Draft Proposal for Threat Catalog and Control Catalog Taxonomy (#153)

Co-authored-by: Damien Burks <[email protected]>

services/storage/object/controls.md

@@ -0,0 +1,5 @@
+| Control Id | Objective | Description | Test | Service Taxonomy Id | NIST CSF | MITRE ATT&CK Mitigations | Threats |
+|------------|-----------|-------------|------|---------------------|---------|--------------------------|---------|
+| CCC.OS.C1  | Prevent unencrypted requests to object storage bucket | Block all unencrypted requests to the object storage bucket you own | GIVEN you own the object storage bucket; WHEN an unencrypted HTTP request is made to the bucket; THEN the request should be denied | CCC-020115 | Protect | [M1041](https://attack.mitre.org/mitigations/M1041) | CCC.OS.T1 |
+| CCC.OS.C2  | Prevent object storage data encrypted for impact | Block data plane requests with untrusted KMS keys to the object storage bucket you own | GIVEN you own the object storage bucket; WHEN a data plane request with an untrusted KMS key is made to the object storage bucket; THEN the request should be denied | CCC-020114 | Protect | None | CCC.OS.T2 |
+| CCC.OS.C3  | Prevent the granting of direct public access to the object storage bucket you own | Block the creation or update of buckets with public access | GIVEN you own the object storage bucket; WHEN the access controls on the bucket are updated to grant public access to the bucket; THEN the request should be denied | CCC-020116 | Protect | [M1022](https://attack.mitre.org/mitigations/M1022/)| CCC.OS.T3 |

services/storage/object/threats.md

@@ -0,0 +1,5 @@
+| Threat Id | Name | Description | Service Taxonomy Id | MITRE ATT&CK TTPs |
+|-----------|------|-------------|---------------------|-------------------|
+| CCC.OS.T1 | Attacker intercepts data in transit to a bucket | The object storage service allows communication over HTTP. An attacker can intercept the traffic you send to bucket, in order to read or modify the data. | CCC-020115 | [TA009](https://attack.mitre.org/tactics/TA0009/) [T1557](https://attack.mitre.org/techniques/T1557/) |
+| CCC.OS.T2 | Attacker encrypts objects for ransomware | The object storage service provides several types of encryption where the key is not operated by the CSP. An attacker can encrypt all the data stored in the bucket to ransom the data owner to get the decryption key. Alternatively, an attacker can change the default encryption key, for a similar effect on any new data uploaded. | CCC-020114 | [TA0040](https://attack.mitre.org/tactics/TA0040/) [T1486](https://attack.mitre.org/techniques/T1486/)
+| CCC.OS.T3 | Attacker grants bucket access to untrusted principals | The bucket access controls (e.g. ACLs, bucket policies) can enable access to objects owned by the bucket. An attacker (or someone by negligence) can change (i.e., impair) the bucket access controls and make the content accessible to untrusted principals (via public endpoints, cross-account VPC endpoints, or cross-account access point). | CCC-020116 | [TA0005](https://attack.mitre.org/tactics/TA0005/) [T1562](https://attack.mitre.org/techniques/T1562/) |