CAPEC-546: Incomplete Data Deletion in a Multi-Tenant Environment
An adversary obtains unauthorized information due to insecure or incomplete data deletion in a multi-tenant environment. If a cloud provider fails to completely delete storage and data from former cloud tenants' systems/resources, once these resources are allocated to new, potentially malicious tenants, the latter can probe the provided resources for sensitive information still there.
Last updated
Overview
CAPEC-546 (Incomplete Data Deletion in a Multi-Tenant Environment) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The cloud provider must not assuredly delete part or all of the sensitive data for which they are responsible.The adversary must have the ability to interact with the system.
Skills required
- Low skill: The adversary requires the ability to traverse directory structure.
Consequences
What a successful CAPEC-546 attack can achieve.
Read Data
Affects: Confidentiality
A successful attack that probes application memory will compromise the confidentiality of that data.
How to mitigate it
Defenses that reduce the risk of CAPEC-546.
- Cloud providers should completely delete data to render it irrecoverable and inaccessible from any layer and component of infrastructure resources.
- Deletion of data should be completed promptly when requested.