Access control

Access control systems authenticate users and enforce authorization, avoiding that attackers or unauthorized users reach unpermitted services and resources, modify system configurations, and take control of them.
Access control is needed to identify actors who try to interact with the system, or take place in a network, and it defines if they are authorized or not.
The installation of backdoors in the system, and the exfiltration of data from it can be prevented or at least made more difficult if an access control is implemented. Furthermore, it can protect from alteration of system settings, disablement of defenses, or from the deletion of logs.Without the access control, the attacker could take control of the asset, abusing the resources, misconfiguring OBCP to hijack or damage it, he can interrupt the provided services or also take possession of the spacecraft, changing the cryptographic keys. [1]

ID: M2022
Version: 1.3
Created: 29 September 2022
Last Modified: 06 October 2022

Techniques Addressed by Mitigation

Domain ID Name Use
T1489 .001 Service Stop: Ground system loss
T2035 Side-channel exfiltration
T2026 .001 Temporary loss to telecommand satellite: Replace session keys

References