d5c-9699-626489c0c69e2025-09-25T01:34:27.1992446+08:00HighTitleData Store Denies Storage Potentially Writing DataUserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionTPM claims that it did not write data received from an entity on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringPKCS11 Request3302d8cb-4f2b-4563-aa32-f47333bd4be8It is mitigated using pkcs11 interface. If there is an error with PKCS11 interface, it would log,PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aMitigatedd7889a6e-fba0-4d5c-9699-626489c0c69eR8falsefalseI2cb803704-e604-4205-93fd-a1775d708e4a8978d012-5991-429d-a4ed-6491fe112cafd7889a6e-fba0-4d5c-9699-626489c0c69eEATON\E073993913641e12-f20c-4227-9962-e21d4198570d8978d012-5991-429d-a4ed-6491fe112caf213cb803704-e604-4205-93fd-a1775d708e4a:8978d012-5991-429d-a4ed-6491fe112caf:d7889a6e-fba0-4d5c-9699-626489c0c69e2025-09-24T19:50:16.7543033+08:00HighTitleAuthorization BypassUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionCan you access TPM and bypass the permissions for the object? For example by editing the files directly with a hex editor, or reaching it via filesharing? Ensure that your program is the only one that can access the data, and that all other subjects have to use your interface.InteractionStringPKCS11 RequestPriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aMitigatedd7889a6e-fba0-4d5c-9699-626489c0c69eI2falsefalseI24cb803704-e604-4205-93fd-a1775d708e4a8978d012-5991-429d-a4ed-6491fe112cafd7889a6e-fba0-4d5c-9699-626489c0c69eDESKTOP-RLHC3VQ\cchou13641e12-f20c-4227-9962-e21d4198570d8978d012-5991-429d-a4ed-6491fe112caf214cb803704-e604-4205-93fd-a1775d708e4a:8978d012-5991-429d-a4ed-6491fe112caf:d7889a6e-fba0-4d5c-9699-626489c0c69e2026-05-12T17:52:45.8920186+08:00HighTitleWeak Credential StorageUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionCredentials held at the server are often disclosed or tampered with and credentials stored on the client are often stolen. For server side, consider storing a salted hash of the credentials instead of storing the credentials themselves. If this is not possible due to business requirements, be sure to encrypt the credentials before storage, using an SDL-approved mechanism. For client side, if storing credentials is required, encrypt them and protect the data store in which they're storedInteractionStringPKCS11 Request3302d8cb-4f2b-4563-aa32-f47333bd4be8Additional mitigation when running EdgeX in rootless Docker: credential material persisted in container volumes (including OpenBao seal keys and SecretStore-issued tokens) is owned by an unprivileged host user, not root. A container escape only yields that unprivileged user's permissions, so attempts to exfiltrate credentials by reading host-level paths from a compromised neighbour container are blocked. Encryption (seal/unseal, salted hashes) remains the primary control; rootless Docker reduces the blast radius of a host-side compromise. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation reviewedcb803704-e604-4205-93fd-a1775d708e4aMitigatedd7889a6e-fba0-4d5c-9699-626489c0c69eI24falsefalseD2cb803704-e604-4205-93fd-a1775d708e4a8978d012-5991-429d-a4ed-6491fe112cafd7889a6e-fba0-4d5c-9699-626489c0c69eEATON\E073993913641e12-f20c-4227-9962-e21d4198570d8978d012-5991-429d-a4ed-6491fe112caf215cb803704-e604-4205-93fd-a1775d708e4a:8978d012-5991-429d-a4ed-6491fe112caf:d7889a6e-fba0-4d5c-9699-626489c0c69e2025-09-24T19:50:39.4854237+08:00HighTitlePotential Excessive Resource Consumption for OpenBao Server (Hosted on Device) or StorageUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionDoes OpenBao Server (Hosted on Device) or TPM take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.InteractionStringPKCS11 RequestPriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aMitigatedd7889a6e-fba0-4d5c-9699-626489c0c69eD2falsefalseD4cb803704-e604-4205-93fd-a1775d708e4a8978d012-5991-429d-a4ed-6491fe112cafd7889a6e-fba0-4d5c-9699-626489c0c69eEATON\E073993913641e12-f20c-4227-9962-e21d4198570d8978d012-5991-429d-a4ed-6491fe112caf216cb803704-e604-4205-93fd-a1775d708e4a:8978d012-5991-429d-a4ed-6491fe112caf:d7889a6e-fba0-4d5c-9699-626489c0c69e2025-09-24T19:50:52.682779+08:00HighTitleData Flow PKCS11 Request Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.InteractionStringPKCS11 RequestPriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aNeedsInvestigationd7889a6e-fba0-4d5c-9699-626489c0c69eD4falsefalseD5cb803704-e604-4205-93fd-a1775d708e4a8978d012-5991-429d-a4ed-6491fe112cafd7889a6e-fba0-4d5c-9699-626489c0c69eEATON\E073993913641e12-f20c-4227-9962-e21d4198570d8978d012-5991-429d-a4ed-6491fe112caf217cb803704-e604-4205-93fd-a1775d708e4a:8978d012-5991-429d-a4ed-6491fe112caf:d7889a6e-fba0-4d5c-9699-626489c0c69e2025-09-25T00:29:29.2131168+08:00HighTitleData Store InaccessibleUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent prevents access to a data store on the other side of the trust boundary.InteractionStringPKCS11 Request3302d8cb-4f2b-4563-aa32-f47333bd4be8It is assumed that TPM will always be always available. PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aNeedsInvestigationd7889a6e-fba0-4d5c-9699-626489c0c69eD5falsefalseS7d7889a6e-fba0-4d5c-9699-626489c0c69edb81ab77-7a67-45c3-b021-f9c4f37df9d0cb803704-e604-4205-93fd-a1775d708e4aEATON\E073993913641e12-f20c-4227-9962-e21d4198570ddb81ab77-7a67-45c3-b021-f9c4f37df9d0218d7889a6e-fba0-4d5c-9699-626489c0c69e:db81ab77-7a67-45c3-b021-f9c4f37df9d0:cb803704-e604-4205-93fd-a1775d708e4a2025-09-25T00:39:38.5718064+08:00HighTitleSpoofing of Source Data Store StorageUserThreatCategorySpoofingUserThreatShortDescriptionSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.UserThreatDescriptionTPM may be spoofed by an attacker and this may lead to incorrect data delivered to OpenBao Server (Hosted on Device) . Consider using a standard authentication mechanism to identify the source data store.InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8TPM cannot be spoofed.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededd7889a6e-fba0-4d5c-9699-626489c0c69eNotApplicablecb803704-e604-4205-93fd-a1775d708e4aS7falsefalseR6d7889a6e-fba0-4d5c-9699-626489c0c69edb81ab77-7a67-45c3-b021-f9c4f37df9d0cb803704-e604-4205-93fd-a1775d708e4aEATON\E073993913641e12-f20c-4227-9962-e21d4198570ddb81ab77-7a67-45c3-b021-f9c4f37df9d0219d7889a6e-fba0-4d5c-9699-626489c0c69e:db81ab77-7a67-45c3-b021-f9c4f37df9d0:cb803704-e604-4205-93fd-a1775d708e4a2025-09-25T00:39:21.541576+08:00HighTitlePotential Data Repudiation by OpenBao Server (Hosted on Device) UserThreatCategoryRepudiationUserThreatShortDescriptionRepudiation threats involve an adversary denying that something happened.UserThreatDescriptionOpenBao Server (Hosted on Device) claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8Since OpenBao mantians record of all the events, its not easy to Deny users action. Each key would have its record of TTL, no of times used and date its created.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededd7889a6e-fba0-4d5c-9699-626489c0c69eNotApplicablecb803704-e604-4205-93fd-a1775d708e4aR6falsefalseI23d7889a6e-fba0-4d5c-9699-626489c0c69edb81ab77-7a67-45c3-b021-f9c4f37df9d0cb803704-e604-4205-93fd-a1775d708e4aEATON\E073993913641e12-f20c-4227-9962-e21d4198570ddb81ab77-7a67-45c3-b021-f9c4f37df9d0220d7889a6e-fba0-4d5c-9699-626489c0c69e:db81ab77-7a67-45c3-b021-f9c4f37df9d0:cb803704-e604-4205-93fd-a1775d708e4a2025-09-25T00:30:31.3901272+08:00HighTitleWeak Access Control for a ResourceUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionImproper data protection of TPM can allow an attacker to read information not intended for disclosure. Review authorization settings.InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8Need to investigate more on Role based access in OpenBaoPriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededd7889a6e-fba0-4d5c-9699-626489c0c69eNeedsInvestigationcb803704-e604-4205-93fd-a1775d708e4aI23falsefalseD3d7889a6e-fba0-4d5c-9699-626489c0c69edb81ab77-7a67-45c3-b021-f9c4f37df9d0cb803704-e604-4205-93fd-a1775d708e4aEATON\E073993913641e12-f20c-4227-9962-e21d4198570ddb81ab77-7a67-45c3-b021-f9c4f37df9d0221d7889a6e-fba0-4d5c-9699-626489c0c69e:db81ab77-7a67-45c3-b021-f9c4f37df9d0:cb803704-e604-4205-93fd-a1775d708e4a2025-09-25T00:38:31.2808848+08:00HighTitlePotential Process Crash or Stop for OpenBao Server (Hosted on Device) UserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionOpenBao Server (Hosted on Device) crashes, halts, stops or runs slowly; in all cases violating an availability metric.InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8Process crash could lead openbao to DOS. Need to investigate.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededd7889a6e-fba0-4d5c-9699-626489c0c69eNeedsInvestigationcb803704-e604-4205-93fd-a1775d708e4aD3falsefalseD4d7889a6e-fba0-4d5c-9699-626489c0c69edb81ab77-7a67-45c3-b021-f9c4f37df9d0cb803704-e604-4205-93fd-a1775d708e4aEATON\E073993913641e12-f20c-4227-9962-e21d4198570ddb81ab77-7a67-45c3-b021-f9c4f37df9d0222d7889a6e-fba0-4d5c-9699-626489c0c69e:db81ab77-7a67-45c3-b021-f9c4f37df9d0:cb803704-e604-4205-93fd-a1775d708e4a2025-09-25T00:38:08.9191412+08:00HighTitleData Flow Response Is Potentially InterruptedUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent interrupts data flowing across a trust boundary in either direction.InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8It is assumed that the TPM is always up and available.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededd7889a6e-fba0-4d5c-9699-626489c0c69eNotApplicablecb803704-e604-4205-93fd-a1775d708e4aD4falsefalseD5d7889a6e-fba0-4d5c-9699-626489c0c69edb81ab77-7a67-45c3-b021-f9c4f37df9d0cb803704-e604-4205-93fd-a1775d708e4aEATON\E073993913641e12-f20c-4227-9962-e21d4198570ddb81ab77-7a67-45c3-b021-f9c4f37df9d0223d7889a6e-fba0-4d5c-9699-626489c0c69e:db81ab77-7a67-45c3-b021-f9c4f37df9d0:cb803704-e604-4205-93fd-a1775d708e4a2025-09-25T00:37:55.0270148+08:00HighTitleData Store InaccessibleUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionAn external agent prevents access to a data store on the other side of the trust boundary.InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8It is assumed that the TPM is always up and available.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededd7889a6e-fba0-4d5c-9699-626489c0c69eNotApplicablecb803704-e604-4205-93fd-a1775d708e4aD5falsefalseE6d7889a6e-fba0-4d5c-9699-626489c0c69edb81ab77-7a67-45c3-b021-f9c4f37df9d0cb803704-e604-4205-93fd-a1775d708e4aEATON\E073993913641e12-f20c-4227-9962-e21d4198570ddb81ab77-7a67-45c3-b021-f9c4f37df9d0224d7889a6e-fba0-4d5c-9699-626489c0c69e:db81ab77-7a67-45c3-b021-f9c4f37df9d0:cb803704-e604-4205-93fd-a1775d708e4a2025-09-25T00:34:56.8663647+08:00HighTitleOpenBao Server (Hosted on Device) May be Subject to Elevation of Privilege Using Remote Code ExecutionUserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionTPM may be able to remotely execute code for OpenBao Server (Hosted on Device) .InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8Only specific users will have commands that talk to the TPM. OpenBao would have full access.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededd7889a6e-fba0-4d5c-9699-626489c0c69eNotApplicablecb803704-e604-4205-93fd-a1775d708e4aE6falsefalseE7d7889a6e-fba0-4d5c-9699-626489c0c69edb81ab77-7a67-45c3-b021-f9c4f37df9d0cb803704-e604-4205-93fd-a1775d708e4aDESKTOP-RLHC3VQ\cchou13641e12-f20c-4227-9962-e21d4198570ddb81ab77-7a67-45c3-b021-f9c4f37df9d0225d7889a6e-fba0-4d5c-9699-626489c0c69e:db81ab77-7a67-45c3-b021-f9c4f37df9d0:cb803704-e604-4205-93fd-a1775d708e4a2026-05-12T17:59:33.327522+08:00HighTitleElevation by Changing the Execution Flow in OpenBao Server (Hosted on Device) UserThreatCategoryElevation Of PrivilegeUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionAn attacker may pass data into OpenBao Server (Hosted on Device) in order to change the flow of program execution within OpenBao Server (Hosted on Device) to the attacker's choosing.InteractionStringResponse3302d8cb-4f2b-4563-aa32-f47333bd4be8Role based access should be present where OpenBao commands can be run with specific privilages.
Additional mitigation when running EdgeX in rootless Docker: even if remote code execution succeeds inside a service container, the attacker only obtains the privileges of the unprivileged host user that owns the rootless-Docker daemon, via user-namespace UID remapping. UID 0 inside the container is not UID 0 on the host, so post-exploit actions that normally rely on host root - loading kernel modules, attaching to other containers' processes, mounting host paths, opening raw sockets, or modifying system services - are blocked even after a successful container escape. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed and signature verification is enforced at pull or admission time (e.g., Sigstore/cosign with a policy controller, or a content-trust-enabled daemon): the supply-chain path for introducing a backdoored or maliciously rebuilt image is closed, provided the signing key is protected by an HSM or KMS. Signing does not prevent exploitation of a flaw inside a legitimately signed image, so it must be combined with SBOM and SLSA provenance attestations, vulnerability scanning of the signed artifact, and timely patching. See https://www.sigstore.dev/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededd7889a6e-fba0-4d5c-9699-626489c0c69eMitigatedcb803704-e604-4205-93fd-a1775d708e4aE7falsefalseS7.1cb803704-e604-4205-93fd-a1775d708e4a7f847e97-0bfb-4d3d-836c-baef8c0550a8a7d9df74-a466-4e44-bc7d-fb1b3f61072aEATON\E073993913641e12-f20c-4227-9962-e21d4198570d7f847e97-0bfb-4d3d-836c-baef8c0550a8226cb803704-e604-4205-93fd-a1775d708e4a:7f847e97-0bfb-4d3d-836c-baef8c0550a8:a7d9df74-a466-4e44-bc7d-fb1b3f61072a2025-09-24T05:16:21.8323477+08:00HighTitleStorage is not protected. Its a part of filesystem.UserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionStorage may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Storage. Consider using a standard authentication mechanism to identify the destination data store.InteractionStringWrite3302d8cb-4f2b-4563-aa32-f47333bd4be8Storage should be Encrypted.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aAutoGenerateda7d9df74-a466-4e44-bc7d-fb1b3f61072aS7.1falsefalseI2cb803704-e604-4205-93fd-a1775d708e4a7f847e97-0bfb-4d3d-836c-baef8c0550a8a7d9df74-a466-4e44-bc7d-fb1b3f61072aDESKTOP-RLHC3VQ\cchou13641e12-f20c-4227-9962-e21d4198570d7f847e97-0bfb-4d3d-836c-baef8c0550a8227cb803704-e604-4205-93fd-a1775d708e4a:7f847e97-0bfb-4d3d-836c-baef8c0550a8:a7d9df74-a466-4e44-bc7d-fb1b3f61072a2026-05-12T18:00:44.3262175+08:00HighTitleStorage is not protected. Its a part of filesystemUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionCan you access Storage and bypass the permissions for the object? For example by editing the files directly with a hex editor, or reaching it via filesharing? Ensure that your program is the only one that can access the data, and that all other subjects have to use your interface.InteractionStringWrite3302d8cb-4f2b-4563-aa32-f47333bd4be8Storage should be Encrypted.
Additional mitigation when running EdgeX in rootless Docker: container layers and bind-mounted volumes (including OpenBao's storage backend, log directories and key material) are owned by the unprivileged host user that runs the rootless daemon and live under that user's $XDG_DATA_HOME/docker tree, not under root-owned host paths. Other host users and escaped containers cannot bypass in-application access controls by reading or writing those files directly. This raises the cost of any filesystem-level disclosure or tampering attack but does not remove the need for at-rest encryption of the data the rootless user does control. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aAutoGenerateda7d9df74-a466-4e44-bc7d-fb1b3f61072aI2falsefalseI24cb803704-e604-4205-93fd-a1775d708e4a7f847e97-0bfb-4d3d-836c-baef8c0550a8a7d9df74-a466-4e44-bc7d-fb1b3f61072aDESKTOP-RLHC3VQ\cchou13641e12-f20c-4227-9962-e21d4198570d7f847e97-0bfb-4d3d-836c-baef8c0550a8232cb803704-e604-4205-93fd-a1775d708e4a:7f847e97-0bfb-4d3d-836c-baef8c0550a8:a7d9df74-a466-4e44-bc7d-fb1b3f61072a2026-05-12T18:01:08.0012334+08:00HighTitleWeak Credential StorageUserThreatCategoryInformation DisclosureUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionCredentials held at the server are often disclosed or tampered with and credentials stored on the client are often stolen. For server side, consider storing a salted hash of the credentials instead of storing the credentials themselves. If this is not possible due to business requirements, be sure to encrypt the credentials before storage, using an SDL-approved mechanism. For client side, if storing credentials is required, encrypt them and protect the data store in which they're storedInteractionStringWrite3302d8cb-4f2b-4563-aa32-f47333bd4be8With the Unseal and seal mechanism, The credentials are stored in encrypted form.
Additional mitigation when running EdgeX in rootless Docker: credential material persisted in container volumes (including OpenBao seal keys and SecretStore-issued tokens) is owned by an unprivileged host user, not root. A container escape only yields that unprivileged user's permissions, so attempts to exfiltrate credentials by reading host-level paths from a compromised neighbour container are blocked. Encryption (seal/unseal, salted hashes) remains the primary control; rootless Docker reduces the blast radius of a host-side compromise. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aNotApplicablea7d9df74-a466-4e44-bc7d-fb1b3f61072aI24falsefalseD2cb803704-e604-4205-93fd-a1775d708e4a7f847e97-0bfb-4d3d-836c-baef8c0550a8a7d9df74-a466-4e44-bc7d-fb1b3f61072aEATON\E073993913641e12-f20c-4227-9962-e21d4198570d7f847e97-0bfb-4d3d-836c-baef8c0550a8233cb803704-e604-4205-93fd-a1775d708e4a:7f847e97-0bfb-4d3d-836c-baef8c0550a8:a7d9df74-a466-4e44-bc7d-fb1b3f61072a2025-09-25T00:37:22.2340595+08:00HighTitlePotential Excessive Resource Consumption for OpenBao Server (Hosted on Device) or StorageUserThreatCategoryDenial Of ServiceUserThreatShortDescriptionDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.UserThreatDescriptionDoes OpenBao Server (Hosted on Device) or Storage take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.InteractionStringWrite3302d8cb-4f2b-4563-aa32-f47333bd4be8Extensive resource usage could potentailly lead to DOS. Need to investigate.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededcb803704-e604-4205-93fd-a1775d708e4aNeedsInvestigationa7d9df74-a466-4e44-bc7d-fb1b3f61072aD2falsefalseS7a7d9df74-a466-4e44-bc7d-fb1b3f61072a9b100bd8-b645-4f24-aa94-37540a458493cb803704-e604-4205-93fd-a1775d708e4aDESKTOP-RLHC3VQ\cchou13641e12-f20c-4227-9962-e21d4198570d9b100bd8-b645-4f24-aa94-37540a458493230a7d9df74-a466-4e44-bc7d-fb1b3f61072a:9b100bd8-b645-4f24-aa94-37540a458493:cb803704-e604-4205-93fd-a1775d708e4a2026-05-12T17:53:13.1141257+08:00HighTitleStorage is not protected. Its a part of file system.UserThreatCategoryTamperingUserThreatShortDescriptionInformation disclosure happens when the information can be read by an unauthorized party.UserThreatDescriptionStorage may be spoofed by an attacker and this may lead to incorrect data delivered to OpenBao Server (Hosted on Device) . Consider using a standard authentication mechanism to identify the source data store.InteractionStringRead3302d8cb-4f2b-4563-aa32-f47333bd4be8Storage should be encrypted.
Additional mitigation when running EdgeX in rootless Docker: container layers and bind-mounted volumes (including OpenBao's storage backend, log directories and key material) are owned by the unprivileged host user that runs the rootless daemon and live under that user's $XDG_DATA_HOME/docker tree, not under root-owned host paths. Other host users and escaped containers cannot bypass in-application access controls by reading or writing those files directly. This raises the cost of any filesystem-level disclosure or tampering attack but does not remove the need for at-rest encryption of the data the rootless user does control. See https://docs.edgexfoundry.org/4.1/security/Rootless-Docker/.
Additional mitigation when EdgeX container images are signed (e.g., Sigstore/cosign, Docker Content Trust or Notary v2) and signature verification is enforced at pull or admission time: the supply-chain path for introducing a tampered or imposter image is closed, provided the signing key is rooted in an HSM or KMS and verification is policy-enforced by the runtime. Signing does not prevent exploitation of a flaw inside a legitimately signed image; pair it with SBOM and SLSA provenance attestations and timely patching. See https://www.sigstore.dev/ and https://docs.docker.com/engine/security/trust/.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation neededa7d9df74-a466-4e44-bc7d-fb1b3f61072aAutoGeneratedcb803704-e604-4205-93fd-a1775d708e4aS7falsefalseI23a7d9df74-a466-4e44-bc7d-fb1b3f61072a9b100bd8-b645-4f24-aa94-37540a458493cb803704-e604-4205-93fd-a1775d708e4aEATON\E073993913641e12-f20c-4227-9962-e21d4198570d9b100bd8-b645-4f24-aa94-37540a458493231a7d9df74-a466-4e44-bc7d-fb1b3f61072a:9b100bd8-b645-4f24-aa94-37540a458493:cb803704-e604-4205-93fd-a1775d708e4a2025-09-24T05:19:23.2094063+08:00HighTitleWeak Access Control for a ResourceUserThreatCategoryUser-definedUserThreatShortDescriptionA user subject gains increased capability or privilege by taking advantage of an implementation bug.UserThreatDescriptionImproper data protection of Storage can allow an attacker to read information not intended for disclosure. Review authorization settings.InteractionStringRead3302d8cb-4f2b-4563-aa32-f47333bd4be8OpenBao uses role based access, TTL for keys, Sets limit of how many times a key can be used.PriorityHighf42499a2-b1a0-445b-88ac-f22aa5dc4e09Adopter7a70fe71-64fa-4b97-b171-38b5a064c295Mitigation writtena7d9df74-a466-4e44-bc7d-fb1b3f61072aAutoGeneratedcb803704-e604-4205-93fd-a1775d708e4aI23falsefalsetruee6ad3a3b-3e9d-4f2a-8f3d-723e2cbf2585e6ad3a3b-3e9d-4f2a-8f3d-723e2cbf2585true00000000-0000-0000-0000-000000000000102be8a5-2c83-439a-9157-f7c7e9ac1321The connector should be attached to two elements.09e889f5-eba7-42f5-b7ce-0768e1ba3a3e4.3falsefalseNot SelectedManagedUnmanagedCode TypeVirtualDynamiccodeTypeListfalseNot SelectedKernelSystemNetwork ServiceLocal ServiceAdministratorStandard User With ElevationStandard User Without ElevationWindows Store AppRunning AsVirtualDynamicrunningAsListfalseNot SelectedAppContainerLow Integrity LevelMicrosoft Office Isolated Conversion Environment (MOICE)SandboxIsolation LevelVirtualDynamicIsolationListfalseNot SelectedAny Remote User or EntityKernel, System, or Local AdminLocal or Network ServiceLocal Standard User With ElevationLocal Standard User Without ElevationWindows Store Apps or App Container ProcessesNothingOtherAccepts Input FromVirtualDynamicacceptsInputFromListfalseNoYesImplements or Uses an Authentication MechanismVirtualDynamicimplementsAuthenticationSchemeListfalseNoYesImplements or Uses an Authorization MechanismVirtualDynamicimplementsCustomAuthorizationMechanismListfalseNoYesImplements or Uses a Communication ProtocolVirtualDynamicimplementsCommunicationProtocolListfalseNot SelectedYesNoSanitizes InputVirtualDynamichasInputSanitizersListfalseNot SelectedYesNoSanitizes OutputVirtualDynamichasOutputSanitizersListA representation of a generic process.falseGE.PCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAARRJREFUOE99ksFmQ0EUhtOHKCGUUi6hhEieoVy6CiGrkG3IA2TVB+hThVLyDN1eSghdZTX5P84fc5u5d/H558z5z5kzc+/gYVb/ZydS6F0+pdTCCcwHUYsvQQPU8Vb0NjgKirog39vgXWA8iZWYhBKzT76zwUZ47KV4ER/iOWL2yeMrNriECUbiM9Y0IXYOX7FBPsFCcPJeUEzMfu8E8CYw/gqKnkKJ2SdvbwsvvgXGLsi3Co0X+X+AUoTy+v4PXgXX+xFDMRa3Bjlr8RfqvbmgqT+rdZ4X9sGD0pRJH0OJR3evmiODaQQnVqE8MtoUC40MhsKz4GTujhJXxUIjg5kKTmTsXKfFQiNDDg/JJBRzBcX14ApRBWL6a6sYxQAAAABJRU5ErkJggg==Generic ProcessROOTEllipsefalsefalseNot ApplicableNoYesAuthenticates ItselfVirtualDynamicauthenticatesItselfListfalseNot SelectedCodeHumanTypeVirtualDynamictypeListfalseNoYesMicrosoftVirtualDynamicMSList
A representation of an external interactor.
falseGE.EILower right of stenciliVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAALEwAACxMBAJqcGAAAANBJREFUOE9j+P//P1UwVkFyMJhgNPX+jwW/B2J5dA24MJhAMwCOmc19LgJpfnRN2DCYQDeADGxPFYN0I7J8aG+QgGPYHdWglJ0wvkVi0SJWC7/PyGpgGK9B6W2TM4Fy2iDDAkqau4BsJb+ixg5savEaxGTm8wFI64MMA2IpEBsYix+R1cAwwTASdY1MB8mDMLdt0FRsakAYr0FQ74BdAsJAtjpymCFjQoG9Ekjrg7wI86aEe/R6ZDUwTNBrxGLqGwTErhRiQZhBFGOsgqTj/wwAWDijBcYFCvcAAAAASUVORK5CYII=Generic External InteractorROOTRectanglefalsefalseNoYesStores CredentialsVirtualDynamicstoresCredentialsListfalseNoYesStores Log DataVirtualDynamicstoresLogDataListfalseNoYesEncryptedVirtualDynamicEncryptedListfalseNoYesSignedVirtualDynamicSignedListfalseNoYesWrite AccessVirtualDynamicAccessTypeListfalseNoYesRemovable StorageVirtualDynamicRemoveableStorageListfalseNoYesBackupVirtualDynamicBackupListfalseNoYesSharedVirtualDynamicsharedListfalseSQL Relational DatabaseNon Relational DatabaseFile SystemRegistryConfigurationCacheHTML5 StorageCookieDeviceStore TypeVirtualDynamicstoreTypeList
A representation of a data store.
falseGE.DSLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAIxJREFUOE9j+P//PxwzmnrPB+L/BPB5IOaH6SFVMxgzmflcANJgQ0jWDMMwQ8jSDMMgQ0Au0AZiVzKxBcgFWE0nFoMNcM6smoaPxoZhcpS7AIu/SMLDIQxKJswpxoVhikC2YZMHYVAgCuLCMANcs6vDsMmDMMwL9jDFJGCwHrABuhFZPkgSRGGIHu//AJbS3MIG0q+eAAAAAElFTkSuQmCCGeneric Data StoreROOTParallelLinesfalsefalseNot SelectedWireWi-FiBluetooth2G-4GPhysical NetworkVirtualDynamicchannelListfalseNot SelectedNoYesSource AuthenticatedVirtualDynamicauthenticatesSourceListfalseNoYesDestination AuthenticatedVirtualDynamicauthenticatesDestinationListfalseNoYesProvides ConfidentialityVirtualDynamicprovidesConfidentialityListfalseNoYesProvides IntegrityVirtualDynamicprovidesIntegrityListfalseNoYesTransmits XMLVirtualDynamicXMLencListfalseYesNoContains CookiesVirtualDynamicCookiesListfalseNoYesSOAP PayloadVirtualDynamicSOAPListfalseNoYesREST PayloadVirtualDynamicRESTListfalseNoYesRSS PayloadVirtualDynamicRSSListfalseNoYesJSON PayloadVirtualDynamicJSONListfalseNot SelectedValidateAntiForgeryTokenAttributeViewStateUserKeyNonceOther dynamic canaryStatic header not available to the browserOtherNoneNot applicable because the request does not change dataForgery ProtectionVirtualDynamic54851a3b-65da-4902-b4e0-94ef015be735List
A unidirectional representation of the flow of data between elements.
falseGE.DFBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEtJREFUOE9j+P//P1bMaOr9Hx2jqwFhDAEYHngDYBiXRhjGKoiMR5IBIIWkYmwGgGh0jFN8OBkA4qBhbGJYxbEagMNQrOIUGuD9HwBIkRfD8QF9EgAAAABJRU5ErkJggg==Generic Data FlowROOTLinefalse
An arc representation of a trust boundary.
falseGE.TB.LBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAZdEVYdFNvZnR3YXJlAEFkb2JlIEltYWdlUmVhZHlxyWU8AAABX0lEQVQ4T2NgNPXGh/mhGJscGCNzQArtgVgfxmcy87kAwlA5ZLVwDGOAFQPp/1Dcj8zHZwiY4LUPdgLSMM0YmM8+5JaAY5gRkI3dAJuUUlsgjVUzCM/ZuDPg////vEA2dgNAkqpBKTuBbKwGRNV0iQNpmCZQGMG9AxPk57IJvA6ksRrAYu67EEjLA7E+s7nPReQwAWtGC0CiMMwQkPNZ5H0TtqArIIRBAWueUCgM9gLQEG1QGHDbBr1YuftQDJDvapFYtAhdEwwDY+TO8cvXXUCWw8IAbMjCrXtDgDQHlK8E04CO1YPTVoA0A9nwQIQZAtYMxaBAw2oAFINSLaoBSFgfGEgPgDQ2jWAs5hZVCaSxGwB0Ca+iX9I2IBusGORn3YistTA+q4Xf59KJcy1BarEaAMJAQ8ABixRg6omN/fWgwF26Y38EzLsghfiwNhBbADELlC8KxEpAzAHh/2cAANCSU7ngF2KpAAAAAElFTkSuQmCCGeneric Trust Line BoundaryROOTLineBoundaryfalse
A border representation of a trust boundary.
falseGE.TB.BBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCGeneric Trust Border BoundaryROOTBorderBoundaryfalse
A representation of an annotation.
falseGE.AFree Text AnnotationROOTAnnotationTwC MSECcc62ebae-3748-431e-b1df-f4220dc9003fSDL TM Knowledge Base (Core)4.1.0.18false
A Windows Process.
falseSE.P.TMCore.OSProcessCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEFJREFUOE9jYDT1ngnE/8nEM0EG/EETJAV/ABmATYJYTD0DQDQ5eNSAUQNAmDoGgDITugSxGGzAfCAGuYIM7D0HAH9a5DRx46KEAAAAAElFTkSuQmCCOS ProcessGE.PEllipsefalse
A thread of execution in a Windows process.
falseSE.P.TMCore.ThreadCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEFJREFUOE9jYDT1ngnE/8nEM0EG/EETJAV/ABmATYJYTD0DQDQ5eNSAUQNAmDoGgDITugSxGGzAfCAGuYIM7D0HAH9a5DRx46KEAAAAAElFTkSuQmCCThreadGE.PEllipsefalsefalseUnmanagedCode TypeVirtualStaticcodeTypeList
A thread of execution in the Windows kernel.
falseSE.P.TMCore.KernelThreadCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEFJREFUOE9jYDT1ngnE/8nEM0EG/EETJAV/ABmATYJYTD0DQDQ5eNSAUQNAmDoGgDITugSxGGzAfCAGuYIM7D0HAH9a5DRx46KEAAAAAElFTkSuQmCCKernel ThreadGE.PEllipsefalsefalseUnmanagedCode TypeVirtualStaticcodeTypeList
A representation of a Win32 or Win64 application.
falseSE.P.TMCore.WinAppCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEFJREFUOE9jYDT1ngnE/8nEM0EG/EETJAV/ABmATYJYTD0DQDQ5eNSAUQNAmDoGgDITugSxGGzAfCAGuYIM7D0HAH9a5DRx46KEAAAAAElFTkSuQmCCNative ApplicationGE.PEllipsefalsefalseManagedCode TypeVirtualStaticcodeTypeList
A representation of a .NET Web application.
falseSE.P.TMCore.NetAppCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAANFJREFUOE+t09EGAkEUxvF6lG6jqxQR3cbQbURERER0FV31ErEsveI+QNT3X3NYszPsji5+Zsycvjk7o8Fw5gr5ZioI+ASLfVQExDa6+l8AY45kgJO7HGQvD78W1kUD+MFYljLxmE9lJ83aVsBRLsLTnuXpMWftKtQkA+yErR+tA+Z01qxBK+AlJ+E0RuuAeelH9pIBls7lMfbuYCNruQkXx6dgLrwKe9QkA8BJI1mJdcCcEOvCRAPA6dw4nwJeYSFhXR3Anync6KoOeAtdZHDlD8vn/L46Hi6/AAAAAElFTkSuQmCCManaged ApplicationGE.PEllipsefalsefalseUnmanagedCode TypeVirtualStaticcodeTypeList
A representation of a thick client.
falseSE.P.TMCore.ThickClientCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAGBJREFUOE/FjdEJwDAIBe1QnaJ7BzpA5nmpH8KjkaC2kI9L5MBTAHzClRnkOK/+gABdF95+EissoL/N/wRMrOAAsyfArhRgSgF2pQBTCrDT59YhQLMlZrqUxZUZXBkHMgDkpHNwRk9QLgAAAABJRU5ErkJggg==Thick ClientGE.PEllipsefalsefalseUnmanagedCode TypeVirtualStaticcodeTypeList
A representation of a browser client.
falseSE.P.TMCore.BrowserClientCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAASBJREFUOE+l0q1LBGEQx/FdMMsVg/H+AG1WmxqMZ1WDWC5dUMQiyImIQVARRTGpRVHwpYigd/iCmLQZBINYD8yG576/Y0Y27AOehs/O7PA8s/PwbBJC+JfcYjuStG/Y9WAML9jAE0ZQRGuNNhBDlm+exDvqKmLP4hXeMIifBv515Xp04Rrb2MIdZiyu4NB0xBos4RZzOMYNplHDPhZwj7JvylJBo+tFi78s37X4iSPLa7EGq9D441jDJkattowJy+e9gaLnenwogcb/tvzAYgMXltdjE1Rwjins4ARli+uYhZqUYhN04gFqoi+/ompRt6Kr1XRpbAIZwjMuVYQf4QyP6EX0P3DdGMApFqEj9KOA1prcCbzbX+UW25Fb/L2QNAG8ROHz0OoHewAAAABJRU5ErkJggg==Browser ClientGE.PEllipsefalsefalseNoYesActiveXVirtualDynamicActiveXListfalseNoYesBrowser Plug-in Object (BHO)VirtualDynamicBHOList
A representation of an browser plugin.
falseSE.P.TMCore.PlugInCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAANxJREFUOE+l070OwVAYgGEdDG7BbJUYMPhZJKYmBgYJg9lgwCDhAoTJHXSR2A0MRPxdA4nRDRgYxML7JW3SoI62w5PTnp68+XKSBrSEXsPTI0MCl7dNVyRgvcizG64CafTQte0pA1G0McASKdi//wyUccQaMzxwRgzWGcdAGAdskUEIHciZFZSBLDaYY4wJppAzMokyEMcOezTRQh1VVKAMyLgnXJGEhgL6kLtRBkZo4A7Zv5mrjJ/HXwFZS1hA7mKICKwzwjGQQxEyftDc++Yj4IkEfP9MPn5n3XgBkdQdpG8eZzEAAAAASUVORK5CYII=Browser and ActiveX PluginsGE.PEllipsefalsefalseManagedCode TypeVirtualStaticcodeTypeList
A representation of an Web Server Process.
falseSE.P.TMCore.WebServerCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAJ5JREFUOE9j+P//Pxgzmnr/JwejGOCcWTWtZMKcYmIxhgGu2dVhQLYgsRjDAN2ILB8YnxgMNgBEYMH22DSgY5BarAYQ6xKQWjABCjwBx7A7qkEpO8kyAB3T3wDk+Ec2iBiM1QW4DMSW0LC6ADlBIRuALaERDAOLxKJFMBxS3qYHE4dhnAZgE0fC8IQGIlyxYJDzsInDMEgebgAF+D8DAHhvQ2cWCf/0AAAAAElFTkSuQmCCWeb ServerGE.PEllipsefalsefalseLocalWebContextVirtualDynamiccontextListfalseNot SelectedYesNoDocuments Library capabilityVirtualDynamicdocumentsLibraryListfalseNot SelectedYesNoEnterprise Authentication capabilityVirtualDynamicenterprizeAuthenticationListfalseNot SelectedYesNoInternet (Client & Server) capabilityVirtualDynamicinternetClientServerListfalseNot SelectedYesNoInternet (Client) capabilityVirtualDynamicinternetClientListfalseNot SelectedYesNoLocation capabilityVirtualDynamiclocationListfalseNot SelectedYesNoMicrophone capabilityVirtualDynamicmicrophoneListfalseNot SelectedYesNoMusic Library capabilityVirtualDynamicmusicLibraryListfalseNot SelectedYesNoPictures Library capabilityVirtualDynamicpictureLibraryListfalseNot SelectedYesNoPrivate Networks (Client & Server) capabilityVirtualDynamicprivateNetworkClientServerListfalseNot SelectedYesNoProximity capabilityVirtualDynamicproximityListfalseNot SelectedYesNoRemovable Storage capabilityVirtualDynamicremovableStorageListfalseNot SelectedYesNoShared User Certificates capabilityVirtualDynamicsharedUserCertificatesListfalseNot SelectedYesNoText Messaging capabilityVirtualDynamicsmsListfalseNot SelectedYesNoVideos Library capabilityVirtualDynamicvideosLibraryListfalseNot SelectedYesNoWebcam capabilityVirtualDynamicwebcamListfalseManagedCode TypeVirtualStaticcodeTypeList
A representation of a Windows Store process.
falseSE.P.TMCore.ModernCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAARRJREFUOE99ksFmQ0EUhtOHKCGUUi6hhEieoVy6CiGrkG3IA2TVB+hThVLyDN1eSghdZTX5P84fc5u5d/H558z5z5kzc+/gYVb/ZydS6F0+pdTCCcwHUYsvQQPU8Vb0NjgKirog39vgXWA8iZWYhBKzT76zwUZ47KV4ER/iOWL2yeMrNriECUbiM9Y0IXYOX7FBPsFCcPJeUEzMfu8E8CYw/gqKnkKJ2SdvbwsvvgXGLsi3Co0X+X+AUoTy+v4PXgXX+xFDMRa3Bjlr8RfqvbmgqT+rdZ4X9sGD0pRJH0OJR3evmiODaQQnVqE8MtoUC40MhsKz4GTujhJXxUIjg5kKTmTsXKfFQiNDDg/JJBRzBcX14ApRBWL6a6sYxQAAAABJRU5ErkJggg==Windows Store ProcessGE.PEllipsefalsefalseUnmanagedCode TypeVirtualStaticcodeTypeList
A representation of an network process or service.
falseSE.P.TMCore.Win32ServiceCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAANFJREFUOE+t09EGAkEUxvF6lG6jqxQR3cbQbURERER0FV31ErEsveI+QNT3X3NYszPsji5+Zsycvjk7o8Fw5gr5ZioI+ASLfVQExDa6+l8AY45kgJO7HGQvD78W1kUD+MFYljLxmE9lJ83aVsBRLsLTnuXpMWftKtQkA+yErR+tA+Z01qxBK+AlJ+E0RuuAeelH9pIBls7lMfbuYCNruQkXx6dgLrwKe9QkA8BJI1mJdcCcEOvCRAPA6dw4nwJeYSFhXR3Anync6KoOeAtdZHDlD8vn/L46Hi6/AAAAAElFTkSuQmCCWin32 ServiceGE.PEllipsefalsefalseUnmanagedCode TypeVirtualStaticcodeTypeList
Delivers web content to a human user.
falseSE.P.TMCore.WebAppCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAANFJREFUOE+t09EGAkEUxvF6lG6jqxQR3cbQbURERER0FV31ErEsveI+QNT3X3NYszPsji5+Zsycvjk7o8Fw5gr5ZioI+ASLfVQExDa6+l8AY45kgJO7HGQvD78W1kUD+MFYljLxmE9lJ83aVsBRLsLTnuXpMWftKtQkA+yErR+tA+Z01qxBK+AlJ+E0RuuAeelH9pIBls7lMfbuYCNruQkXx6dgLrwKe9QkA8BJI1mJdcCcEOvCRAPA6dw4nwJeYSFhXR3Anync6KoOeAtdZHDlD8vn/L46Hi6/AAAAAElFTkSuQmCCWeb ApplicationGE.PEllipsefalsefalseUnmanagedCode TypeVirtualStaticcodeTypeList
Exposes a programmatic interface.
falseSE.P.TMCore.WebSvcCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAANFJREFUOE+t09EGAkEUxvF6lG6jqxQR3cbQbURERER0FV31ErEsveI+QNT3X3NYszPsji5+Zsycvjk7o8Fw5gr5ZioI+ASLfVQExDa6+l8AY45kgJO7HGQvD78W1kUD+MFYljLxmE9lJ83aVsBRLsLTnuXpMWftKtQkA+yErR+tA+Z01qxBK+AlJ+E0RuuAeelH9pIBls7lMfbuYCNruQkXx6dgLrwKe9QkA8BJI1mJdcCcEOvCRAPA6dw4nwJeYSFhXR3Anync6KoOeAtdZHDlD8vn/L46Hi6/AAAAAElFTkSuQmCCWeb ServiceGE.PEllipsefalse
A virtual machine running in a Hyper-V partition.
falseSE.P.TMCore.VMCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAARRJREFUOE99ksFmQ0EUhtOHKCGUUi6hhEieoVy6CiGrkG3IA2TVB+hThVLyDN1eSghdZTX5P84fc5u5d/H558z5z5kzc+/gYVb/ZydS6F0+pdTCCcwHUYsvQQPU8Vb0NjgKirog39vgXWA8iZWYhBKzT76zwUZ47KV4ER/iOWL2yeMrNriECUbiM9Y0IXYOX7FBPsFCcPJeUEzMfu8E8CYw/gqKnkKJ2SdvbwsvvgXGLsi3Co0X+X+AUoTy+v4PXgXX+xFDMRa3Bjlr8RfqvbmgqT+rdZ4X9sGD0pRJH0OJR3evmiODaQQnVqE8MtoUC40MhsKz4GTujhJXxUIjg5kKTmTsXKfFQiNDDg/JJBRzBcX14ApRBWL6a6sYxQAAAABJRU5ErkJggg==Virtual MachineGE.PEllipsefalse
Microsoft applications running on operating systems from Google or Apple.
falseSE.P.TMCore.NonMSCentered on stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAARRJREFUOE99ksFmQ0EUhtOHKCGUUi6hhEieoVy6CiGrkG3IA2TVB+hThVLyDN1eSghdZTX5P84fc5u5d/H558z5z5kzc+/gYVb/ZydS6F0+pdTCCcwHUYsvQQPU8Vb0NjgKirog39vgXWA8iZWYhBKzT76zwUZ47KV4ER/iOWL2yeMrNriECUbiM9Y0IXYOX7FBPsFCcPJeUEzMfu8E8CYw/gqKnkKJ2SdvbwsvvgXGLsi3Co0X+X+AUoTy+v4PXgXX+xFDMRa3Bjlr8RfqvbmgqT+rdZ4X9sGD0pRJH0OJR3evmiODaQQnVqE8MtoUC40MhsKz4GTujhJXxUIjg5kKTmTsXKfFQiNDDg/JJBRzBcX14ApRBWL6a6sYxQAAAABJRU5ErkJggg==Applications Running on a non Microsoft OSGE.PEllipsefalsefalseCodeTypeVirtualStatictypeList
A representation of an external Web browser.
falseSE.EI.TMCore.BrowserLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAMRJREFUOE9j+P//PwOjqfd/NGwPEkfH2NSBJUomzCmGCTpnVk1rmbdCHl0zLnVgCZggDPPaBzuha8alDquEbkSWD5C+jyYuj8YHq8NnAIqYuFu0K7oY2AAgA90mkjCG7aRinAaAQhkbGx3jNMA1uzoMGD6uUCyHTQ0I4zQAFECgAIZhbGpAeJAYYJFYtAiUTEE4sbG/HiSGzQBs6hi4bYNegBjoOKS8TQ/ZAFzqQJI2QAwLbWTMAcRwA4AYqzpkBWTg/wwA3lTsAWB+hJkAAAAASUVORK5CYII=BrowserGE.EIRectanglefalse
A representation of an external authorization provider.
falseSE.EI.TMCore.AuthProviderLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAATpJREFUOE9j+P//PwZmNPWuB+L7QPwfit8D8Xwg5kdXi8IBYajC/0YxeXNLJswpBmG/osYOFnPfT0xmPhfQDUHXHA/SDNIE5CsBsSAUS529fseH1cLvM9CghSC1MIxiALuV/xXVoJSdQDZIE4ocELOAXAKyANkVKIpAkuGVHfHIYsh47sZd6iA1vPbBTjAxFAUgSd2ILB9kMWRsnlAojK4GRYGAY9gdLpvApchiyJjTOjAJZEDLvBXyMDEUBW45NU0gBUCM4Q2gmD6zuc9HaBixwMRRFAGxFEgB1BCU6AJG4Qd+h9DbO0+cM0cWhzOQsDbIAJBzYWJAvjxILLSirQzIh9sOwnAGMoa6AAObxhX4o6tF4SBhVxwYI32gcJAxFhfYY1OHIYCECdoOwhgCyJiQ7SCMVZB4/J8BAHcPi99NNItPAAAAAElFTkSuQmCCAuthorization ProviderGE.EIRectanglefalsefalseCodeTypeVirtualStatictypeList
A representation of an external Web application (portal, front ed, etc.).
falseSE.EI.TMCore.WebAppLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAIBJREFUOE9j+P//PwOjqXc8EP8nEc8H6QUbwGzu8xGLAmKwPswFYAHnzKppJRPmFBPCMPUqgSmeKAa4ZleHAfmChDBMvW5Elg+KASABEJ8QHjVg1AAQxmkAqRhuAKuF32dsCmB5A5scCNuklNqCDfArauzApgAfVg1K2fn//39eAIdsIEry0cBoAAAAAElFTkSuQmCCExternal Web ApplicationGE.EIRectanglefalsefalseCodeTypeVirtualStatictypeList
A representation of an external Web service.
falseSE.EI.TMCore.WebSvcLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAJ5JREFUOE9j+P//Pxgzmnr/JwejGOCcWTWtZMKcYmIxhgGu2dVhQLYgsRjDAN2ILB8YnxgMNgBEYMH22DSgY5BarAYQ6xKQWjABCjwBx7A7qkEpO8kyAB3T3wDk+Ec2iBiM1QW4DMSW0LC6ADlBIRuALaERDAOLxKJFMBxS3qYHE4dhnAZgE0fC8IQGIlyxYJDzsInDMEgebgAF+D8DAHhvQ2cWCf/0AAAAAElFTkSuQmCCExternal Web ServiceGE.EIRectanglefalsefalseHumanTypeVirtualStatictypeList
A representation of a user.
falseSE.EI.TMCore.UserLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAQNJREFUOE9j+P//PwZmNPXWB+L7QPwfiveDxLCpxRAAKuRnMvP5gKQZjJnNfS6iqwVhDAFe+2AndM1IGMMVKBwQ1o3I8sGiEYyL+mdLo6tH4YAwl03gUmyaQZjN0r8QXT0KB4SFnSP2YNMMwsoByQ3o6lE4ILzvzEVrVgu/z+iaBRzD7izbcUAbXT0KB4pZlPyTtqMb4JZT0wSSQ1OL1QCG8MqOeHQDgEAKWQ0MYwgAFfMDo3IaugFAHI+uFoThDKACUOqbD8TvoRqwYVDqrAdiebgBQA5IIyipYtOAD4Ms42cAJVE0CaIxi7nvQpALsEoSg/kdQk9RZICgU9gZCg0IOwMAqzT/oq6scnwAAAAASUVORK5CYII=Human UserGE.EIRectanglefalse
A large service that has only one instance on the Internet, for example, Outlook.com and Xbox Live.
falseSE.EI.TMCore.MegasevriceLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAALBJREFUOE+l0rEJwmAQBeBfBEFwAAcQBHsLwQ1srRwgrUu4gZO4gQNYWQmpbG0d4HwvmHD+eZocFh8JL3eP5CfJzP4iw4g0WG66LKCAlcsarcCZwhnMucEMmjm/UJvDEPLl2hX4vJr3ixO4AIee7+s3a2gVbEENK3v4KNgBX00NKzwL7lQFPGE11EfBgnsWRpQs6DqwXx4sOGVhxJEFY95A5FNKOMBI/t8RMoyQYX+WXnB1v3lL8LpjAAAAAElFTkSuQmCCMegaserviceGE.EIRectanglefalsefalseNot ApplicableAuthenticates ItselfVirtualStaticauthenticatesItselfListfalseCodeTypeVirtualStatictypeList
Represents the point where an application calls into an unmanaged runtime library such as the CRT.
falseSE.EI.TMCore.CRTLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAALEwAACxMBAJqcGAAAANBJREFUOE9j+P//P1UwVkFyMJhgNPX+jwW/B2J5dA24MJhAMwCOmc19LgJpfnRN2DCYQDeADGxPFYN0I7J8aG+QgGPYHdWglJ0wvkVi0SJWC7/PyGpgGK9B6W2TM4Fy2iDDAkqau4BsJb+ixg5savEaxGTm8wFI64MMA2IpEBsYix+R1cAwwTASdY1MB8mDMLdt0FRsakAYr0FQ74BdAsJAtjpymCFjQoG9Ekjrg7wI86aEe/R6ZDUwTNBrxGLqGwTErhRiQZhBFGOsgqTj/wwAWDijBcYFCvcAAAAASUVORK5CYII=Windows RuntimeGE.EIRectanglefalsefalseNot ApplicableAuthenticates ItselfVirtualStaticauthenticatesItselfListfalseCodeTypeVirtualStatictypeList
Represents the point where an application calls into the .NET Framework.
falseSE.EI.TMCore.NFXLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAALEwAACxMBAJqcGAAAANBJREFUOE9j+P//P1UwVkFyMJhgNPX+jwW/B2J5dA24MJhAMwCOmc19LgJpfnRN2DCYQDeADGxPFYN0I7J8aG+QgGPYHdWglJ0wvkVi0SJWC7/PyGpgGK9B6W2TM4Fy2iDDAkqau4BsJb+ixg5savEaxGTm8wFI64MMA2IpEBsYix+R1cAwwTASdY1MB8mDMLdt0FRsakAYr0FQ74BdAsJAtjpymCFjQoG9Ekjrg7wI86aEe/R6ZDUwTNBrxGLqGwTErhRiQZhBFGOsgqTj/wwAWDijBcYFCvcAAAAASUVORK5CYII=Windows .NET RuntimeGE.EIRectanglefalsefalseNot ApplicableAuthenticates ItselfVirtualStaticauthenticatesItselfListfalseCodeTypeVirtualStatictypeList
Represents the point where an application calls into WinRT.
falseSE.EI.TMCore.WinRTLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAALEwAACxMBAJqcGAAAANBJREFUOE9j+P//P1UwVkFyMJhgNPX+jwW/B2J5dA24MJhAMwCOmc19LgJpfnRN2DCYQDeADGxPFYN0I7J8aG+QgGPYHdWglJ0wvkVi0SJWC7/PyGpgGK9B6W2TM4Fy2iDDAkqau4BsJb+ixg5savEaxGTm8wFI64MMA2IpEBsYix+R1cAwwTASdY1MB8mDMLdt0FRsakAYr0FQ74BdAsJAtjpymCFjQoG9Ekjrg7wI86aEe/R6ZDUwTNBrxGLqGwTErhRiQZhBFGOsgqTj/wwAWDijBcYFCvcAAAAASUVORK5CYII=Windows RT RuntimeGE.EIRectanglefalse
A representation of a Cloud Storage.
falseSE.DS.TMCore.CloudStorageLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOwwAADsMBx2+oZAAAAXRJREFUOE+NkztLA0EUhVcFg4U2goUgWKxVKnGNqKCBKBYGZBVUkO1iEfHR+0ZSCoKNIGIjwR+ghb2Vv8DeVlDBLiYZ7zfM6OyyPorD5J57zpndvTeeUioVLcOzgeBFoBxQB64uZrJAJGi25oofQbRVnVnfPeWkhndDXNOlaerbEN/cPyxJzxf0cVLDC16tzw1odoyHz9zWXVh+5BQ+Y/sGGZ6ECyxnzbeQe2dXq1JzW86crlkju1g+QCuoUGOuQLSPzr0L0WWFwq0ZoZTfAYfn1QCt6VUQ1o057wr9sLSTFiDgtfImpE6AKpS3TxKi3wI08NDTAUPRJu8eE/wVYPuejKThjiUp+CmgbaT4htezYxGwZXy4XkHNcC5qGOUMBXpD8ZLmmy1rQA6ubPRH+8eM6mup+H10cU24ngxaPHjtI7FtU4JpAV+5Z2C+dGcDjJgRsxto0OJJ/y8YZNnMzsmFJ/mtxWlIJR1MCMYSXAyp5P+hvE94cVhHBmDVoQAAAABJRU5ErkJggg==Cloud StorageGE.DSParallelLinesfalsefalseSQL Relational DatabaseStore TypeVirtualStaticstoreTypeList
A representation of a SQL Database.
falseSE.DS.TMCore.SQLLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAASJJREFUOE99kj1Ow0AQhQ2IjsJHSA7Bj4SJZCmpiNLQUSJRIwpQOAItSgvKDXIe6lyAAgkoyPA+s2vtrr2O9Ekz895MdrxbmFmxd3y5FB9iJ6wH6uhL/CE0I9j+yXx3NLnaXtw+vKZQR8eHPx1gGJRMxbkY9UB9ig+/fvEAx694F6wD10FMHb3xdgZwzMOzxafi7DdAx0feGTBe3DwrqcVsAPRR7wBHtEJoSmBYm2dX8AbFlfjydQd51Q7IrOCbw8aUanAF3f230yI4Le8CfXAFH4fgk1Y7/7+pbwXVm+O7R0beNituXi8UfpJIVyhdHTZucNQMfOk6t8LB6fzH52IjomZ0f5+8984tPL683YUNKeh+QI7yabW+T07S/DN1Myv/AMyfAkxuIUzjAAAAAElFTkSuQmCCSQL DatabaseGE.DSParallelLinesfalsefalseNon Relational DatabaseStore TypeVirtualStaticstoreTypeList
A representation of a non-relational database.
falseSE.DS.TMCore.NoSQLLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAQtJREFUOE99krFKA0EQhs8EO4t7hOQhokLOQCBWOa6xsxSsQ4qE+Ai2kjYhr5XaF7AQ1MKM88nOsdnb3YMPdv7/37md2ytEpLgYzTfKh3JSJAI6/oa8D5sxpHddn64mD+93z6tdCDo+OfJhAyGgxUwZK4MI6DNy5PU5b+D4VY4K48Cjt0bH/892GnDMy9vmU9fJb4BPjrrTYNg8vWoxVe4z4A+iDRxnI/ihAJq1dXIEC+i6Ur5Md1BXbYPECLbZ3xhSZUfQu/92Xgf+C/zsCLbOkRxB9fb4vm6YV7g3U4QjlE7Pwpeepkbo39Q/VsfAt/vkf+/cwvptv4htNPCtQYryZXtYhiehRheR8g/o7QMp4dB2sAAAAABJRU5ErkJggg==Non Relational DatabaseGE.DSParallelLinesfalsefalseNTFSExFATFATReFSIFSUDFOtherFile System TypeVirtualDynamicfsTypeListfalseFile SystemStore TypeVirtualStaticstoreTypeList
A representation of a file system.
falseSE.DS.TMCore.FSLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAASFJREFUOE9j+P//PwOjqfd/InE8SD0yJtUAEEYxBMUAIHDFhZEMQDEE3QC4yegYSTOKISiSMMXYMJJGZKyPIomsASp+GYiLoHwM76gEpnhiNQDIPgfEZ5nMfH6zWfo/ArIfA3EbkjxYvW5Elg9WA/jsQ66B+OxW/m+ZzX1+gthA27ph8jD1WA0A0seAmr5zWge+LZs0L9sqqXgui7nvdyB+CZS7TNAAoIYufofQ20ANXwSdwhoFHMO2Ag38LeoaecYysXgSQQOAWBZo+xMQHxgGf4D0PxBbyT9pBVBOHlk9zjAASizWj8xeAwpEcbfoc0D+ervUskKYPEEDgFgViNWEnSOuAp3dCWSrA7E4VI4oA2DYDIhl0cRwG0AqpoIBWT4AXz0GcRbZcbEAAAAASUVORK5CYII=File SystemGE.DSParallelLinesfalsefalseRegistryStore TypeVirtualStaticstoreTypeList
A representation of a Registry.
falseSE.DS.TMCore.RegistryLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAZxJREFUOE+Vkr1LQlEYxm9lSyFlUEuEEEFDxJ3KOxSSUEFqYoVJECoEQYt97eocqHO0VNgm0hC4hBQ0BEUNLUFQTbVV9Afcnudwj5x7uUENv3vPed6Pc877vpppmoKWsbAOaiAotb8gPgjKAbN/bvW0dTzyiXUJdDmd3RDBbYHI1275YAfCSKXeSHLfbswXnM5uaP5ouszTEfSKf8wTiF5wT90twEkzgRNnAmgpEFM1oqXzxXD3VOJJDe6cXHinbgX6QUOxs9DN+vDjBYaR2T6iw2hyo3r98DhLHfusVVShD4RTV1yDDyBuo15nEEyDYeCBgzi1YyL+ZhWYup4plHIo8LeVqKYmsEEHPuXw7HwJe59i62WnrAT2IBXpgCe84N8cLqxj8llEikGQlU6WJhwUOFwsoE2nY4kZvcHFOtZ3QP8lgSvCcau4v4kgvSe0fIsCXf47gcUz/75Q4oYJWHkWUbHb4OzsHVfXNaUlgqH42gkTAB/ngf1X7YQzA7sBvFoFLembWblnIvYYIvsti+nhXt5GngqNMwO7qf0AFBEVY8ZCOLAAAAAASUVORK5CYII=Registry HiveGE.DSParallelLinesfalsefalseConfigurationStore TypeVirtualStaticstoreTypeList
A configuration file, this includes XML, INI, and INF files.
falseSE.DS.TMCore.ConfigFileLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAZxJREFUOE+Vkr1LQlEYxm9lSyFlUEuEEEFDxJ3KOxSSUEFqYoVJECoEQYt97eocqHO0VNgm0hC4hBQ0BEUNLUFQTbVV9Afcnudwj5x7uUENv3vPed6Pc877vpppmoKWsbAOaiAotb8gPgjKAbN/bvW0dTzyiXUJdDmd3RDBbYHI1275YAfCSKXeSHLfbswXnM5uaP5ouszTEfSKf8wTiF5wT90twEkzgRNnAmgpEFM1oqXzxXD3VOJJDe6cXHinbgX6QUOxs9DN+vDjBYaR2T6iw2hyo3r98DhLHfusVVShD4RTV1yDDyBuo15nEEyDYeCBgzi1YyL+ZhWYup4plHIo8LeVqKYmsEEHPuXw7HwJe59i62WnrAT2IBXpgCe84N8cLqxj8llEikGQlU6WJhwUOFwsoE2nY4kZvcHFOtZ3QP8lgSvCcau4v4kgvSe0fIsCXf47gcUz/75Q4oYJWHkWUbHb4OzsHVfXNaUlgqH42gkTAB/ngf1X7YQzA7sBvFoFLembWblnIvYYIvsti+nhXt5GngqNMwO7qf0AFBEVY8ZCOLAAAAAASUVORK5CYII=Configuration FileGE.DSParallelLinesfalsefalseCacheStore TypeVirtualStaticstoreTypeList
A representation of a local data cache.
falseSE.DS.TMCore.CacheLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAF1JREFUOE9j+P//PxwzmnrPB+L/BPB5IOaH6SFVMxgzmflcANJgQ0jWDMMwQ8jSDMMgQ0Au0AZiVzKxBcgFWE0nFoMNcM6smoaPxoZhcpS7AIu/SMKjYTAMwsD7PwDo1eAuODnTegAAAABJRU5ErkJggg==CacheGE.DSParallelLinesfalsefalseHTML5 StorageStore TypeVirtualStaticstoreTypeList
A representation of HTML5 local storage.
falseSE.DS.TMCore.HTML5LSLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAS1JREFUOE9j+P//P0UYqyApGEOA0dSbH4jtQTSaOEhMHlkMhFE4QAX6QPweiP+zWfoXoon/h+J4ZD3ImvORFP03TyhMgcm5ZFVpsVr4fUaSnw/EYBfCnAwSAEuCFHYvXpsOlBSFGQDEHEt37I8QcAy7A1PHZOZzAUjLM0AZYEExt6gLZ6/f8QFq4EXSDDcEiC10I7LWIhnygQHZac6ZVQ1ARSxImjBwRvsUf2Q9DO0LVqWg+a8em0YQBsr5g2yFqQ0oae4CSfCCnI3sPyCej0VzPEweKZykYApYjl++7gIKA5giIM5H0gyPRm7boBcgVwPFweEEtwGIQX43gQUStmgEWXDyyk13oBg8kJENgGF1IHYFYpRoBGJHIDYBYpRAhjPIxVgFScFYBYnH/xkAObxzbhFjTVgAAAAASUVORK5CYII=HTML5 Local StorageGE.DSParallelLinesfalsefalseNoYesHTTPOnlyVirtualDynamicHTTPOnlyListfalseCookieStore TypeVirtualStaticstoreTypeList
A representation of cookie storage.
falseSE.DS.TMCore.CookieLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAGFJREFUOE9jYDT1/k8JBhvgnFk1rWTCnGJSMdwA1+zqsP///wuSiuEG6EZk+QAF0L1jj0UMQw6nATAxIHbFgkEuIM4AZDEkjN0FQIxhC5oYihyGASA2Eh4NgxEWBuRj7/8An7gYjzKNJXgAAAAASUVORK5CYII=CookiesGE.DSParallelLinesfalsefalseNoYesGPSVirtualDynamicGPSListfalseNoYesContactsVirtualDynamicContactsListfalseNoYesCalendar EventsVirtualDynamicCalendarListfalseNoYesSMS messagesVirtualDynamicSMSmessagesListfalseNoYesCached CredentialsVirtualDynamicCredsListfalseNoYesEnterprise DataVirtualDynamicEnterpriseListfalseNoYesMessaging Data (Mail, IM, SMS)VirtualDynamice-mailListfalseNoYesSIM StorageVirtualDynamicSIMListfalseNoYesOther DataVirtualDynamicmiscListfalseDeviceStore TypeVirtualStaticstoreTypeList
A representation of device local storage.
falseSE.DS.TMCore.DeviceLower right of stenciliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAKpJREFUOE9j+P//P0UYzmA09bYH4v9E4noMAzisA7ZgUYgVM5v7fEQxACgoj66ICBwPNwBo+2QsCvBidiv/K2ADgBx+kJPQFRCJ7Rk4rQOTsEgQhblsApcysJj7PsImSSwGeQGrBLEYbIBzZtW0kglziknFcANcs6vDQLRuRJYPOg0MaUF0jKwGbABUoStUAToNT2xIGCwHN4ASDDONbIzuNJIxVkHi8X8GAIAQEkmTSFVLAAAAAElFTkSuQmCCDeviceGE.DSParallelLinesfalsefalseNoSource AuthenticatedVirtualStaticauthenticatesSourceListfalseNoDestination AuthenticatedVirtualStaticauthenticatesDestinationListfalseNoProvides ConfidentialityVirtualStaticprovidesConfidentialityListfalseNoProvides IntegrityVirtualStaticprovidesIntegrityList
A representation of an HTTP data flow.
falseSE.DF.TMCore.HTTPBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAADhJREFUOE9jYDT1/k8JHjWAWgaAAIwmBWA1AEQTw4bRcANgAF0hNjYMgPhkuwCGqWMAJXjUAO//APzi2/y5tNUIAAAAAElFTkSuQmCCHTTPGE.DFLinefalsefalseYesDestination AuthenticatedVirtualStaticauthenticatesDestinationListfalseYesProvides ConfidentialityVirtualStaticprovidesConfidentialityListfalseYesProvides IntegrityVirtualStaticprovidesIntegrityList
A representation of an HTTPS data flow.
falseSE.DF.TMCore.HTTPSBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAP9JREFUOE+10s1mQ0EYxvFECCGr3EcI0dBVKeFw6B1kFULpKqvSVSkl5A5yE9lmFbINJWSVVbZZhRBKmf6f8U5NT9pptbL4OWfmvO8zH06pfJG7/zh7wAzX6GCIFT7VpALWqDrnSoHGeLbvXirgMWp8wAKZjSfwdamApyhgbnNvuEQdW82lApZRwBVebX5kc/4oqQDxW7aGNkZo2riPkwDd8tTete1aCCji21h1xYAXNHAP38yzC61WiZqbOOAjYIM9dK67qDDDEarZQf/FErpMv2gI0HZaGBSaw8V9KwRIL2rO8WOzhAAV1635xsYnxV+Jd6CLusWvmyUO+IPcvQN8C4wQAsHzwgAAAABJRU5ErkJggg==HTTPSGE.DFLinefalse
A representation of an Binary data flow.
falseSE.DF.TMCore.BinaryBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAGNJREFUOE9jYDT1/k8JhhnwGYjnAPEHKB8fBqkBqQXpgRswGYhB7BYoHx8GqQGpBelBccFMIH4L5ePDIDUgtSguIBtT3wAgYMCH0dVT3wBSMfUNQHcyOkZXPxwNIBVTaID3fwAn5sGwmvgmbgAAAABJRU5ErkJggg==BinaryGE.DFLinefalsefalseYesSource AuthenticatedVirtualStaticauthenticatesSourceListfalseYesDestination AuthenticatedVirtualStaticauthenticatesDestinationListfalseYesProvides ConfidentialityVirtualStaticprovidesConfidentialityListfalseYesProvides IntegrityVirtualStaticprovidesIntegrityList
A representation of an IPsec data flow.
falseSE.DF.TMCore.IPsecBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAPtJREFUOE+l0kFnA0EYxvGtUErIqdeeeiqlRG6lp5xCv0S+wVKW0lPJKacSSk79BqWUEHIKJZR8j5xKCWH6f9a8a2ynnWUPv8g7mecxO5vMOddK+XE0GP1liCU+MMUlqt9TBRfYwwU0Fyj3pAoeYMFHXOPdz2MkC+5hBTd+rYM1vnCWKujDClY4htbv/FqRKhA7smyg8NbP81iBbvnWf9exv2EFdXms4Ao7TGDhBeY4+Fl0im5YcI4e9IqeYBv1CCfQnlPof6G70WWWWSvI8YlnhGG7uKiwQF5g4Tf8G5awQJv1bhV+9fOvQF39BLqoGRqFpSpoI7rYnMt+APCSd3DankzjAAAAAElFTkSuQmCCIPsecGE.DFLinefalse
A representation of a named pipe data flow.
falseSE.DF.TMCore.NamedPipeBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAKxJREFUOE9jYDT1rgDin0D8HwueD8QgNfxAfBIqhowvgSS/AfFtIJ6JAzsBMS5DwAaAGEuBGMTGh0EGHANisgzApploA7BpLoWKwQ2YBsToGkEYm78zgRgkxwPEM0EMfAZwAvFeIEbXDMPMIAKfASAMMwRdcxQQE2UALrwFiKeBGJQYQDAQ8eHBYcA9EIMSAx6CGJ+B+BUQnyERfwBisBdCgPgwVJAUDEwb3vYAyzfmxSXYv1YAAAAASUVORK5CYII=Named PipeGE.DFLinefalse
A representation of a SMBv1 or SMBv2 data flow.
falseSE.DF.TMCore.SMBBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEhJREFUOE/NzLENACAMA8EwFFNk/3kCpotc2VBg6eTuY8ysGyewF463AbyCAo4WwCso4GgBvIICjhbAKyjgaAG8ggKOjwK+rAUpwkqHruWEswAAAABJRU5ErkJggg==SMBGE.DFLinefalse
A representation of an RPC or Distributed COM (DCOM) data flow.
falseSE.DF.TMCore.RPCBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAG5JREFUOE+VjMENwDAIA5OhOkX3n4eqSK4cakfhEeQ7E0ZE5JvXHe8Dn7rWsnKtZTD79oGa7bJyKttl5cDsbcEerNwnIWpmVk5+4sys3CJrWVk5W4CdB28PuMycQxW7zJxDFWDnwfbAqWst/12MB+3XXGPkZTU+AAAAAElFTkSuQmCCRPC or DCOMGE.DFLinefalse
A representation of an (Advanced) Local Procedure Call data flow.
falseSE.DF.TMCore.ALPCBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEtJREFUOE9j+P//P1bMaOr9Hx2jqwFhDAEYHngDYBiXRhjGKoiMR5IBIIWkYmwGgGh0jFN8OBkA4qBhbGJYxbEagMNQrOIUGuD9HwBIkRfD8QF9EgAAAABJRU5ErkJggg==ALPCGE.DFLinefalse
User Data Protocol Transport.
falseSE.DF.TMCore.UDPBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEtJREFUOE9j+P//P1bMaOr9Hx2jqwFhDAEYHngDYBiXRhjGKoiMR5IBIIWkYmwGgGh0jFN8OBkA4qBhbGJYxbEagMNQrOIUGuD9HwBIkRfD8QF9EgAAAABJRU5ErkJggg==UDPGE.DFLinefalse
An interface for an application to communicate to a device driver.
falseSE.DF.TMCore.IOCTLBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEtJREFUOE9j+P//P1bMaOr9Hx2jqwFhDAEYHngDYBiXRhjGKoiMR5IBIIWkYmwGgGh0jFN8OBkA4qBhbGJYxbEagMNQrOIUGuD9HwBIkRfD8QF9EgAAAABJRU5ErkJggg==IOCTL InterfaceGE.DFLinefalse
An arc representation of an Internet trust boundary.
falseSE.TB.L.TMCore.InternetBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAZdEVYdFNvZnR3YXJlAEFkb2JlIEltYWdlUmVhZHlxyWU8AAABX0lEQVQ4T2NgNPXGh/mhGJscGCNzQArtgVgfxmcy87kAwlA5ZLVwDGOAFQPp/1Dcj8zHZwiY4LUPdgLSMM0YmM8+5JaAY5gRkI3dAJuUUlsgjVUzCM/ZuDPg////vEA2dgNAkqpBKTuBbKwGRNV0iQNpmCZQGMG9AxPk57IJvA6ksRrAYu67EEjLA7E+s7nPReQwAWtGC0CiMMwQkPNZ5H0TtqArIIRBAWueUCgM9gLQEG1QGHDbBr1YuftQDJDvapFYtAhdEwwDY+TO8cvXXUCWw8IAbMjCrXtDgDQHlK8E04CO1YPTVoA0A9nwQIQZAtYMxaBAw2oAFINSLaoBSFgfGEgPgDQ2jWAs5hZVCaSxGwB0Ca+iX9I2IBusGORn3YistTA+q4Xf59KJcy1BarEaAMJAQ8ABixRg6omN/fWgwF26Y38EzLsghfiwNhBbADELlC8KxEpAzAHh/2cAANCSU7ngF2KpAAAAAElFTkSuQmCCInternet BoundaryGE.TB.LLineBoundaryfalse
An arc representation of a machine trust boundary.
falseSE.TB.L.TMCore.MachineBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAZdEVYdFNvZnR3YXJlAEFkb2JlIEltYWdlUmVhZHlxyWU8AAABX0lEQVQ4T2NgNPXGh/mhGJscGCNzQArtgVgfxmcy87kAwlA5ZLVwDGOAFQPp/1Dcj8zHZwiY4LUPdgLSMM0YmM8+5JaAY5gRkI3dAJuUUlsgjVUzCM/ZuDPg////vEA2dgNAkqpBKTuBbKwGRNV0iQNpmCZQGMG9AxPk57IJvA6ksRrAYu67EEjLA7E+s7nPReQwAWtGC0CiMMwQkPNZ5H0TtqArIIRBAWueUCgM9gLQEG1QGHDbBr1YuftQDJDvapFYtAhdEwwDY+TO8cvXXUCWw8IAbMjCrXtDgDQHlK8E04CO1YPTVoA0A9nwQIQZAtYMxaBAw2oAFINSLaoBSFgfGEgPgDQ2jWAs5hZVCaSxGwB0Ca+iX9I2IBusGORn3YistTA+q4Xf59KJcy1BarEaAMJAQ8ABixRg6omN/fWgwF26Y38EzLsghfiwNhBbADELlC8KxEpAzAHh/2cAANCSU7ngF2KpAAAAAElFTkSuQmCCMachine Trust BoundaryGE.TB.LLineBoundaryfalse
A border representation of user-model / kernel-mode separation.
falseSE.TB.L.TMCore.KernelBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAZdEVYdFNvZnR3YXJlAEFkb2JlIEltYWdlUmVhZHlxyWU8AAABX0lEQVQ4T2NgNPXGh/mhGJscGCNzQArtgVgfxmcy87kAwlA5ZLVwDGOAFQPp/1Dcj8zHZwiY4LUPdgLSMM0YmM8+5JaAY5gRkI3dAJuUUlsgjVUzCM/ZuDPg////vEA2dgNAkqpBKTuBbKwGRNV0iQNpmCZQGMG9AxPk57IJvA6ksRrAYu67EEjLA7E+s7nPReQwAWtGC0CiMMwQkPNZ5H0TtqArIIRBAWueUCgM9gLQEG1QGHDbBr1YuftQDJDvapFYtAhdEwwDY+TO8cvXXUCWw8IAbMjCrXtDgDQHlK8E04CO1YPTVoA0A9nwQIQZAtYMxaBAw2oAFINSLaoBSFgfGEgPgDQ2jWAs5hZVCaSxGwB0Ca+iX9I2IBusGORn3YistTA+q4Xf59KJcy1BarEaAMJAQ8ABixRg6omN/fWgwF26Y38EzLsghfiwNhBbADELlC8KxEpAzAHh/2cAANCSU7ngF2KpAAAAAElFTkSuQmCCUser mode or Kernel mode BoundaryGE.TB.LLineBoundaryfalse
A border representation for a Window Store AppContainer boundary.
falseSE.TB.L.TMCore.AppContainerBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAZdEVYdFNvZnR3YXJlAEFkb2JlIEltYWdlUmVhZHlxyWU8AAABX0lEQVQ4T2NgNPXGh/mhGJscGCNzQArtgVgfxmcy87kAwlA5ZLVwDGOAFQPp/1Dcj8zHZwiY4LUPdgLSMM0YmM8+5JaAY5gRkI3dAJuUUlsgjVUzCM/ZuDPg////vEA2dgNAkqpBKTuBbKwGRNV0iQNpmCZQGMG9AxPk57IJvA6ksRrAYu67EEjLA7E+s7nPReQwAWtGC0CiMMwQkPNZ5H0TtqArIIRBAWueUCgM9gLQEG1QGHDbBr1YuftQDJDvapFYtAhdEwwDY+TO8cvXXUCWw8IAbMjCrXtDgDQHlK8E04CO1YPTVoA0A9nwQIQZAtYMxaBAw2oAFINSLaoBSFgfGEgPgDQ2jWAs5hZVCaSxGwB0Ca+iX9I2IBusGORn3YistTA+q4Xf59KJcy1BarEaAMJAQ8ABixRg6omN/fWgwF26Y38EzLsghfiwNhBbADELlC8KxEpAzAHh/2cAANCSU7ngF2KpAAAAAElFTkSuQmCCAppContainer BoundaryGE.TB.LLineBoundaryfalse
A border representation of a corporate network trust boundary.
falseSE.TB.B.TMCore.CorpNetBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCCorpNet Trust BoundaryGE.TB.BBorderBoundaryfalse
A border representation of a sandbox trust boundary.
falseSE.TB.B.TMCore.SandboxBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCSandbox Trust Boundary BorderGE.TB.BBorderBoundaryfalsefalseNoYesLow Integrity Level SandboxVirtualDynamicIntegrityLevelListfalseNoYesApp Container SandboxVirtualDynamicAppContainerListfalseNoYesJavaScript SandboxVirtualDynamicJavaScriptListfalseNoYesFlash SandboxVirtualDynamicFlashList
Describes the types of trust boundaries implemented by Internet Explorer.
falseSE.TB.B.TMCore.IEBBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCInternet Explorer BoundariesGE.TB.BBorderBoundaryfalsefalseNoYesChrome JavaScript SandboxVirtualDynamicChromeJavaListfalseNoYesChrome SandboxVirtualDynamicChromeListfalseNoYesFirefox JavaScript SandboxVirtualDynamicFirefoxJavaList
Describes the types of trust boundaries implemented by Google Chrome and Firefox.
falseSE.TB.B.TMCore.NonIEBBefore labeliVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCCOther Browsers BoundariesGE.TB.BBorderBoundaryfalseSSpoofingSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.falseTTamperingTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.falseRRepudiationRepudiation threats involve an adversary denying that something happened.falseIInformation DisclosureInformation disclosure happens when the information can be read by an unauthorized party.falseDDenial Of ServiceDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.falseEElevation Of PrivilegeA user subject gains increased capability or privilege by taking advantage of an implementation bug.falseAAbuseAbuse is when a legitimate user violates the terms of use for the system without violating a system security policy.truetrueTitlefalseac0f9ea8-3b39-4ce9-bac2-6787124d7b480UserThreatCategoryfalse0UserThreatShortDescriptionfalseSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.Repudiation threats involve an adversary denying that something happened.Information disclosure happens when the information can be read by an unauthorized party.Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.A user subject gains increased capability or privilege by taking advantage of an implementation bug.Abuse is when a legitimate user violates the terms of use for the system without violating a system security policy.5d3b996b-aed5-4d95-8cf6-617bb67bf0421UserThreatDescriptionfalsecf377f97-9dea-42d6-ae63-b097c4a8ec4d0StateInformationtrue0406a684-e06e-4643-ba21-0f63104d91310InteractionStringtrued64f8926-f09d-4d67-a86f-fb4ad503645103302d8cb-4f2b-4563-aa32-f47333bd4be8false3302d8cb-4f2b-4563-aa32-f47333bd4be80PriorityfalseHighMediumLowbc9c6e2a-15d0-4863-9cac-589e51e4ca1e1f42499a2-b1a0-445b-88ac-f22aa5dc4e09falseAdopterEdgeX FoundryThird PartyNo mitigation or not applicablef42499a2-b1a0-445b-88ac-f22aa5dc4e0917a70fe71-64fa-4b97-b171-38b5a064c295falseMitigation neededMitigation writtenMitigation reviewedMitigation finalCannot mitigate or not appilcableMitigation Research needed7a70fe71-64fa-4b97-b171-38b5a064c2951falseSThreat was migrated from V3.source is 'ROOT'SUUserThreatShortDescriptiontrueSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseThreat was migrated from V3.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Spoofing (v3)falseS{source.Name} may be spoofed by an attacker and this may lead to unauthorized access to {target.Name}. Consider using a standard authentication mechanism to identify the source process.flow.authenticatesSource is 'Yes' or source.implementsAuthenticationScheme is 'Yes'source is 'GE.P' and (target is 'GE.P' or target is 'GE.DS') and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')S1UserThreatShortDescriptiontrueSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalse{source.Name} may be spoofed by an attacker and this may lead to unauthorized access to {target.Name}. Consider using a standard authentication mechanism to identify the source process.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Spoofing the {source.Name} ProcessfalseS{target.Name} may be spoofed by an attacker and this may lead to information disclosure by {source.Name}. Consider using a standard authentication mechanism to identify the destination process.flow.authenticatesDestination is 'Yes'(source is 'GE.P' or source is 'GE.EI' or source is 'GE.DS') and target is 'GE.P' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')S2UserThreatShortDescriptiontrueSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalse{target.Name} may be spoofed by an attacker and this may lead to information disclosure by {source.Name}. Consider using a standard authentication mechanism to identify the destination process.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Spoofing the {target.Name} ProcessfalseS{source.Name} may be spoofed by an attacker and this may lead to unauthorized access to {target.Name}. Consider using a standard authentication mechanism to identify the external entity.source.authenticatesItself is 'Yes' or flow.authenticatesSource is 'Yes'source is 'GE.EI' and target is 'GE.P'S3UserThreatShortDescriptiontrueSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalse{source.Name} may be spoofed by an attacker and this may lead to unauthorized access to {target.Name}. Consider using a standard authentication mechanism to identify the external entity.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Spoofing the {source.Name} External EntityfalseS{source.Name} may be spoofed by an attacker and this may lead to incorrect data delivered to {target.Name}. Consider using a standard authentication mechanism to identify the source data store.source is 'GE.DS'S7UserThreatShortDescriptiontrueSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalse{source.Name} may be spoofed by an attacker and this may lead to incorrect data delivered to {target.Name}. Consider using a standard authentication mechanism to identify the source data store.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Spoofing of Source Data Store {source.Name}falseS{target.Name} may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of {target.Name}. Consider using a standard authentication mechanism to identify the destination data store.target is 'GE.DS'S7.1UserThreatShortDescriptiontrueSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalse{target.Name} may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of {target.Name}. Consider using a standard authentication mechanism to identify the destination data store.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Spoofing of Destination Data Store {target.Name}falseS{target.Name} may be spoofed by an attacker and this may lead to data being sent to the attacker's target instead of {target.Name}. Consider using a standard authentication mechanism to identify the external entity.source is 'GE.P' and target is 'GE.EI' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')S8UserThreatShortDescriptiontrueSpoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalse{target.Name} may be spoofed by an attacker and this may lead to data being sent to the attacker's target instead of {target.Name}. Consider using a standard authentication mechanism to identify the external entity.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Spoofing of the {target.Name} External Destination EntityfalseTThreat was migrated from V3.source is 'ROOT'TUUserThreatShortDescriptiontrueTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseThreat was migrated from V3.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Tampering (v3)falseTData flowing across {flow.Name} may be tampered with by an attacker. This may lead to a denial of service attack against {target.Name} or an elevation of privilege attack against {target.Name} or an information disclosure by {target.Name}. Failure to verify that input is as expected is a root cause of a very large number of exploitable issues. Consider all paths and the way they handle data. Verify that all input is verified for correctness using an approved list input validation approach.(flow.providesConfidentiality is 'Yes' and flow.providesIntegrity is 'Yes')(source is 'GE.P' or source is 'GE.EI') and target is 'GE.P' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')T1UserThreatShortDescriptiontrueTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseData flowing across {flow.Name} may be tampered with by an attacker. This may lead to a denial of service attack against {target.Name} or an elevation of privilege attack against {target.Name} or an information disclosure by {target.Name}. Failure to verify that input is as expected is a root cause of a very large number of exploitable issues. Consider all paths and the way they handle data. Verify that all input is verified for correctness using an approved list input validation approach.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Potential Lack of Input Validation for {target.Name}falseTIf {source.Name} is given access to memory, such as shared memory or pointers, or is given the ability to control what {target.Name} executes (for example, passing back a function pointer.), then {source.Name} can tamper with {target.Name}. Consider if the function could work with less access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.source is 'GE.P' and target is 'GE.P' and target.codeType is 'Unmanaged'T2UserThreatShortDescriptiontrueTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseIf {source.Name} is given access to memory, such as shared memory or pointers, or is given the ability to control what {target.Name} executes (for example, passing back a function pointer.), then {source.Name} can tamper with {target.Name}. Consider if the function could work with less access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950{source.Name} Process Memory TamperedfalseTPackets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways. Implement or utilize an existing communication protocol that supports anti-replay techniques (investigate sequence numbers before timers) and strong integrity.source is 'GE.P' and target is 'GE.P' and source.implementsCommunicationProtocol is 'Yes'T3UserThreatShortDescriptiontrueTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalsePackets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways. Implement or utilize an existing communication protocol that supports anti-replay techniques (investigate sequence numbers before timers) and strong integrity.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Replay AttacksfalseTAttackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before filtering it, and ensure you explicitly handle these sorts of cases.source is 'GE.P' and target is 'GE.P' and source.implementsCommunicationProtocol is 'Yes'T4UserThreatShortDescriptiontrueTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseAttackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before filtering it, and ensure you explicitly handle these sorts of cases.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Collision AttacksfalseTLog readers can come under attack via log files. Consider ways to canonicalize data in all logs. Implement a single reader for the logs, if possible, in order to reduce attack surface area. Be sure to understand and document log file elements which come from untrusted sources.(source is 'GE.P' and target is 'GE.DS' and target.storesLogData is 'Yes') or (target is 'GE.P' and source is 'GE.DS' and source.storesLogData is 'Yes')T5UserThreatShortDescriptiontrueTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseLog readers can come under attack via log files. Consider ways to canonicalize data in all logs. Implement a single reader for the logs, if possible, in order to reduce attack surface area. Be sure to understand and document log file elements which come from untrusted sources.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Risks from LoggingfalseTAn attacker can read or modify data transmitted over an authenticated dataflow.(flow.providesConfidentiality is 'Yes' and flow.providesIntegrity is 'Yes')(flow.authenticatesSource is 'Yes' or flow.authenticatesDestination is 'Yes')T6UserThreatShortDescriptiontrueTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseAn attacker can read or modify data transmitted over an authenticated dataflow.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Authenticated Data Flow CompromisedfalseTSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.
(target is 'SE.DS.TMCore.SQL' and source is 'GE.P')
T7UserThreatShortDescriptiontrueTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Potential SQL Injection Vulnerability for {target.Name}falseTSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.
(target is 'SE.DS.TMCore.SQL' and source is 'GE.EI')
T8UserThreatShortDescriptiontrueTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseSQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Possible SQL Injection Vulnerability for {target.Name}falseTIf a dataflow contains XML, XML processing threats (DTD and XSLT code execution) may be exploited.(flow.XMLenc is 'Yes' and target is 'GE.P')T11UserThreatShortDescriptiontrueTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseIf a dataflow contains XML, XML processing threats (DTD and XSLT code execution) may be exploited.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950XML DTD and XSLT ProcessingfalseTIf a dataflow contains JSON, JSON processing and hijacking threats may be exploited.((flow is 'SE.DF.TMCore.HTTP' or flow is 'SE.DF.TMCore.HTTPS') and flow.JSON is 'Yes' and target is 'GE.P')T12UserThreatShortDescriptiontrueTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseIf a dataflow contains JSON, JSON processing and hijacking threats may be exploited.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950JavaScript Object Notation ProcessingfalseTThe web server '{target.Name}' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.(target.hasOutputSanitizers is 'Yes') and (target.hasInputSanitizers is 'Yes')(target is 'SE.P.TMCore.WebServer' or target is 'SE.P.TMCore.WebApp')T13.1UserThreatShortDescriptiontrueTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseThe web server '{target.Name}' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Cross Site ScriptingfalseTThe web server '{target.Name}' could be a subject to a persistent cross-site scripting attack because it does not sanitize data store '{source.Name}' inputs and output.(target.hasOutputSanitizers is 'Yes') and (target.hasInputSanitizers is 'Yes')(target is 'SE.P.TMCore.WebServer' or target is 'SE.P.TMCore.WebApp') and source is 'GE.DS'T13.2UserThreatShortDescriptiontrueTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseThe web server '{target.Name}' could be a subject to a persistent cross-site scripting attack because it does not sanitize data store '{source.Name}' inputs and output.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Persistent Cross Site ScriptingfalseTData flowing across {flow.Name} may be tampered with by an attacker. This may lead to corruption of {target.Name}. Ensure the integrity of the data flow to the data store.(source is 'GE.P' or source is 'GE.EI') and target is 'GE.DS' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')T18UserThreatShortDescriptiontrueTampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseData flowing across {flow.Name} may be tampered with by an attacker. This may lead to corruption of {target.Name}. Ensure the integrity of the data flow to the data store.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950The {target.Name} Data Store Could Be CorruptedfalseRThreat was migrated from V3.source is 'ROOT'RUUserThreatShortDescriptiontrueRepudiation threats involve an adversary denying that something happened.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseThreat was migrated from V3.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Repudiation (v3)falseRIf you have trust levels, is anyone other outside of the highest trust level allowed to log? Letting everyone write to your logs can lead to repudiation problems. Only allow trusted code to log.(source is 'GE.P' or source is 'GE.EI') and (target is 'GE.DS') and (target.storesLogData is 'Yes')R1UserThreatShortDescriptiontrueRepudiation threats involve an adversary denying that something happened.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseIf you have trust levels, is anyone other outside of the highest trust level allowed to log? Letting everyone write to your logs can lead to repudiation problems. Only allow trusted code to log.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Lower Trusted Subject Updates LogsfalseRDo you accept logs from unknown or weakly authenticated users or systems? Identify and authenticate the source of the logs before accepting them.(source is 'GE.P' or source is 'GE.EI') and (target is 'GE.DS') and (target.storesLogData is 'Yes')R2UserThreatShortDescriptiontrueRepudiation threats involve an adversary denying that something happened.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseDo you accept logs from unknown or weakly authenticated users or systems? Identify and authenticate the source of the logs before accepting them.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Data Logs from an Unknown SourcefalseRDoes the log capture enough data to understand what happened in the past? Do your logs capture enough data to understand an incident after the fact? Is such capture lightweight enough to be left on all the time? Do you have enough data to deal with repudiation claims? Make sure you log sufficient and appropriate data to handle a repudiation claims. You might want to talk to an audit expert as well as a privacy expert about your choice of data.source is 'GE.P' and target is 'GE.DS' and target.storesLogData is 'Yes'R3UserThreatShortDescriptiontrueRepudiation threats involve an adversary denying that something happened.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseDoes the log capture enough data to understand what happened in the past? Do your logs capture enough data to understand an incident after the fact? Is such capture lightweight enough to be left on all the time? Do you have enough data to deal with repudiation claims? Make sure you log sufficient and appropriate data to handle a repudiation claims. You might want to talk to an audit expert as well as a privacy expert about your choice of data.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Insufficient AuditingfalseRConsider what happens when the audit mechanism comes under attack, including attempts to destroy the logs, or attack log analysis programs. Ensure access to the log is through a reference monitor, which controls read and write separately. Document what filters, if any, readers can rely on, or writers should expectsource is 'GE.P' and target is 'GE.DS' and target.storesLogData is 'Yes'R4UserThreatShortDescriptiontrueRepudiation threats involve an adversary denying that something happened.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseConsider what happens when the audit mechanism comes under attack, including attempts to destroy the logs, or attack log analysis programs. Ensure access to the log is through a reference monitor, which controls read and write separately. Document what filters, if any, readers can rely on, or writers should expectcf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Potential Weak Protections for Audit DatafalseR{target.Name} claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.target is 'GE.P' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')R6UserThreatShortDescriptiontrueRepudiation threats involve an adversary denying that something happened.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalse{target.Name} claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Potential Data Repudiation by {target.Name}falseR{target.Name} claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.target is 'GE.EI' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')R7UserThreatShortDescriptiontrueRepudiation threats involve an adversary denying that something happened.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalse{target.Name} claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950External Entity {target.Name} Potentially Denies Receiving DatafalseR{target.Name} claims that it did not write data received from an entity on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.target is 'GE.DS' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')R8UserThreatShortDescriptiontrueRepudiation threats involve an adversary denying that something happened.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalse{target.Name} claims that it did not write data received from an entity on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Data Store Denies {target.Name} Potentially Writing DatafalseIThreat was migrated from V3.source is 'ROOT'IUUserThreatShortDescriptiontrueInformation disclosure happens when the information can be read by an unauthorized party.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseThreat was migrated from V3.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Information Disclosure (v3)falseICan you access {target.Name} and bypass the permissions for the object? For example by editing the files directly with a hex editor, or reaching it via filesharing? Ensure that your program is the only one that can access the data, and that all other subjects have to use your interface.source is 'GE.P' and target is 'GE.DS' and source.implementsCustomAuthorizationMechanism is 'Yes'I2UserThreatShortDescriptiontrueInformation disclosure happens when the information can be read by an unauthorized party.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseCan you access {target.Name} and bypass the permissions for the object? For example by editing the files directly with a hex editor, or reaching it via filesharing? Ensure that your program is the only one that can access the data, and that all other subjects have to use your interface.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Authorization BypassfalseIData flowing across {flow.Name} may be sniffed by an attacker. Depending on what type of data an attacker can read, it may be used to attack other parts of the system or simply be a disclosure of information leading to compliance violations. Consider encrypting the data flow.flow.providesConfidentiality is 'Yes'((source is 'GE.P' or source is 'GE.EI') and target is 'GE.P' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')) or (source is 'GE.P' and target is 'GE.DS' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B'))I6UserThreatShortDescriptiontrueInformation disclosure happens when the information can be read by an unauthorized party.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseData flowing across {flow.Name} may be sniffed by an attacker. Depending on what type of data an attacker can read, it may be used to attack other parts of the system or simply be a disclosure of information leading to compliance violations. Consider encrypting the data flow.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Data Flow SniffingfalseIImproper data protection of {source.name} can allow an attacker to read information not intended for disclosure. Review authorization settings.source is 'GE.DS' and (target is 'GE.P' or target is 'GE.EI')I23UserThreatShortDescriptiontrueInformation disclosure happens when the information can be read by an unauthorized party.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseImproper data protection of {source.name} can allow an attacker to read information not intended for disclosure. Review authorization settings.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Weak Access Control for a ResourcefalseICredentials held at the server are often disclosed or tampered with and credentials stored on the client are often stolen. For server side, consider storing a salted hash of the credentials instead of storing the credentials themselves. If this is not possible due to business requirements, be sure to encrypt the credentials before storage, using an SDL-approved mechanism. For client side, if storing credentials is required, encrypt them and protect the data store in which they're storedsource is 'GE.P' and target is 'GE.DS' and target.storesCredentials is 'Yes'I24UserThreatShortDescriptiontrueInformation disclosure happens when the information can be read by an unauthorized party.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseCredentials held at the server are often disclosed or tampered with and credentials stored on the client are often stolen. For server side, consider storing a salted hash of the credentials instead of storing the credentials themselves. If this is not possible due to business requirements, be sure to encrypt the credentials before storage, using an SDL-approved mechanism. For client side, if storing credentials is required, encrypt them and protect the data store in which they're storedcf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Weak Credential StoragefalseICredentials on the wire are often subject to sniffing by an attacker. Are the credentials re-usable/re-playable? Are credentials included in a message? For example, sending a zip file with the password in the email. Use strong cryptography for the transmission of credentials. Use the OS libraries if at all possible, and consider cryptographic algorithm agility, rather than hardcoding a choice.flow is 'SE.DF.TMCore.HTTPS' or flow is 'SE.DF.TMCore.IPsec'source is 'GE.P' and (target is 'GE.P' or target is 'GE.DS') and (flow crosses 'SE.TB.L.TMCore.Machine')I25UserThreatShortDescriptiontrueInformation disclosure happens when the information can be read by an unauthorized party.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseCredentials on the wire are often subject to sniffing by an attacker. Are the credentials re-usable/re-playable? Are credentials included in a message? For example, sending a zip file with the password in the email. Use strong cryptography for the transmission of credentials. Use the OS libraries if at all possible, and consider cryptographic algorithm agility, rather than hardcoding a choice.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Weak Credential TransitfalseICustom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system. Consider the impact and potential mitigations for your custom authentication scheme.source is 'GE.P' and target is 'GE.P' and source.implementsAuthenticationScheme is 'Yes'I26UserThreatShortDescriptiontrueInformation disclosure happens when the information can be read by an unauthorized party.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseCustom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system. Consider the impact and potential mitigations for your custom authentication scheme.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Weak Authentication SchemefalseDThreat was migrated from V3.source is 'ROOT'DUUserThreatShortDescriptiontrueDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseThreat was migrated from V3.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Denial Of Service (v3)falseDDoes {source.Name} or {target.Name} take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.source is 'GE.P' and target is 'GE.DS'D2UserThreatShortDescriptiontrueDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseDoes {source.Name} or {target.Name} take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Potential Excessive Resource Consumption for {source.Name} or {target.Name}falseD{target.Name} crashes, halts, stops or runs slowly; in all cases violating an availability metric.target is 'GE.P' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')D3UserThreatShortDescriptiontrueDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalse{target.Name} crashes, halts, stops or runs slowly; in all cases violating an availability metric.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Potential Process Crash or Stop for {target.Name}falseDAn external agent interrupts data flowing across a trust boundary in either direction.(flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')D4UserThreatShortDescriptiontrueDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseAn external agent interrupts data flowing across a trust boundary in either direction.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Data Flow {flow.Name} Is Potentially InterruptedfalseDAn external agent prevents access to a data store on the other side of the trust boundary.(source is 'GE.DS' or target is 'GE.DS') and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')D5UserThreatShortDescriptiontrueDenial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseAn external agent prevents access to a data store on the other side of the trust boundary.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Data Store InaccessiblefalseEThreat was migrated from V3.source is 'ROOT'EUUserThreatShortDescriptiontrueA user subject gains increased capability or privilege by taking advantage of an implementation bug.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseThreat was migrated from V3.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Elevation Of Privilege (v3)falseECommon SSO implementations such as OAUTH2 and OAUTH Wrap are vulnerable to MitM attacks.(target is 'SE.EI.TMCore.AuthProvider' and target.MS is 'Yes')target is 'SE.EI.TMCore.AuthProvider'E3UserThreatShortDescriptiontrueA user subject gains increased capability or privilege by taking advantage of an implementation bug.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseCommon SSO implementations such as OAUTH2 and OAUTH Wrap are vulnerable to MitM attacks.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Weakness in SSO AuthorizationfalseE{target.Name} may be able to impersonate the context of {source.Name} in order to gain additional privilege.(source is 'GE.EI' or source is 'GE.P') and target is 'GE.P'E5UserThreatShortDescriptiontrueA user subject gains increased capability or privilege by taking advantage of an implementation bug.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalse{target.Name} may be able to impersonate the context of {source.Name} in order to gain additional privilege.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Elevation Using ImpersonationfalseE{source.Name} may be able to remotely execute code for {target.Name}.target is 'GE.P' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')E6UserThreatShortDescriptiontrueA user subject gains increased capability or privilege by taking advantage of an implementation bug.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalse{source.Name} may be able to remotely execute code for {target.Name}.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950{target.Name} May be Subject to Elevation of Privilege Using Remote Code ExecutionfalseEAn attacker may pass data into {target.Name} in order to change the flow of program execution within {target.Name} to the attacker's choosing.target is 'GE.P' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')E7UserThreatShortDescriptiontrueA user subject gains increased capability or privilege by taking advantage of an implementation bug.5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseAn attacker may pass data into {target.Name} in order to change the flow of program execution within {target.Name} to the attacker's choosing.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Elevation by Changing the Execution Flow in {target.Name}falseECross-site request forgery (CSRF or XSRF) is a type of attack in which an attacker forces a user's browser to make a forged request to a vulnerable site by exploiting an existing trust relationship between the browser and the vulnerable web site. In a simple scenario, a user is logged in to web site A using a cookie as a credential. The other browses to web site B. Web site B returns a page with a hidden form that posts to web site A. Since the browser will carry the user's cookie to web site A, web site B now can take any action on web site A, for example, adding an admin to an account. The attack can be used to exploit any requests that the browser automatically authenticates, e.g. by session cookie, integrated authentication, IP whitelisting. The attack can be carried out in many ways such as by luring the victim to a site under control of the attacker, getting the user to click a link in a phishing email, or hacking a reputable web site that the victim will visit. The issue can only be resolved on the server side by requiring that all authenticated state-changing requests include an additional piece of secret payload (canary or CSRF token) which is known only to the legitimate web site and the browser and which is protected in transit through SSL/TLS. See the Forgery Protection property on the flow stencil for a list of mitigations.(source is 'SE.P.TMCore.OSProcess' or source is 'SE.P.TMCore.Thread' or source is 'SE.P.TMCore.KernelThread' or source is 'SE.P.TMCore.WinApp' or source is 'SE.P.TMCore.NetApp' or source is 'SE.P.TMCore.WebServer' or source is 'SE.P.TMCore.Win32Service' or source is 'SE.P.TMCore.WebSvc' or source is 'SE.P.TMCore.VM' or (source is 'SE.P.TMCore.Modern' and source.internetClientServer is 'No' and source.internetClient is 'No' ) or source is 'SE.EI.TMCore.AuthProvider' or source is 'SE.EI.TMCore.WebSvc' or source is 'SE.EI.TMCore.WebApp' or source is 'SE.EI.TMCore.Megasevrice' or source is 'SE.EI.TMCore.CRT' or source is 'SE.EI.TMCore.NFX' or source is 'SE.EI.TMCore.WinRT' ) or (target is 'SE.P.TMCore.ThickClient' or target is 'SE.P.TMCore.BrowserClient' or target is 'SE.P.TMCore.PlugIn' or target is 'SE.P.TMCore.Modern') or (flow crosses 'SE.TB.L.TMCore.Machine' or flow crosses 'SE.TB.L.TMCore.Kernel' or flow crosses 'SE.TB.L.TMCore.AppContainer' or flow crosses 'SE.TB.B.TMCore.CorpNet' or flow crosses 'SE.TB.B.TMCore.Sandbox')(source is 'GE.P' or source is 'GE.EI') and (target is 'GE.P' ) and (flow.authenticatesSource is 'Not Selected' or flow.authenticatesSource is 'Yes') and (flow.54851a3b-65da-4902-b4e0-94ef015be735 is 'None' or flow.54851a3b-65da-4902-b4e0-94ef015be735 is 'Not Selected' ) and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')8404dcf5-bdd8-4902-abc2-3b6c967b0261UserThreatShortDescriptiontrue5d3b996b-aed5-4d95-8cf6-617bb67bf0420UserThreatDescriptionfalseCross-site request forgery (CSRF or XSRF) is a type of attack in which an attacker forces a user's browser to make a forged request to a vulnerable site by exploiting an existing trust relationship between the browser and the vulnerable web site. In a simple scenario, a user is logged in to web site A using a cookie as a credential. The other browses to web site B. Web site B returns a page with a hidden form that posts to web site A. Since the browser will carry the user's cookie to web site A, web site B now can take any action on web site A, for example, adding an admin to an account. The attack can be used to exploit any requests that the browser automatically authenticates, e.g. by session cookie, integrated authentication, IP whitelisting. The attack can be carried out in many ways such as by luring the victim to a site under control of the attacker, getting the user to click a link in a phishing email, or hacking a reputable web site that the victim will visit. The issue can only be resolved on the server side by requiring that all authenticated state-changing requests include an additional piece of secret payload (canary or CSRF token) which is known only to the legitimate web site and the browser and which is protected in transit through SSL/TLS. See the Forgery Protection property on the flow stencil for a list of mitigations.cf377f97-9dea-42d6-ae63-b097c4a8ec4d0Priorityfalsebc9c6e2a-15d0-4863-9cac-589e51e4ca1e0f42499a2-b1a0-445b-88ac-f22aa5dc4e09falsef42499a2-b1a0-445b-88ac-f22aa5dc4e0907a70fe71-64fa-4b97-b171-38b5a064c295false7a70fe71-64fa-4b97-b171-38b5a064c2950Cross Site Request Forgery