CAPEC 546 Incomplete Data Deletion in a Multi-Tenant Environment

Draft Detailed Low Risk

Severity Medium

Description

An adversary obtains unauthorized information due to insecure or incomplete data deletion in a multi-tenant environment. If a cloud provider fails to completely delete storage and data from former cloud tenants' systems/resources, once these resources are allocated to new, potentially malicious tenants, the latter can probe the provided resources for sensitive information still there.

CAPEC 546 Incomplete Data Deletion in a Multi-Tenant Environment

Description

Mitigations

Cloud Providers Should Completely Delete Data To Render It Irrecoverable And Inaccessible From Any Layer And Component Of Infrastructure Resources.

Deletion Of Data Should Be Completed Promptly When Requested.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

CAPEC 546 Incomplete Data Deletion in a Multi-Tenant Environment

Description

Mitigations

Cloud Providers Should Completely Delete Data To Render It Irrecoverable And Inaccessible From Any Layer And Component Of Infrastructure Resources.

Deletion Of Data Should Be Completed Promptly When Requested.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Iscriviti alla newsletter