Duke Encounters.tm7

<ThreatModel xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><DrawingSurfaceList><DrawingSurfaceModel z:Id="i1" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">DRAWINGSURFACE</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">ef763f2f-d77d-4c39-9a01-0d17612772a7</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts" xmlns:a="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Diagram</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">Duke Encounters</b:Value></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">DRAWINGSURFACE</TypeId><Borders xmlns:a="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><a:KeyValueOfguidanyType><a:Key>91e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value z:Id="i2" i:type="StencilEllipse"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.P</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">91e0d94d-c94e-4e60-b647-8d7faaee5f75</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Web Server</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">embedded Tomcat</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Code Type</b:DisplayName><b:Name>codeType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Managed</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Process</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Running As</b:DisplayName><b:Name>runningAs</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Kernel</a:string><a:string>System</a:string><a:string>Network Service</a:string><a:string>Local Service</a:string><a:string>Administrator</a:string><a:string>Standard User With Elevation</a:string><a:string>Standard User Without Elevation</a:string><a:string>Windows Store App</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Isolation Level</b:DisplayName><b:Name>Isolation</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>AppContainer</a:string><a:string>Low Integrity Level</a:string><a:string>Microsoft Office Isolated Conversion Environment (MOICE)</a:string><a:string>Sandbox</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Accepts Input From</b:DisplayName><b:Name>acceptsInputFrom</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Any Remote User or Entity</a:string><a:string>Kernel, System, or Local Admin</a:string><a:string>Local or Network Service</a:string><a:string>Local Standard User With Elevation</a:string><a:string>Local Standard User Without Elevation</a:string><a:string>Windows Store Apps or App Container Processes</a:string><a:string>Nothing</a:string><a:string>Other</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses an Authentication Mechanism</b:DisplayName><b:Name>implementsAuthenticationScheme</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses an Authorization Mechanism</b:DisplayName><b:Name>implementsCustomAuthorizationMechanism</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses a Communication Protocol</b:DisplayName><b:Name>implementsCommunicationProtocol</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Sanitizes Input</b:DisplayName><b:Name>hasInputSanitizers</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Sanitizes Output</b:DisplayName><b:Name>hasOutputSanitizers</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.P.TMCore.WebServer</TypeId><Height xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Height><Left xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">511</Left><StrokeDashArray i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"/><StrokeThickness xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1</StrokeThickness><Top xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">215</Top><Width xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Width></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value z:Id="i3" i:type="StencilEllipse"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.P</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Web Application</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">Duke Encounters</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Code Type</b:DisplayName><b:Name>codeType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Unmanaged</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Process</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Running As</b:DisplayName><b:Name>runningAs</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Kernel</a:string><a:string>System</a:string><a:string>Network Service</a:string><a:string>Local Service</a:string><a:string>Administrator</a:string><a:string>Standard User With Elevation</a:string><a:string>Standard User Without Elevation</a:string><a:string>Windows Store App</a:string></b:Value><b:SelectedIndex>4</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Isolation Level</b:DisplayName><b:Name>Isolation</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>AppContainer</a:string><a:string>Low Integrity Level</a:string><a:string>Microsoft Office Isolated Conversion Environment (MOICE)</a:string><a:string>Sandbox</a:string></b:Value><b:SelectedIndex>1</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Accepts Input From</b:DisplayName><b:Name>acceptsInputFrom</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Any Remote User or Entity</a:string><a:string>Kernel, System, or Local Admin</a:string><a:string>Local or Network Service</a:string><a:string>Local Standard User With Elevation</a:string><a:string>Local Standard User Without Elevation</a:string><a:string>Windows Store Apps or App Container Processes</a:string><a:string>Nothing</a:string><a:string>Other</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses an Authentication Mechanism</b:DisplayName><b:Name>implementsAuthenticationScheme</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>1</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses an Authorization Mechanism</b:DisplayName><b:Name>implementsCustomAuthorizationMechanism</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>1</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses a Communication Protocol</b:DisplayName><b:Name>implementsCommunicationProtocol</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>1</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Sanitizes Input</b:DisplayName><b:Name>hasInputSanitizers</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Sanitizes Output</b:DisplayName><b:Name>hasOutputSanitizers</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.P.TMCore.WebApp</TypeId><Height xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Height><Left xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">514</Left><StrokeDashArray i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"/><StrokeThickness xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1</StrokeThickness><Top xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">401</Top><Width xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Width></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>fd0909d9-b333-45bd-b67d-b006448cdd61</a:Key><a:Value z:Id="i4" i:type="StencilParallelLines"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DS</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">fd0909d9-b333-45bd-b67d-b006448cdd61</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SQL Database</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">in-memory H2</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Store Type</b:DisplayName><b:Name>storeType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>SQL Relational Database</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Data Store</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Stores Credentials</b:DisplayName><b:Name>storesCredentials</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>1</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Stores Log Data</b:DisplayName><b:Name>storesLogData</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Encrypted</b:DisplayName><b:Name>Encrypted</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Signed</b:DisplayName><b:Name>Signed</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Write Access</b:DisplayName><b:Name>AccessType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>1</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Removable Storage</b:DisplayName><b:Name>RemoveableStorage</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Backup</b:DisplayName><b:Name>Backup</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Shared</b:DisplayName><b:Name>shared</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.DS.TMCore.SQL</TypeId><Height xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Height><Left xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">871</Left><StrokeDashArray i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"/><StrokeThickness xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1</StrokeThickness><Top xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">595</Top><Width xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Width></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>3b9a5793-3da5-4fd6-8904-1fa94e8cc840</a:Key><a:Value z:Id="i5" i:type="BorderBoundary"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.TB.B</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">3b9a5793-3da5-4fd6-8904-1fa94e8cc840</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Generic Trust Border Boundary</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">AWS</b:Value></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.TB.B</TypeId><Height xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">518</Height><Left xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">448</Left><StrokeDashArray i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"/><StrokeThickness xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1</StrokeThickness><Top xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">187</Top><Width xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">563</Width></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>1513f24c-932a-483d-a578-398f3adf8b1a</a:Key><a:Value z:Id="i6" i:type="StencilEllipse"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.P</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1513f24c-932a-483d-a578-398f3adf8b1a</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Browser Client</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">Admin User</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Code Type</b:DisplayName><b:Name>codeType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Unmanaged</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Process</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Running As</b:DisplayName><b:Name>runningAs</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Kernel</a:string><a:string>System</a:string><a:string>Network Service</a:string><a:string>Local Service</a:string><a:string>Administrator</a:string><a:string>Standard User With Elevation</a:string><a:string>Standard User Without Elevation</a:string><a:string>Windows Store App</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Isolation Level</b:DisplayName><b:Name>Isolation</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>AppContainer</a:string><a:string>Low Integrity Level</a:string><a:string>Microsoft Office Isolated Conversion Environment (MOICE)</a:string><a:string>Sandbox</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Accepts Input From</b:DisplayName><b:Name>acceptsInputFrom</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Any Remote User or Entity</a:string><a:string>Kernel, System, or Local Admin</a:string><a:string>Local or Network Service</a:string><a:string>Local Standard User With Elevation</a:string><a:string>Local Standard User Without Elevation</a:string><a:string>Windows Store Apps or App Container Processes</a:string><a:string>Nothing</a:string><a:string>Other</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses an Authentication Mechanism</b:DisplayName><b:Name>implementsAuthenticationScheme</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses an Authorization Mechanism</b:DisplayName><b:Name>implementsCustomAuthorizationMechanism</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses a Communication Protocol</b:DisplayName><b:Name>implementsCommunicationProtocol</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Sanitizes Input</b:DisplayName><b:Name>hasInputSanitizers</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Sanitizes Output</b:DisplayName><b:Name>hasOutputSanitizers</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.P.TMCore.BrowserClient</TypeId><Height xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Height><Left xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">98</Left><StrokeDashArray i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"/><StrokeThickness xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1</StrokeThickness><Top xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">668</Top><Width xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Width></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</a:Key><a:Value z:Id="i7" i:type="StencilEllipse"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.P</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Browser Client</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">Registered User</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Code Type</b:DisplayName><b:Name>codeType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Unmanaged</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Process</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Running As</b:DisplayName><b:Name>runningAs</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Kernel</a:string><a:string>System</a:string><a:string>Network Service</a:string><a:string>Local Service</a:string><a:string>Administrator</a:string><a:string>Standard User With Elevation</a:string><a:string>Standard User Without Elevation</a:string><a:string>Windows Store App</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Isolation Level</b:DisplayName><b:Name>Isolation</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>AppContainer</a:string><a:string>Low Integrity Level</a:string><a:string>Microsoft Office Isolated Conversion Environment (MOICE)</a:string><a:string>Sandbox</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Accepts Input From</b:DisplayName><b:Name>acceptsInputFrom</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Any Remote User or Entity</a:string><a:string>Kernel, System, or Local Admin</a:string><a:string>Local or Network Service</a:string><a:string>Local Standard User With Elevation</a:string><a:string>Local Standard User Without Elevation</a:string><a:string>Windows Store Apps or App Container Processes</a:string><a:string>Nothing</a:string><a:string>Other</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses an Authentication Mechanism</b:DisplayName><b:Name>implementsAuthenticationScheme</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses an Authorization Mechanism</b:DisplayName><b:Name>implementsCustomAuthorizationMechanism</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses a Communication Protocol</b:DisplayName><b:Name>implementsCommunicationProtocol</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Sanitizes Input</b:DisplayName><b:Name>hasInputSanitizers</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Sanitizes Output</b:DisplayName><b:Name>hasOutputSanitizers</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.P.TMCore.BrowserClient</TypeId><Height xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Height><Left xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">103</Left><StrokeDashArray i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"/><StrokeThickness xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1</StrokeThickness><Top xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">425</Top><Width xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Width></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>69d999f0-41a1-40c1-b45e-ca036e4ac412</a:Key><a:Value z:Id="i8" i:type="StencilParallelLines"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DS</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">69d999f0-41a1-40c1-b45e-ca036e4ac412</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Cookies</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">Cookies</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Store Type</b:DisplayName><b:Name>storeType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Cookie</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>HTTPOnly</b:DisplayName><b:Name>HTTPOnly</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Data Store</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Stores Credentials</b:DisplayName><b:Name>storesCredentials</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Stores Log Data</b:DisplayName><b:Name>storesLogData</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Encrypted</b:DisplayName><b:Name>Encrypted</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Signed</b:DisplayName><b:Name>Signed</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Write Access</b:DisplayName><b:Name>AccessType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Removable Storage</b:DisplayName><b:Name>RemoveableStorage</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Backup</b:DisplayName><b:Name>Backup</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Shared</b:DisplayName><b:Name>shared</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.DS.TMCore.Cookie</TypeId><Height xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Height><Left xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">257</Left><StrokeDashArray i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"/><StrokeThickness xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1</StrokeThickness><Top xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">168</Top><Width xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Width></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>b0e475a0-031f-4c0e-8222-867be0c7e7c6</a:Key><a:Value z:Id="i9" i:type="StencilParallelLines"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DS</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">b0e475a0-031f-4c0e-8222-867be0c7e7c6</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configuration File</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">Configuration File</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Store Type</b:DisplayName><b:Name>storeType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Configuration</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Data Store</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Stores Credentials</b:DisplayName><b:Name>storesCredentials</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Stores Log Data</b:DisplayName><b:Name>storesLogData</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Encrypted</b:DisplayName><b:Name>Encrypted</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Signed</b:DisplayName><b:Name>Signed</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Write Access</b:DisplayName><b:Name>AccessType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Removable Storage</b:DisplayName><b:Name>RemoveableStorage</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Backup</b:DisplayName><b:Name>Backup</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Shared</b:DisplayName><b:Name>shared</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.DS.TMCore.ConfigFile</TypeId><Height xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Height><Left xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">747</Left><StrokeDashArray i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"/><StrokeThickness xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1</StrokeThickness><Top xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">315</Top><Width xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Width></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>805129b9-1916-4898-aa01-a005dc1ad810</a:Key><a:Value z:Id="i10" i:type="StencilRectangle"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.EI</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">805129b9-1916-4898-aa01-a005dc1ad810</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Human User</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">Developer</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Type</b:DisplayName><b:Name>type</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Human</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic External Interactor</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Authenticates Itself</b:DisplayName><b:Name>authenticatesItself</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Applicable</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Microsoft</b:DisplayName><b:Name>MS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.EI.TMCore.User</TypeId><Height xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Height><Left xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1052</Left><StrokeDashArray i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"/><StrokeThickness xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1</StrokeThickness><Top xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">271</Top><Width xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Width></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>a799fbc8-9fcf-4921-8d39-dd5996d42b59</a:Key><a:Value z:Id="i11" i:type="StencilEllipse"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.P</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">a799fbc8-9fcf-4921-8d39-dd5996d42b59</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Browser Client</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">Anonymous User</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Code Type</b:DisplayName><b:Name>codeType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Unmanaged</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Process</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Running As</b:DisplayName><b:Name>runningAs</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Kernel</a:string><a:string>System</a:string><a:string>Network Service</a:string><a:string>Local Service</a:string><a:string>Administrator</a:string><a:string>Standard User With Elevation</a:string><a:string>Standard User Without Elevation</a:string><a:string>Windows Store App</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Isolation Level</b:DisplayName><b:Name>Isolation</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>AppContainer</a:string><a:string>Low Integrity Level</a:string><a:string>Microsoft Office Isolated Conversion Environment (MOICE)</a:string><a:string>Sandbox</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Accepts Input From</b:DisplayName><b:Name>acceptsInputFrom</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Any Remote User or Entity</a:string><a:string>Kernel, System, or Local Admin</a:string><a:string>Local or Network Service</a:string><a:string>Local Standard User With Elevation</a:string><a:string>Local Standard User Without Elevation</a:string><a:string>Windows Store Apps or App Container Processes</a:string><a:string>Nothing</a:string><a:string>Other</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses an Authentication Mechanism</b:DisplayName><b:Name>implementsAuthenticationScheme</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses an Authorization Mechanism</b:DisplayName><b:Name>implementsCustomAuthorizationMechanism</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Implements or Uses a Communication Protocol</b:DisplayName><b:Name>implementsCommunicationProtocol</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Sanitizes Input</b:DisplayName><b:Name>hasInputSanitizers</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Sanitizes Output</b:DisplayName><b:Name>hasOutputSanitizers</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.P.TMCore.BrowserClient</TypeId><Height xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Height><Left xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Left><StrokeDashArray i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"/><StrokeThickness xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1</StrokeThickness><Top xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">255</Top><Width xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Width></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>d928bf95-c158-456d-8899-e0228d87c7f8</a:Key><a:Value z:Id="i12" i:type="StencilParallelLines"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DS</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">d928bf95-c158-456d-8899-e0228d87c7f8</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Cookies</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">Cookies</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Store Type</b:DisplayName><b:Name>storeType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Cookie</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>HTTPOnly</b:DisplayName><b:Name>HTTPOnly</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Data Store</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Stores Credentials</b:DisplayName><b:Name>storesCredentials</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Stores Log Data</b:DisplayName><b:Name>storesLogData</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Encrypted</b:DisplayName><b:Name>Encrypted</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Signed</b:DisplayName><b:Name>Signed</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Write Access</b:DisplayName><b:Name>AccessType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Removable Storage</b:DisplayName><b:Name>RemoveableStorage</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Backup</b:DisplayName><b:Name>Backup</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Shared</b:DisplayName><b:Name>shared</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.DS.TMCore.Cookie</TypeId><Height xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Height><Left xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">259</Left><StrokeDashArray i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"/><StrokeThickness xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1</StrokeThickness><Top xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">746</Top><Width xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Width></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>4c0fd64b-7e86-4264-8d0b-94d1e128285e</a:Key><a:Value z:Id="i13" i:type="StencilParallelLines"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DS</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">4c0fd64b-7e86-4264-8d0b-94d1e128285e</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Cookies</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">Cookies</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Store Type</b:DisplayName><b:Name>storeType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Cookie</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>HTTPOnly</b:DisplayName><b:Name>HTTPOnly</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Data Store</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Stores Credentials</b:DisplayName><b:Name>storesCredentials</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Stores Log Data</b:DisplayName><b:Name>storesLogData</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Encrypted</b:DisplayName><b:Name>Encrypted</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Signed</b:DisplayName><b:Name>Signed</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Write Access</b:DisplayName><b:Name>AccessType</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Removable Storage</b:DisplayName><b:Name>RemoveableStorage</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Backup</b:DisplayName><b:Name>Backup</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Shared</b:DisplayName><b:Name>shared</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.DS.TMCore.Cookie</TypeId><Height xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Height><Left xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">35</Left><StrokeDashArray i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"/><StrokeThickness xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1</StrokeThickness><Top xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">552</Top><Width xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">100</Width></a:Value></a:KeyValueOfguidanyType></Borders><Header>Duke Encounters</Header><Lines xmlns:a="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><a:KeyValueOfguidanyType><a:Key>474f423d-869c-4a6a-b285-6ba311fc6c7a</a:Key><a:Value z:Id="i14" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">474f423d-869c-4a6a-b285-6ba311fc6c7a</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Binary</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>1</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.DF.TMCore.Binary</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">534</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">347</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">North</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">South</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">564</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">407</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">91e0d94d-c94e-4e60-b647-8d7faaee5f75</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">561</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">310</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>a33aaaae-243a-454f-a918-701da18e5368</a:Key><a:Value z:Id="i15" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">a33aaaae-243a-454f-a918-701da18e5368</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Binary</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>1</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.DF.TMCore.Binary</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">591</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">342</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">South</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">North</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">91e0d94d-c94e-4e60-b647-8d7faaee5f75</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">561</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">310</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">564</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">407</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>198f0ee1-3b18-4685-a089-c7610985477a</a:Key><a:Value z:Id="i16" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">198f0ee1-3b18-4685-a089-c7610985477a</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>HTTPS</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">HTTPS</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>1</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.DF.TMCore.HTTPS</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">311</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">393</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">NorthWest</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SouthEast</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">532</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">419</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">a799fbc8-9fcf-4921-8d39-dd5996d42b59</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">181</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">336</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>41d170a6-e61c-46a4-9905-277fd5befe5f</a:Key><a:Value z:Id="i17" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">41d170a6-e61c-46a4-9905-277fd5befe5f</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>HTTPS</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">HTTPS</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>1</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.DF.TMCore.HTTPS</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">365</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">296</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">East</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">NorthWest</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">a799fbc8-9fcf-4921-8d39-dd5996d42b59</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">195</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">305</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">532</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">419</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>b4f26093-1028-4903-b480-ee3a558af8b8</a:Key><a:Value z:Id="i18" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">b4f26093-1028-4903-b480-ee3a558af8b8</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">SQL Commands</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>1</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">725</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">502</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SouthEast</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">West</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">595</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">482</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">fd0909d9-b333-45bd-b67d-b006448cdd61</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">876</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">645</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>1f901f0e-ec8b-4f8b-837c-e277d3d9ec13</a:Key><a:Value z:Id="i19" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1f901f0e-ec8b-4f8b-837c-e277d3d9ec13</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">Data</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>1</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">741</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">628</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">West</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SouthEast</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">fd0909d9-b333-45bd-b67d-b006448cdd61</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">876</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">645</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">595</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">482</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>896a1395-66c3-4292-9a27-d8cb32bf438a</a:Key><a:Value z:Id="i20" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">896a1395-66c3-4292-9a27-d8cb32bf438a</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>HTTPS</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">HTTPS</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.DF.TMCore.HTTPS</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">331</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">456</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">East</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">West</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">198</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">475</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">519</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">451</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac</a:Key><a:Value z:Id="i21" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>HTTPS</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">HTTPS</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.DF.TMCore.HTTPS</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">333</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">537</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">West</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SouthEast</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">519</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">451</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">184</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">506</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>9f165aff-d80a-439c-928d-af0a0e589858</a:Key><a:Value z:Id="i22" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">9f165aff-d80a-439c-928d-af0a0e589858</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>HTTPS</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">HTTPS</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.DF.TMCore.HTTPS</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">367</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">620</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">NorthEast</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SouthWest</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1513f24c-932a-483d-a578-398f3adf8b1a</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">179</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">686</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">532</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">482</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>56c465cc-fdc5-499e-8fb7-3dc74037d8c9</a:Key><a:Value z:Id="i23" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">56c465cc-fdc5-499e-8fb7-3dc74037d8c9</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>HTTPS</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">HTTPS</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Predefined Static Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:StaticListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>As Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SE.DF.TMCore.HTTPS</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">396</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">675</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SouthWest</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">East</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">532</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">482</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1513f24c-932a-483d-a578-398f3adf8b1a</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">193</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">718</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>3c7c3b3f-85c4-4a9d-be0f-f6dabdfc9212</a:Key><a:Value z:Id="i24" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">3c7c3b3f-85c4-4a9d-be0f-f6dabdfc9212</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">read</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">666</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">387</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">West</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">East</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">b0e475a0-031f-4c0e-8222-867be0c7e7c6</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">752</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">365</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">609</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">451</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>687f425e-f569-4235-86c5-c7ee81abebc1</a:Key><a:Value z:Id="i25" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">687f425e-f569-4235-86c5-c7ee81abebc1</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">deploy</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">953</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">339</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">West</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">East</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">805129b9-1916-4898-aa01-a005dc1ad810</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1057</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">321</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">b0e475a0-031f-4c0e-8222-867be0c7e7c6</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">842</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">365</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>1cd2bf53-f83c-489b-a9e8-eaecd812c558</a:Key><a:Value z:Id="i26" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1cd2bf53-f83c-489b-a9e8-eaecd812c558</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">deploy</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">821</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">259</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">NorthWest</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">East</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">805129b9-1916-4898-aa01-a005dc1ad810</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1057</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">276</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">91e0d94d-c94e-4e60-b647-8d7faaee5f75</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">606</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">265</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>9ec21f61-52fc-45f5-9d34-ef3220746d10</a:Key><a:Value z:Id="i27" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">9ec21f61-52fc-45f5-9d34-ef3220746d10</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">write</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">214</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">767</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SouthEast</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">West</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1513f24c-932a-483d-a578-398f3adf8b1a</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">179</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">749</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">d928bf95-c158-456d-8899-e0228d87c7f8</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">264</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">796</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>fb036baf-b5e7-4507-a867-943514e56116</a:Key><a:Value z:Id="i28" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">fb036baf-b5e7-4507-a867-943514e56116</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">read</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">201</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">817</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">SouthWest</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">South</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">d928bf95-c158-456d-8899-e0228d87c7f8</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">264</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">841</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">1513f24c-932a-483d-a578-398f3adf8b1a</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">148</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">763</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>c5ff0575-2944-41c1-84e1-3259a1127a23</a:Key><a:Value z:Id="i29" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">c5ff0575-2944-41c1-84e1-3259a1127a23</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">write</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">43</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">461</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">NorthWest</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">NorthWest</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">121</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">443</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">4c0fd64b-7e86-4264-8d0b-94d1e128285e</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">40</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">557</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>4bca2667-9937-49cc-b8e2-b50c9a5b4110</a:Key><a:Value z:Id="i30" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">4bca2667-9937-49cc-b8e2-b50c9a5b4110</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">read</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">80</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">514</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">North</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">West</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">4c0fd64b-7e86-4264-8d0b-94d1e128285e</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">85</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">557</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">108</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">475</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>cd3252dd-5711-4994-9057-b3e3e981c364</a:Key><a:Value z:Id="i31" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">cd3252dd-5711-4994-9057-b3e3e981c364</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">read</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">191</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">198</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">NorthWest</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">North</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">69d999f0-41a1-40c1-b45e-ca036e4ac412</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">262</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">173</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">a799fbc8-9fcf-4921-8d39-dd5996d42b59</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">150</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">261</TargetY></a:Value></a:KeyValueOfguidanyType><a:KeyValueOfguidanyType><a:Key>b4ef336a-ddf9-4341-beda-42444ee0b22b</a:Key><a:Value z:Id="i32" i:type="Connector"><GenericTypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</GenericTypeId><Guid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">b4ef336a-ddf9-4341-beda-42444ee0b22b</Guid><Properties xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts"><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Generic Data Flow</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Name</b:DisplayName><b:Name/><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema">write</b:Value></a:anyType><a:anyType i:type="b:BooleanDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Out Of Scope</b:DisplayName><b:Name>71f3d9aa-b8ef-4e54-8126-607a1d903103</b:Name><b:Value i:type="c:boolean" xmlns:c="http://www.w3.org/2001/XMLSchema">false</b:Value></a:anyType><a:anyType i:type="b:StringDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Reason For Out Of Scope</b:DisplayName><b:Name>752473b6-52d4-4776-9a24-202153f7d579</b:Name><b:Value i:type="c:string" xmlns:c="http://www.w3.org/2001/XMLSchema"/></a:anyType><a:anyType i:type="b:HeaderDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Configurable Attributes</b:DisplayName><b:Name/><b:Value i:nil="true"/></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Physical Network</b:DisplayName><b:Name>channel</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>Wire</a:string><a:string>Wi-Fi</a:string><a:string>Bluetooth</a:string><a:string>2G-4G</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Source Authenticated</b:DisplayName><b:Name>authenticatesSource</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Destination Authenticated</b:DisplayName><b:Name>authenticatesDestination</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Confidentiality</b:DisplayName><b:Name>providesConfidentiality</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Provides Integrity</b:DisplayName><b:Name>providesIntegrity</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Transmits XML</b:DisplayName><b:Name>XMLenc</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Contains Cookies</b:DisplayName><b:Name>Cookies</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Yes</a:string><a:string>No</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>SOAP Payload</b:DisplayName><b:Name>SOAP</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>REST Payload</b:DisplayName><b:Name>REST</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>RSS Payload</b:DisplayName><b:Name>RSS</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>JSON Payload</b:DisplayName><b:Name>JSON</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>No</a:string><a:string>Yes</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType><a:anyType i:type="b:ListDisplayAttribute" xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:DisplayName>Forgery Protection</b:DisplayName><b:Name>54851a3b-65da-4902-b4e0-94ef015be735</b:Name><b:Value i:type="a:ArrayOfstring"><a:string>Not Selected</a:string><a:string>ValidateAntiForgeryTokenAttribute</a:string><a:string>ViewStateUserKey</a:string><a:string>Nonce</a:string><a:string>Other dynamic canary</a:string><a:string>Static header not available to the browser</a:string><a:string>Other</a:string><a:string>None</a:string><a:string>Not applicable because the request does not change data</a:string></b:Value><b:SelectedIndex>0</b:SelectedIndex></a:anyType></Properties><TypeId xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">GE.DF</TypeId><HandleX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">229</HandleX><HandleY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">249</HandleY><PortSource xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">NorthEast</PortSource><PortTarget xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">West</PortTarget><SourceGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">a799fbc8-9fcf-4921-8d39-dd5996d42b59</SourceGuid><SourceX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">181</SourceX><SourceY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">273</SourceY><TargetGuid xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">69d999f0-41a1-40c1-b45e-ca036e4ac412</TargetGuid><TargetX xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">262</TargetX><TargetY xmlns="http://schemas.datacontract.org/2004/07/ThreatModeling.Model.Abstracts">218</TargetY></a:Value></a:KeyValueOfguidanyType></Lines><Zoom>1.25</Zoom></DrawingSurfaceModel></DrawingSurfaceList><MetaInformation><Assumptions/><Contributors>Dominik Schadow</Contributors><ExternalDependencies/><HighLevelSystemDescription>Duke Encounters is a complete web application utilizing Application Intrusion Detection based on OWASP AppSensor. This web application is using Spring Boot with a h2 in-memory database and offers a Thymeleaf UI.</HighLevelSystemDescription><Owner>Dominik Schadow</Owner><Reviewer>Dominik Schadow</Reviewer><ThreatModelName>Duke Encounters Threat Model</ThreatModelName></MetaInformation><Notes/><ThreatInstances xmlns:a="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E5602f74d8-d8ec-4bf8-93df-c4c28e71a8b2198f0ee1-3b18-4685-a089-c7610985477aa799fbc8-9fcf-4921-8d39-dd5996d42b59</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>198f0ee1-3b18-4685-a089-c7610985477a</b:FlowGuid><b:Id>141</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:198f0ee1-3b18-4685-a089-c7610985477a:a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation Using Impersonation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Anonymous User may be able to impersonate the context of Duke Encounters in order to gain additional privilege.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E5</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D4602f74d8-d8ec-4bf8-93df-c4c28e71a8b2198f0ee1-3b18-4685-a089-c7610985477aa799fbc8-9fcf-4921-8d39-dd5996d42b59</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>198f0ee1-3b18-4685-a089-c7610985477a</b:FlowGuid><b:Id>140</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:198f0ee1-3b18-4685-a089-c7610985477a:a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Data Flow HTTPS Is Potentially Interrupted</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An external agent interrupts data flowing across a trust boundary in either direction.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D4</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D3602f74d8-d8ec-4bf8-93df-c4c28e71a8b2198f0ee1-3b18-4685-a089-c7610985477aa799fbc8-9fcf-4921-8d39-dd5996d42b59</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>198f0ee1-3b18-4685-a089-c7610985477a</b:FlowGuid><b:Id>139</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:198f0ee1-3b18-4685-a089-c7610985477a:a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Process Crash or Stop for Anonymous User</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Anonymous User crashes, halts, stops or runs slowly; in all cases violating an availability metric.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D3</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T7602f74d8-d8ec-4bf8-93df-c4c28e71a8b2b4f26093-1028-4903-b480-ee3a558af8b8fd0909d9-b333-45bd-b67d-b006448cdd61</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>b4f26093-1028-4903-b480-ee3a558af8b8</b:FlowGuid><b:Id>9</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:b4f26093-1028-4903-b480-ee3a558af8b8:fd0909d9-b333-45bd-b67d-b006448cdd61</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>2016-02-28T14:10:14.6607796+01:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential SQL Injection Vulnerability for SQL Database</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>SQL Commands</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>fd0909d9-b333-45bd-b67d-b006448cdd61</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T7</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S7.1602f74d8-d8ec-4bf8-93df-c4c28e71a8b2b4f26093-1028-4903-b480-ee3a558af8b8fd0909d9-b333-45bd-b67d-b006448cdd61</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>b4f26093-1028-4903-b480-ee3a558af8b8</b:FlowGuid><b:Id>10</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:b4f26093-1028-4903-b480-ee3a558af8b8:fd0909d9-b333-45bd-b67d-b006448cdd61</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>2016-02-28T14:10:14.6607796+01:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing of Destination Data Store SQL Database</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>H2 may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of H2. Consider using a standard authentication mechanism to identify the destination data store.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>SQL Commands</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>fd0909d9-b333-45bd-b67d-b006448cdd61</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S7.1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>I2602f74d8-d8ec-4bf8-93df-c4c28e71a8b2b4f26093-1028-4903-b480-ee3a558af8b8fd0909d9-b333-45bd-b67d-b006448cdd61</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>b4f26093-1028-4903-b480-ee3a558af8b8</b:FlowGuid><b:Id>11</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:b4f26093-1028-4903-b480-ee3a558af8b8:fd0909d9-b333-45bd-b67d-b006448cdd61</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>2016-02-28T14:13:29.2261785+01:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Authorization Bypass</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Information Disclosure</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Information disclosure happens when the information can be read by an unauthorized party.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Can you access H2 and bypass the permissions for the object? For example by editing the files directly with a hex editor, or reaching it via filesharing? Ensure that your program is the only one that can access the data, and that all other subjects have to use your interface.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>SQL Commands</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>fd0909d9-b333-45bd-b67d-b006448cdd61</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>I2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E5602f74d8-d8ec-4bf8-93df-c4c28e71a8b2474f423d-869c-4a6a-b285-6ba311fc6c7a91e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>474f423d-869c-4a6a-b285-6ba311fc6c7a</b:FlowGuid><b:Id>12</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:474f423d-869c-4a6a-b285-6ba311fc6c7a:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>2016-02-28T14:09:10.6480282+01:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation Using Impersonation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>embedded Tomcat may be able to impersonate the context of Duke Encounters in order to gain additional privilege.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>From Duke Encounters to embedded Tomcat via unnamed</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E5</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T13.1602f74d8-d8ec-4bf8-93df-c4c28e71a8b2474f423d-869c-4a6a-b285-6ba311fc6c7a91e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>474f423d-869c-4a6a-b285-6ba311fc6c7a</b:FlowGuid><b:Id>13</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:474f423d-869c-4a6a-b285-6ba311fc6c7a:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>2016-02-28T14:09:10.6480282+01:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Cross Site Scripting</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>The web server 'embedded Tomcat' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>From Duke Encounters to embedded Tomcat via unnamed</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T13.1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E591e0d94d-c94e-4e60-b647-8d7faaee5f75a33aaaae-243a-454f-a918-701da18e5368602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>a33aaaae-243a-454f-a918-701da18e5368</b:FlowGuid><b:Id>14</b:Id><b:InteractionKey>91e0d94d-c94e-4e60-b647-8d7faaee5f75:a33aaaae-243a-454f-a918-701da18e5368:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>2016-02-28T14:08:57.8046363+01:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation Using Impersonation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Duke Encounters may be able to impersonate the context of embedded Tomcat in order to gain additional privilege.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>From embedded Tomcat to Duke Encounters via unnamed</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E5</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>I26602f74d8-d8ec-4bf8-93df-c4c28e71a8b2474f423d-869c-4a6a-b285-6ba311fc6c7a91e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>474f423d-869c-4a6a-b285-6ba311fc6c7a</b:FlowGuid><b:Id>15</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:474f423d-869c-4a6a-b285-6ba311fc6c7a:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>2016-02-28T14:13:26.8828556+01:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Weak Authentication Scheme</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Information Disclosure</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Information disclosure happens when the information can be read by an unauthorized party.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Custom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system. Consider the impact and potential mitigations for your custom authentication scheme.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>From Duke Encounters to embedded Tomcat via unnamed</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>I26</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>I24602f74d8-d8ec-4bf8-93df-c4c28e71a8b2b4f26093-1028-4903-b480-ee3a558af8b8fd0909d9-b333-45bd-b67d-b006448cdd61</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>b4f26093-1028-4903-b480-ee3a558af8b8</b:FlowGuid><b:Id>67</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:b4f26093-1028-4903-b480-ee3a558af8b8:fd0909d9-b333-45bd-b67d-b006448cdd61</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Weak Credential Storage</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Information Disclosure</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Information disclosure happens when the information can be read by an unauthorized party.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Credentials held at the server are often disclosed or tampered with and credentials stored on the client are often stolen. For server side, consider storing a salted hash of the credentials instead of storing the credentials themselves. If this is not possible due to business requirements, be sure to encrypt the credentials before storage, using an SDL-approved mechanism. For client side, if storing credentials is required, encrypt them and protect the data store in which they're stored</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>SQL Commands</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>fd0909d9-b333-45bd-b67d-b006448cdd61</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>I24</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D2602f74d8-d8ec-4bf8-93df-c4c28e71a8b2b4f26093-1028-4903-b480-ee3a558af8b8fd0909d9-b333-45bd-b67d-b006448cdd61</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>b4f26093-1028-4903-b480-ee3a558af8b8</b:FlowGuid><b:Id>27</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:b4f26093-1028-4903-b480-ee3a558af8b8:fd0909d9-b333-45bd-b67d-b006448cdd61</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>2016-02-28T14:10:14.6607796+01:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Excessive Resource Consumption for Web Application or SQL Database</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Does Duke Encounters or H2 take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>SQL Commands</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>fd0909d9-b333-45bd-b67d-b006448cdd61</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S7fd0909d9-b333-45bd-b67d-b006448cdd611f901f0e-ec8b-4f8b-837c-e277d3d9ec13602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1f901f0e-ec8b-4f8b-837c-e277d3d9ec13</b:FlowGuid><b:Id>31</b:Id><b:InteractionKey>fd0909d9-b333-45bd-b67d-b006448cdd61:1f901f0e-ec8b-4f8b-837c-e277d3d9ec13:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>2016-02-28T14:10:34.6167472+01:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing of Source Data Store SQL Database</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>H2 may be spoofed by an attacker and this may lead to incorrect data delivered to Duke Encounters. Consider using a standard authentication mechanism to identify the source data store.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>Data</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>fd0909d9-b333-45bd-b67d-b006448cdd61</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S7</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T4602f74d8-d8ec-4bf8-93df-c4c28e71a8b2474f423d-869c-4a6a-b285-6ba311fc6c7a91e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>474f423d-869c-4a6a-b285-6ba311fc6c7a</b:FlowGuid><b:Id>32</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:474f423d-869c-4a6a-b285-6ba311fc6c7a:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>2016-02-28T14:13:32.304068+01:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Collision Attacks</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Attackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before filtering it, and ensure you explicitly handle these sorts of cases.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>From Duke Encounters to embedded Tomcat via unnamed</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T4</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T3602f74d8-d8ec-4bf8-93df-c4c28e71a8b2474f423d-869c-4a6a-b285-6ba311fc6c7a91e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>474f423d-869c-4a6a-b285-6ba311fc6c7a</b:FlowGuid><b:Id>33</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:474f423d-869c-4a6a-b285-6ba311fc6c7a:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>2016-02-28T14:13:32.304068+01:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Replay Attacks</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Packets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways. Implement or utilize an existing communication protocol that supports anti-replay techniques (investigate sequence numbers before timers) and strong integrity.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>From Duke Encounters to embedded Tomcat via unnamed</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T3</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>I23fd0909d9-b333-45bd-b67d-b006448cdd611f901f0e-ec8b-4f8b-837c-e277d3d9ec13602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1f901f0e-ec8b-4f8b-837c-e277d3d9ec13</b:FlowGuid><b:Id>35</b:Id><b:InteractionKey>fd0909d9-b333-45bd-b67d-b006448cdd61:1f901f0e-ec8b-4f8b-837c-e277d3d9ec13:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>2016-02-28T14:10:34.6167472+01:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Weak Access Control for a Resource</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Information Disclosure</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Information disclosure happens when the information can be read by an unauthorized party.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Improper data protection of H2 can allow an attacker to read information not intended for disclosure. Review authorization settings.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>Data</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>fd0909d9-b333-45bd-b67d-b006448cdd61</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>I23</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T291e0d94d-c94e-4e60-b647-8d7faaee5f75a33aaaae-243a-454f-a918-701da18e5368602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>a33aaaae-243a-454f-a918-701da18e5368</b:FlowGuid><b:Id>41</b:Id><b:InteractionKey>91e0d94d-c94e-4e60-b647-8d7faaee5f75:a33aaaae-243a-454f-a918-701da18e5368:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Web Server Process Memory Tampered</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>If embedded Tomcat is given access to memory, such as shared memory or pointers, or is given the ability to control what Duke Encounters executes (for example, passing back a function pointer.), then embedded Tomcat can tamper with Duke Encounters. Consider if the function could work with less access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>From embedded Tomcat to Duke Encounters via unnamed</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T13.191e0d94d-c94e-4e60-b647-8d7faaee5f75a33aaaae-243a-454f-a918-701da18e5368602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>a33aaaae-243a-454f-a918-701da18e5368</b:FlowGuid><b:Id>42</b:Id><b:InteractionKey>91e0d94d-c94e-4e60-b647-8d7faaee5f75:a33aaaae-243a-454f-a918-701da18e5368:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Cross Site Scripting</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>The web server 'Duke Encounters' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>From embedded Tomcat to Duke Encounters via unnamed</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T13.1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T13.1fd0909d9-b333-45bd-b67d-b006448cdd611f901f0e-ec8b-4f8b-837c-e277d3d9ec13602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1f901f0e-ec8b-4f8b-837c-e277d3d9ec13</b:FlowGuid><b:Id>43</b:Id><b:InteractionKey>fd0909d9-b333-45bd-b67d-b006448cdd61:1f901f0e-ec8b-4f8b-837c-e277d3d9ec13:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Cross Site Scripting</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>The web server 'Duke Encounters' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>Data</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>fd0909d9-b333-45bd-b67d-b006448cdd61</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T13.1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T13.2fd0909d9-b333-45bd-b67d-b006448cdd611f901f0e-ec8b-4f8b-837c-e277d3d9ec13602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1f901f0e-ec8b-4f8b-837c-e277d3d9ec13</b:FlowGuid><b:Id>44</b:Id><b:InteractionKey>fd0909d9-b333-45bd-b67d-b006448cdd61:1f901f0e-ec8b-4f8b-837c-e277d3d9ec13:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Persistent Cross Site Scripting</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>The web server 'Duke Encounters' could be a subject to a persistent cross-site scripting attack because it does not sanitize data store 'H2' inputs and output.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>Data</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>fd0909d9-b333-45bd-b67d-b006448cdd61</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T13.2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E6602f74d8-d8ec-4bf8-93df-c4c28e71a8b2bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac</b:FlowGuid><b:Id>162</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac:578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Registered User May be Subject to Elevation of Privilege Using Remote Code Execution</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Duke Encounters may be able to remotely execute code for Registered User.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E5602f74d8-d8ec-4bf8-93df-c4c28e71a8b2bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac</b:FlowGuid><b:Id>161</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac:578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation Using Impersonation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Registered User may be able to impersonate the context of Duke Encounters in order to gain additional privilege.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E5</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D4602f74d8-d8ec-4bf8-93df-c4c28e71a8b2bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac</b:FlowGuid><b:Id>160</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac:578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Data Flow HTTPS Is Potentially Interrupted</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An external agent interrupts data flowing across a trust boundary in either direction.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D4</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D3602f74d8-d8ec-4bf8-93df-c4c28e71a8b2bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac</b:FlowGuid><b:Id>159</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac:578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Process Crash or Stop for Registered User</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Registered User crashes, halts, stops or runs slowly; in all cases violating an availability metric.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D3</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>I26602f74d8-d8ec-4bf8-93df-c4c28e71a8b2bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac</b:FlowGuid><b:Id>158</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac:578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Weak Authentication Scheme</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Information Disclosure</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Information disclosure happens when the information can be read by an unauthorized party.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Custom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system. Consider the impact and potential mitigations for your custom authentication scheme.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>I26</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>R6602f74d8-d8ec-4bf8-93df-c4c28e71a8b2bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac</b:FlowGuid><b:Id>157</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac:578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Data Repudiation by Registered User</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Repudiation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Repudiation threats involve an adversary denying that something happened.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Registered User claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>R6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T4602f74d8-d8ec-4bf8-93df-c4c28e71a8b2bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac</b:FlowGuid><b:Id>156</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac:578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Collision Attacks</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Attackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before filtering it, and ensure you explicitly handle these sorts of cases.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T4</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T3602f74d8-d8ec-4bf8-93df-c4c28e71a8b2bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac</b:FlowGuid><b:Id>155</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac:578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Replay Attacks</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Packets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways. Implement or utilize an existing communication protocol that supports anti-replay techniques (investigate sequence numbers before timers) and strong integrity.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T3</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T13.1578ea862-2e0c-4b5e-85e4-18ffbf8e62d0896a1395-66c3-4292-9a27-d8cb32bf438a602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>896a1395-66c3-4292-9a27-d8cb32bf438a</b:FlowGuid><b:Id>146</b:Id><b:InteractionKey>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0:896a1395-66c3-4292-9a27-d8cb32bf438a:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Cross Site Scripting</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>The web server 'Duke Encounters' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T13.1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T2578ea862-2e0c-4b5e-85e4-18ffbf8e62d0896a1395-66c3-4292-9a27-d8cb32bf438a602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>896a1395-66c3-4292-9a27-d8cb32bf438a</b:FlowGuid><b:Id>145</b:Id><b:InteractionKey>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0:896a1395-66c3-4292-9a27-d8cb32bf438a:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Registered User Process Memory Tampered</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>If Registered User is given access to memory, such as shared memory or pointers, or is given the ability to control what Duke Encounters executes (for example, passing back a function pointer.), then Registered User can tamper with Duke Encounters. Consider if the function could work with less access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S1578ea862-2e0c-4b5e-85e4-18ffbf8e62d0896a1395-66c3-4292-9a27-d8cb32bf438a602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>896a1395-66c3-4292-9a27-d8cb32bf438a</b:FlowGuid><b:Id>144</b:Id><b:InteractionKey>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0:896a1395-66c3-4292-9a27-d8cb32bf438a:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing the Registered User Process</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Registered User may be spoofed by an attacker and this may lead to unauthorized access to Duke Encounters. Consider using a standard authentication mechanism to identify the source process.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>I26602f74d8-d8ec-4bf8-93df-c4c28e71a8b2198f0ee1-3b18-4685-a089-c7610985477aa799fbc8-9fcf-4921-8d39-dd5996d42b59</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>198f0ee1-3b18-4685-a089-c7610985477a</b:FlowGuid><b:Id>138</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:198f0ee1-3b18-4685-a089-c7610985477a:a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Weak Authentication Scheme</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Information Disclosure</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Information disclosure happens when the information can be read by an unauthorized party.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Custom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system. Consider the impact and potential mitigations for your custom authentication scheme.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>I26</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>R6602f74d8-d8ec-4bf8-93df-c4c28e71a8b2198f0ee1-3b18-4685-a089-c7610985477aa799fbc8-9fcf-4921-8d39-dd5996d42b59</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>198f0ee1-3b18-4685-a089-c7610985477a</b:FlowGuid><b:Id>137</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:198f0ee1-3b18-4685-a089-c7610985477a:a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Data Repudiation by Anonymous User</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Repudiation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Repudiation threats involve an adversary denying that something happened.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Anonymous User claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>R6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T4602f74d8-d8ec-4bf8-93df-c4c28e71a8b2198f0ee1-3b18-4685-a089-c7610985477aa799fbc8-9fcf-4921-8d39-dd5996d42b59</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>198f0ee1-3b18-4685-a089-c7610985477a</b:FlowGuid><b:Id>136</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:198f0ee1-3b18-4685-a089-c7610985477a:a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Collision Attacks</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Attackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before filtering it, and ensure you explicitly handle these sorts of cases.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T4</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T3602f74d8-d8ec-4bf8-93df-c4c28e71a8b2198f0ee1-3b18-4685-a089-c7610985477aa799fbc8-9fcf-4921-8d39-dd5996d42b59</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>198f0ee1-3b18-4685-a089-c7610985477a</b:FlowGuid><b:Id>135</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:198f0ee1-3b18-4685-a089-c7610985477a:a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Replay Attacks</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Packets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways. Implement or utilize an existing communication protocol that supports anti-replay techniques (investigate sequence numbers before timers) and strong integrity.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T3</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T2602f74d8-d8ec-4bf8-93df-c4c28e71a8b2198f0ee1-3b18-4685-a089-c7610985477aa799fbc8-9fcf-4921-8d39-dd5996d42b59</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>198f0ee1-3b18-4685-a089-c7610985477a</b:FlowGuid><b:Id>134</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:198f0ee1-3b18-4685-a089-c7610985477a:a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Duke Encounters Process Memory Tampered</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>If Duke Encounters is given access to memory, such as shared memory or pointers, or is given the ability to control what Anonymous User executes (for example, passing back a function pointer.), then Duke Encounters can tamper with Anonymous User. Consider if the function could work with less access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T2602f74d8-d8ec-4bf8-93df-c4c28e71a8b2bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac</b:FlowGuid><b:Id>154</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac:578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Duke Encounters Process Memory Tampered</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>If Duke Encounters is given access to memory, such as shared memory or pointers, or is given the ability to control what Registered User executes (for example, passing back a function pointer.), then Duke Encounters can tamper with Registered User. Consider if the function could work with less access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T4602f74d8-d8ec-4bf8-93df-c4c28e71a8b256c465cc-fdc5-499e-8fb7-3dc74037d8c91513f24c-932a-483d-a578-398f3adf8b1a</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>56c465cc-fdc5-499e-8fb7-3dc74037d8c9</b:FlowGuid><b:Id>166</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:56c465cc-fdc5-499e-8fb7-3dc74037d8c9:1513f24c-932a-483d-a578-398f3adf8b1a</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Collision Attacks</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Attackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before filtering it, and ensure you explicitly handle these sorts of cases.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T4</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T3602f74d8-d8ec-4bf8-93df-c4c28e71a8b256c465cc-fdc5-499e-8fb7-3dc74037d8c91513f24c-932a-483d-a578-398f3adf8b1a</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>56c465cc-fdc5-499e-8fb7-3dc74037d8c9</b:FlowGuid><b:Id>165</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:56c465cc-fdc5-499e-8fb7-3dc74037d8c9:1513f24c-932a-483d-a578-398f3adf8b1a</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Replay Attacks</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Packets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways. Implement or utilize an existing communication protocol that supports anti-replay techniques (investigate sequence numbers before timers) and strong integrity.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T3</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T2602f74d8-d8ec-4bf8-93df-c4c28e71a8b256c465cc-fdc5-499e-8fb7-3dc74037d8c91513f24c-932a-483d-a578-398f3adf8b1a</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>56c465cc-fdc5-499e-8fb7-3dc74037d8c9</b:FlowGuid><b:Id>164</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:56c465cc-fdc5-499e-8fb7-3dc74037d8c9:1513f24c-932a-483d-a578-398f3adf8b1a</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Duke Encounters Process Memory Tampered</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>If Duke Encounters is given access to memory, such as shared memory or pointers, or is given the ability to control what Admin User executes (for example, passing back a function pointer.), then Duke Encounters can tamper with Admin User. Consider if the function could work with less access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S769d999f0-41a1-40c1-b45e-ca036e4ac412cd3252dd-5711-4994-9057-b3e3e981c364a799fbc8-9fcf-4921-8d39-dd5996d42b59</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>cd3252dd-5711-4994-9057-b3e3e981c364</b:FlowGuid><b:Id>192</b:Id><b:InteractionKey>69d999f0-41a1-40c1-b45e-ca036e4ac412:cd3252dd-5711-4994-9057-b3e3e981c364:a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing of Source Data Store Cookies</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Cookies may be spoofed by an attacker and this may lead to incorrect data delivered to Anonymous User. Consider using a standard authentication mechanism to identify the source data store.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>read</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>69d999f0-41a1-40c1-b45e-ca036e4ac412</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S7</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>I234c0fd64b-7e86-4264-8d0b-94d1e128285e4bca2667-9937-49cc-b8e2-b50c9a5b4110578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>4bca2667-9937-49cc-b8e2-b50c9a5b4110</b:FlowGuid><b:Id>191</b:Id><b:InteractionKey>4c0fd64b-7e86-4264-8d0b-94d1e128285e:4bca2667-9937-49cc-b8e2-b50c9a5b4110:578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Weak Access Control for a Resource</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Information Disclosure</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Information disclosure happens when the information can be read by an unauthorized party.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Improper data protection of Cookies can allow an attacker to read information not intended for disclosure. Review authorization settings.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>read</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>4c0fd64b-7e86-4264-8d0b-94d1e128285e</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>I23</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S74c0fd64b-7e86-4264-8d0b-94d1e128285e4bca2667-9937-49cc-b8e2-b50c9a5b4110578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>4bca2667-9937-49cc-b8e2-b50c9a5b4110</b:FlowGuid><b:Id>190</b:Id><b:InteractionKey>4c0fd64b-7e86-4264-8d0b-94d1e128285e:4bca2667-9937-49cc-b8e2-b50c9a5b4110:578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing of Source Data Store Cookies</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Cookies may be spoofed by an attacker and this may lead to incorrect data delivered to Registered User. Consider using a standard authentication mechanism to identify the source data store.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>read</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>4c0fd64b-7e86-4264-8d0b-94d1e128285e</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S7</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D2578ea862-2e0c-4b5e-85e4-18ffbf8e62d0c5ff0575-2944-41c1-84e1-3259a1127a234c0fd64b-7e86-4264-8d0b-94d1e128285e</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>c5ff0575-2944-41c1-84e1-3259a1127a23</b:FlowGuid><b:Id>189</b:Id><b:InteractionKey>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0:c5ff0575-2944-41c1-84e1-3259a1127a23:4c0fd64b-7e86-4264-8d0b-94d1e128285e</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Excessive Resource Consumption for Registered User or Cookies</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Does Registered User or Cookies take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>write</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>4c0fd64b-7e86-4264-8d0b-94d1e128285e</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S7.1578ea862-2e0c-4b5e-85e4-18ffbf8e62d0c5ff0575-2944-41c1-84e1-3259a1127a234c0fd64b-7e86-4264-8d0b-94d1e128285e</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>c5ff0575-2944-41c1-84e1-3259a1127a23</b:FlowGuid><b:Id>188</b:Id><b:InteractionKey>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0:c5ff0575-2944-41c1-84e1-3259a1127a23:4c0fd64b-7e86-4264-8d0b-94d1e128285e</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing of Destination Data Store Cookies</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Cookies may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Cookies. Consider using a standard authentication mechanism to identify the destination data store.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>write</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>4c0fd64b-7e86-4264-8d0b-94d1e128285e</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S7.1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>I23d928bf95-c158-456d-8899-e0228d87c7f8fb036baf-b5e7-4507-a867-943514e561161513f24c-932a-483d-a578-398f3adf8b1a</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>fb036baf-b5e7-4507-a867-943514e56116</b:FlowGuid><b:Id>187</b:Id><b:InteractionKey>d928bf95-c158-456d-8899-e0228d87c7f8:fb036baf-b5e7-4507-a867-943514e56116:1513f24c-932a-483d-a578-398f3adf8b1a</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Weak Access Control for a Resource</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Information Disclosure</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Information disclosure happens when the information can be read by an unauthorized party.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Improper data protection of Cookies can allow an attacker to read information not intended for disclosure. Review authorization settings.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>read</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>d928bf95-c158-456d-8899-e0228d87c7f8</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>I23</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S7d928bf95-c158-456d-8899-e0228d87c7f8fb036baf-b5e7-4507-a867-943514e561161513f24c-932a-483d-a578-398f3adf8b1a</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>fb036baf-b5e7-4507-a867-943514e56116</b:FlowGuid><b:Id>186</b:Id><b:InteractionKey>d928bf95-c158-456d-8899-e0228d87c7f8:fb036baf-b5e7-4507-a867-943514e56116:1513f24c-932a-483d-a578-398f3adf8b1a</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing of Source Data Store Cookies</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Cookies may be spoofed by an attacker and this may lead to incorrect data delivered to Admin User. Consider using a standard authentication mechanism to identify the source data store.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>read</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>d928bf95-c158-456d-8899-e0228d87c7f8</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S7</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D21513f24c-932a-483d-a578-398f3adf8b1a9ec21f61-52fc-45f5-9d34-ef3220746d10d928bf95-c158-456d-8899-e0228d87c7f8</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>9ec21f61-52fc-45f5-9d34-ef3220746d10</b:FlowGuid><b:Id>185</b:Id><b:InteractionKey>1513f24c-932a-483d-a578-398f3adf8b1a:9ec21f61-52fc-45f5-9d34-ef3220746d10:d928bf95-c158-456d-8899-e0228d87c7f8</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Excessive Resource Consumption for Admin User or Cookies</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Does Admin User or Cookies take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>write</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>d928bf95-c158-456d-8899-e0228d87c7f8</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S7.11513f24c-932a-483d-a578-398f3adf8b1a9ec21f61-52fc-45f5-9d34-ef3220746d10d928bf95-c158-456d-8899-e0228d87c7f8</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>9ec21f61-52fc-45f5-9d34-ef3220746d10</b:FlowGuid><b:Id>184</b:Id><b:InteractionKey>1513f24c-932a-483d-a578-398f3adf8b1a:9ec21f61-52fc-45f5-9d34-ef3220746d10:d928bf95-c158-456d-8899-e0228d87c7f8</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing of Destination Data Store Cookies</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Cookies may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Cookies. Consider using a standard authentication mechanism to identify the destination data store.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>write</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>d928bf95-c158-456d-8899-e0228d87c7f8</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S7.1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T13.11513f24c-932a-483d-a578-398f3adf8b1a9f165aff-d80a-439c-928d-af0a0e589858602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>9f165aff-d80a-439c-928d-af0a0e589858</b:FlowGuid><b:Id>176</b:Id><b:InteractionKey>1513f24c-932a-483d-a578-398f3adf8b1a:9f165aff-d80a-439c-928d-af0a0e589858:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Cross Site Scripting</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>The web server 'Duke Encounters' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T13.1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T21513f24c-932a-483d-a578-398f3adf8b1a9f165aff-d80a-439c-928d-af0a0e589858602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>9f165aff-d80a-439c-928d-af0a0e589858</b:FlowGuid><b:Id>175</b:Id><b:InteractionKey>1513f24c-932a-483d-a578-398f3adf8b1a:9f165aff-d80a-439c-928d-af0a0e589858:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Admin User Process Memory Tampered</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>If Admin User is given access to memory, such as shared memory or pointers, or is given the ability to control what Duke Encounters executes (for example, passing back a function pointer.), then Admin User can tamper with Duke Encounters. Consider if the function could work with less access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S11513f24c-932a-483d-a578-398f3adf8b1a9f165aff-d80a-439c-928d-af0a0e589858602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>9f165aff-d80a-439c-928d-af0a0e589858</b:FlowGuid><b:Id>174</b:Id><b:InteractionKey>1513f24c-932a-483d-a578-398f3adf8b1a:9f165aff-d80a-439c-928d-af0a0e589858:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing the Admin User Process</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Admin User may be spoofed by an attacker and this may lead to unauthorized access to Duke Encounters. Consider using a standard authentication mechanism to identify the source process.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S7b0e475a0-031f-4c0e-8222-867be0c7e7c63c7c3b3f-85c4-4a9d-be0f-f6dabdfc9212602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>3c7c3b3f-85c4-4a9d-be0f-f6dabdfc9212</b:FlowGuid><b:Id>104</b:Id><b:InteractionKey>b0e475a0-031f-4c0e-8222-867be0c7e7c6:3c7c3b3f-85c4-4a9d-be0f-f6dabdfc9212:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing of Source Data Store Configuration File</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Configuration File may be spoofed by an attacker and this may lead to incorrect data delivered to Duke Encounters. Consider using a standard authentication mechanism to identify the source data store.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>read</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>b0e475a0-031f-4c0e-8222-867be0c7e7c6</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S7</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T13.1b0e475a0-031f-4c0e-8222-867be0c7e7c63c7c3b3f-85c4-4a9d-be0f-f6dabdfc9212602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>3c7c3b3f-85c4-4a9d-be0f-f6dabdfc9212</b:FlowGuid><b:Id>105</b:Id><b:InteractionKey>b0e475a0-031f-4c0e-8222-867be0c7e7c6:3c7c3b3f-85c4-4a9d-be0f-f6dabdfc9212:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Cross Site Scripting</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>The web server 'Duke Encounters' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>read</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>b0e475a0-031f-4c0e-8222-867be0c7e7c6</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T13.1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T13.2b0e475a0-031f-4c0e-8222-867be0c7e7c63c7c3b3f-85c4-4a9d-be0f-f6dabdfc9212602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>3c7c3b3f-85c4-4a9d-be0f-f6dabdfc9212</b:FlowGuid><b:Id>106</b:Id><b:InteractionKey>b0e475a0-031f-4c0e-8222-867be0c7e7c6:3c7c3b3f-85c4-4a9d-be0f-f6dabdfc9212:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Persistent Cross Site Scripting</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>The web server 'Duke Encounters' could be a subject to a persistent cross-site scripting attack because it does not sanitize data store 'Configuration File' inputs and output.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>read</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>b0e475a0-031f-4c0e-8222-867be0c7e7c6</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T13.2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>I23b0e475a0-031f-4c0e-8222-867be0c7e7c63c7c3b3f-85c4-4a9d-be0f-f6dabdfc9212602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>3c7c3b3f-85c4-4a9d-be0f-f6dabdfc9212</b:FlowGuid><b:Id>107</b:Id><b:InteractionKey>b0e475a0-031f-4c0e-8222-867be0c7e7c6:3c7c3b3f-85c4-4a9d-be0f-f6dabdfc9212:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Weak Access Control for a Resource</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Information Disclosure</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Information disclosure happens when the information can be read by an unauthorized party.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Improper data protection of Configuration File can allow an attacker to read information not intended for disclosure. Review authorization settings.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>read</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>b0e475a0-031f-4c0e-8222-867be0c7e7c6</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>I23</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S7.1805129b9-1916-4898-aa01-a005dc1ad810687f425e-f569-4235-86c5-c7ee81abebc1b0e475a0-031f-4c0e-8222-867be0c7e7c6</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>687f425e-f569-4235-86c5-c7ee81abebc1</b:FlowGuid><b:Id>108</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:687f425e-f569-4235-86c5-c7ee81abebc1:b0e475a0-031f-4c0e-8222-867be0c7e7c6</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing of Destination Data Store Configuration File</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Configuration File may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Configuration File. Consider using a standard authentication mechanism to identify the destination data store.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>b0e475a0-031f-4c0e-8222-867be0c7e7c6</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S7.1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T18805129b9-1916-4898-aa01-a005dc1ad810687f425e-f569-4235-86c5-c7ee81abebc1b0e475a0-031f-4c0e-8222-867be0c7e7c6</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>687f425e-f569-4235-86c5-c7ee81abebc1</b:FlowGuid><b:Id>109</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:687f425e-f569-4235-86c5-c7ee81abebc1:b0e475a0-031f-4c0e-8222-867be0c7e7c6</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>The Configuration File Data Store Could Be Corrupted</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Data flowing across deploy may be tampered with by an attacker. This may lead to corruption of Configuration File. Ensure the integrity of the data flow to the data store.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>b0e475a0-031f-4c0e-8222-867be0c7e7c6</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T18</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>R8805129b9-1916-4898-aa01-a005dc1ad810687f425e-f569-4235-86c5-c7ee81abebc1b0e475a0-031f-4c0e-8222-867be0c7e7c6</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>687f425e-f569-4235-86c5-c7ee81abebc1</b:FlowGuid><b:Id>110</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:687f425e-f569-4235-86c5-c7ee81abebc1:b0e475a0-031f-4c0e-8222-867be0c7e7c6</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Data Store Denies Configuration File Potentially Writing Data</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Repudiation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Repudiation threats involve an adversary denying that something happened.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Configuration File claims that it did not write data received from an entity on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>b0e475a0-031f-4c0e-8222-867be0c7e7c6</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>R8</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D4805129b9-1916-4898-aa01-a005dc1ad810687f425e-f569-4235-86c5-c7ee81abebc1b0e475a0-031f-4c0e-8222-867be0c7e7c6</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>687f425e-f569-4235-86c5-c7ee81abebc1</b:FlowGuid><b:Id>111</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:687f425e-f569-4235-86c5-c7ee81abebc1:b0e475a0-031f-4c0e-8222-867be0c7e7c6</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Data Flow Generic Data Flow Is Potentially Interrupted</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An external agent interrupts data flowing across a trust boundary in either direction.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>b0e475a0-031f-4c0e-8222-867be0c7e7c6</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D4</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D5805129b9-1916-4898-aa01-a005dc1ad810687f425e-f569-4235-86c5-c7ee81abebc1b0e475a0-031f-4c0e-8222-867be0c7e7c6</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>687f425e-f569-4235-86c5-c7ee81abebc1</b:FlowGuid><b:Id>112</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:687f425e-f569-4235-86c5-c7ee81abebc1:b0e475a0-031f-4c0e-8222-867be0c7e7c6</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Data Store Inaccessible</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An external agent prevents access to a data store on the other side of the trust boundary.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>b0e475a0-031f-4c0e-8222-867be0c7e7c6</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D5</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S2805129b9-1916-4898-aa01-a005dc1ad8101cd2bf53-f83c-489b-a9e8-eaecd812c55891e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1cd2bf53-f83c-489b-a9e8-eaecd812c558</b:FlowGuid><b:Id>113</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:1cd2bf53-f83c-489b-a9e8-eaecd812c558:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing the Tomcat Process</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>embedded Tomcat may be spoofed by an attacker and this may lead to information disclosure by Developer. Consider using a standard authentication mechanism to identify the destination process.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S3805129b9-1916-4898-aa01-a005dc1ad8101cd2bf53-f83c-489b-a9e8-eaecd812c55891e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1cd2bf53-f83c-489b-a9e8-eaecd812c558</b:FlowGuid><b:Id>114</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:1cd2bf53-f83c-489b-a9e8-eaecd812c558:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing the Developer External Entity</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Developer may be spoofed by an attacker and this may lead to unauthorized access to embedded Tomcat. Consider using a standard authentication mechanism to identify the external entity.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S3</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T1805129b9-1916-4898-aa01-a005dc1ad8101cd2bf53-f83c-489b-a9e8-eaecd812c55891e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1cd2bf53-f83c-489b-a9e8-eaecd812c558</b:FlowGuid><b:Id>115</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:1cd2bf53-f83c-489b-a9e8-eaecd812c558:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Lack of Input Validation for Tomcat</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Data flowing across deploy may be tampered with by an attacker. This may lead to a denial of service attack against embedded Tomcat or an elevation of privilege attack against embedded Tomcat or an information disclosure by embedded Tomcat. Failure to verify that input is as expected is a root cause of a very large number of exploitable issues. Consider all paths and the way they handle data. Verify that all input is verified for correctness using an approved list input validation approach.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T13.1805129b9-1916-4898-aa01-a005dc1ad8101cd2bf53-f83c-489b-a9e8-eaecd812c55891e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1cd2bf53-f83c-489b-a9e8-eaecd812c558</b:FlowGuid><b:Id>116</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:1cd2bf53-f83c-489b-a9e8-eaecd812c558:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Cross Site Scripting</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>The web server 'embedded Tomcat' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T13.1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>R6805129b9-1916-4898-aa01-a005dc1ad8101cd2bf53-f83c-489b-a9e8-eaecd812c55891e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1cd2bf53-f83c-489b-a9e8-eaecd812c558</b:FlowGuid><b:Id>117</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:1cd2bf53-f83c-489b-a9e8-eaecd812c558:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Data Repudiation by Tomcat</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Repudiation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Repudiation threats involve an adversary denying that something happened.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>embedded Tomcat claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>R6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>I6805129b9-1916-4898-aa01-a005dc1ad8101cd2bf53-f83c-489b-a9e8-eaecd812c55891e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1cd2bf53-f83c-489b-a9e8-eaecd812c558</b:FlowGuid><b:Id>118</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:1cd2bf53-f83c-489b-a9e8-eaecd812c558:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Data Flow Sniffing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Information Disclosure</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Information disclosure happens when the information can be read by an unauthorized party.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Data flowing across deploy may be sniffed by an attacker. Depending on what type of data an attacker can read, it may be used to attack other parts of the system or simply be a disclosure of information leading to compliance violations. Consider encrypting the data flow.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>I6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D3805129b9-1916-4898-aa01-a005dc1ad8101cd2bf53-f83c-489b-a9e8-eaecd812c55891e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1cd2bf53-f83c-489b-a9e8-eaecd812c558</b:FlowGuid><b:Id>119</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:1cd2bf53-f83c-489b-a9e8-eaecd812c558:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Process Crash or Stop for Tomcat</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>embedded Tomcat crashes, halts, stops or runs slowly; in all cases violating an availability metric.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D3</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D4805129b9-1916-4898-aa01-a005dc1ad8101cd2bf53-f83c-489b-a9e8-eaecd812c55891e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1cd2bf53-f83c-489b-a9e8-eaecd812c558</b:FlowGuid><b:Id>120</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:1cd2bf53-f83c-489b-a9e8-eaecd812c558:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Data Flow Generic Data Flow Is Potentially Interrupted</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An external agent interrupts data flowing across a trust boundary in either direction.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D4</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E5805129b9-1916-4898-aa01-a005dc1ad8101cd2bf53-f83c-489b-a9e8-eaecd812c55891e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1cd2bf53-f83c-489b-a9e8-eaecd812c558</b:FlowGuid><b:Id>121</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:1cd2bf53-f83c-489b-a9e8-eaecd812c558:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation Using Impersonation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>embedded Tomcat may be able to impersonate the context of Developer in order to gain additional privilege.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E5</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E6805129b9-1916-4898-aa01-a005dc1ad8101cd2bf53-f83c-489b-a9e8-eaecd812c55891e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1cd2bf53-f83c-489b-a9e8-eaecd812c558</b:FlowGuid><b:Id>122</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:1cd2bf53-f83c-489b-a9e8-eaecd812c558:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Tomcat May be Subject to Elevation of Privilege Using Remote Code Execution</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Developer may be able to remotely execute code for embedded Tomcat.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E7805129b9-1916-4898-aa01-a005dc1ad8101cd2bf53-f83c-489b-a9e8-eaecd812c55891e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1cd2bf53-f83c-489b-a9e8-eaecd812c558</b:FlowGuid><b:Id>123</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:1cd2bf53-f83c-489b-a9e8-eaecd812c558:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation by Changing the Execution Flow in Tomcat</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An attacker may pass data into embedded Tomcat in order to change the flow of program execution within embedded Tomcat to the attacker's choosing.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E7</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>8404dcf5-bdd8-4902-abc2-3b6c967b0261805129b9-1916-4898-aa01-a005dc1ad8101cd2bf53-f83c-489b-a9e8-eaecd812c55891e0d94d-c94e-4e60-b647-8d7faaee5f75</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>1cd2bf53-f83c-489b-a9e8-eaecd812c558</b:FlowGuid><b:Id>124</b:Id><b:InteractionKey>805129b9-1916-4898-aa01-a005dc1ad810:1cd2bf53-f83c-489b-a9e8-eaecd812c558:91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Cross Site Request Forgery</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Cross-site request forgery (CSRF or XSRF) is a type of attack in which an attacker forces a user's browser to make a forged request to a vulnerable site by exploiting an existing trust relationship between the browser and the vulnerable web site.  In a simple scenario, a user is logged in to web site A using a cookie as a credential.  The other browses to web site B.  Web site B returns a page with a hidden form that posts to web site A.  Since the browser will carry the user's cookie to web site A, web site B now can take any action on web site A, for example, adding an admin to an account.  The attack can be used to exploit any requests that the browser automatically authenticates, e.g. by session cookie, integrated authentication, IP whitelisting, …  The attack can be carried out in many ways such as by luring the victim to a site under control of the attacker, getting the user to click a link in a phishing email, or hacking a reputable web site that the victim will visit. The issue can only be resolved on the server side by requiring that all authenticated state-changing requests include an additional piece of secret payload (canary or CSRF token) which is known only to the legitimate web site and the browser and which is protected in transit through SSL/TLS. See the Forgery Protection property on the flow stencil for a list of mitigations.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>deploy</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>805129b9-1916-4898-aa01-a005dc1ad810</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>91e0d94d-c94e-4e60-b647-8d7faaee5f75</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>8404dcf5-bdd8-4902-abc2-3b6c967b0261</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S1a799fbc8-9fcf-4921-8d39-dd5996d42b5941d170a6-e61c-46a4-9905-277fd5befe5f602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>41d170a6-e61c-46a4-9905-277fd5befe5f</b:FlowGuid><b:Id>125</b:Id><b:InteractionKey>a799fbc8-9fcf-4921-8d39-dd5996d42b59:41d170a6-e61c-46a4-9905-277fd5befe5f:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing the Anonymous User Process</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Anonymous User may be spoofed by an attacker and this may lead to unauthorized access to Duke Encounters. Consider using a standard authentication mechanism to identify the source process.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T2a799fbc8-9fcf-4921-8d39-dd5996d42b5941d170a6-e61c-46a4-9905-277fd5befe5f602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>41d170a6-e61c-46a4-9905-277fd5befe5f</b:FlowGuid><b:Id>126</b:Id><b:InteractionKey>a799fbc8-9fcf-4921-8d39-dd5996d42b59:41d170a6-e61c-46a4-9905-277fd5befe5f:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Anonymous User Process Memory Tampered</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>If Anonymous User is given access to memory, such as shared memory or pointers, or is given the ability to control what Duke Encounters executes (for example, passing back a function pointer.), then Anonymous User can tamper with Duke Encounters. Consider if the function could work with less access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>T13.1a799fbc8-9fcf-4921-8d39-dd5996d42b5941d170a6-e61c-46a4-9905-277fd5befe5f602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>41d170a6-e61c-46a4-9905-277fd5befe5f</b:FlowGuid><b:Id>127</b:Id><b:InteractionKey>a799fbc8-9fcf-4921-8d39-dd5996d42b59:41d170a6-e61c-46a4-9905-277fd5befe5f:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Cross Site Scripting</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Tampering</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>The web server 'Duke Encounters' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>T13.1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>R6a799fbc8-9fcf-4921-8d39-dd5996d42b5941d170a6-e61c-46a4-9905-277fd5befe5f602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>41d170a6-e61c-46a4-9905-277fd5befe5f</b:FlowGuid><b:Id>128</b:Id><b:InteractionKey>a799fbc8-9fcf-4921-8d39-dd5996d42b59:41d170a6-e61c-46a4-9905-277fd5befe5f:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Data Repudiation by Duke Encounters</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Repudiation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Repudiation threats involve an adversary denying that something happened.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Duke Encounters claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>R6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D3a799fbc8-9fcf-4921-8d39-dd5996d42b5941d170a6-e61c-46a4-9905-277fd5befe5f602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>41d170a6-e61c-46a4-9905-277fd5befe5f</b:FlowGuid><b:Id>129</b:Id><b:InteractionKey>a799fbc8-9fcf-4921-8d39-dd5996d42b59:41d170a6-e61c-46a4-9905-277fd5befe5f:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Process Crash or Stop for Duke Encounters</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Duke Encounters crashes, halts, stops or runs slowly; in all cases violating an availability metric.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D3</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D4a799fbc8-9fcf-4921-8d39-dd5996d42b5941d170a6-e61c-46a4-9905-277fd5befe5f602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>41d170a6-e61c-46a4-9905-277fd5befe5f</b:FlowGuid><b:Id>130</b:Id><b:InteractionKey>a799fbc8-9fcf-4921-8d39-dd5996d42b59:41d170a6-e61c-46a4-9905-277fd5befe5f:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Data Flow HTTPS Is Potentially Interrupted</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An external agent interrupts data flowing across a trust boundary in either direction.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D4</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E5a799fbc8-9fcf-4921-8d39-dd5996d42b5941d170a6-e61c-46a4-9905-277fd5befe5f602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>41d170a6-e61c-46a4-9905-277fd5befe5f</b:FlowGuid><b:Id>131</b:Id><b:InteractionKey>a799fbc8-9fcf-4921-8d39-dd5996d42b59:41d170a6-e61c-46a4-9905-277fd5befe5f:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation Using Impersonation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Duke Encounters may be able to impersonate the context of Anonymous User in order to gain additional privilege.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E5</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E6a799fbc8-9fcf-4921-8d39-dd5996d42b5941d170a6-e61c-46a4-9905-277fd5befe5f602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>41d170a6-e61c-46a4-9905-277fd5befe5f</b:FlowGuid><b:Id>132</b:Id><b:InteractionKey>a799fbc8-9fcf-4921-8d39-dd5996d42b59:41d170a6-e61c-46a4-9905-277fd5befe5f:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Duke Encounters May be Subject to Elevation of Privilege Using Remote Code Execution</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Anonymous User may be able to remotely execute code for Duke Encounters.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E7a799fbc8-9fcf-4921-8d39-dd5996d42b5941d170a6-e61c-46a4-9905-277fd5befe5f602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>41d170a6-e61c-46a4-9905-277fd5befe5f</b:FlowGuid><b:Id>133</b:Id><b:InteractionKey>a799fbc8-9fcf-4921-8d39-dd5996d42b59:41d170a6-e61c-46a4-9905-277fd5befe5f:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation by Changing the Execution Flow in Duke Encounters</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An attacker may pass data into Duke Encounters in order to change the flow of program execution within Duke Encounters to the attacker's choosing.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E7</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E6602f74d8-d8ec-4bf8-93df-c4c28e71a8b2198f0ee1-3b18-4685-a089-c7610985477aa799fbc8-9fcf-4921-8d39-dd5996d42b59</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>198f0ee1-3b18-4685-a089-c7610985477a</b:FlowGuid><b:Id>142</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:198f0ee1-3b18-4685-a089-c7610985477a:a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Anonymous User May be Subject to Elevation of Privilege Using Remote Code Execution</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Duke Encounters may be able to remotely execute code for Anonymous User.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E7602f74d8-d8ec-4bf8-93df-c4c28e71a8b2198f0ee1-3b18-4685-a089-c7610985477aa799fbc8-9fcf-4921-8d39-dd5996d42b59</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>198f0ee1-3b18-4685-a089-c7610985477a</b:FlowGuid><b:Id>143</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:198f0ee1-3b18-4685-a089-c7610985477a:a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation by Changing the Execution Flow in Anonymous User</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An attacker may pass data into Anonymous User in order to change the flow of program execution within Anonymous User to the attacker's choosing.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E7</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>R6578ea862-2e0c-4b5e-85e4-18ffbf8e62d0896a1395-66c3-4292-9a27-d8cb32bf438a602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>896a1395-66c3-4292-9a27-d8cb32bf438a</b:FlowGuid><b:Id>147</b:Id><b:InteractionKey>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0:896a1395-66c3-4292-9a27-d8cb32bf438a:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Data Repudiation by Duke Encounters</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Repudiation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Repudiation threats involve an adversary denying that something happened.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Duke Encounters claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>R6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D3578ea862-2e0c-4b5e-85e4-18ffbf8e62d0896a1395-66c3-4292-9a27-d8cb32bf438a602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>896a1395-66c3-4292-9a27-d8cb32bf438a</b:FlowGuid><b:Id>148</b:Id><b:InteractionKey>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0:896a1395-66c3-4292-9a27-d8cb32bf438a:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Process Crash or Stop for Duke Encounters</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Duke Encounters crashes, halts, stops or runs slowly; in all cases violating an availability metric.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D3</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D4578ea862-2e0c-4b5e-85e4-18ffbf8e62d0896a1395-66c3-4292-9a27-d8cb32bf438a602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>896a1395-66c3-4292-9a27-d8cb32bf438a</b:FlowGuid><b:Id>149</b:Id><b:InteractionKey>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0:896a1395-66c3-4292-9a27-d8cb32bf438a:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Data Flow HTTPS Is Potentially Interrupted</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An external agent interrupts data flowing across a trust boundary in either direction.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D4</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E5578ea862-2e0c-4b5e-85e4-18ffbf8e62d0896a1395-66c3-4292-9a27-d8cb32bf438a602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>896a1395-66c3-4292-9a27-d8cb32bf438a</b:FlowGuid><b:Id>150</b:Id><b:InteractionKey>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0:896a1395-66c3-4292-9a27-d8cb32bf438a:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation Using Impersonation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Duke Encounters may be able to impersonate the context of Registered User in order to gain additional privilege.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E5</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E6578ea862-2e0c-4b5e-85e4-18ffbf8e62d0896a1395-66c3-4292-9a27-d8cb32bf438a602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>896a1395-66c3-4292-9a27-d8cb32bf438a</b:FlowGuid><b:Id>151</b:Id><b:InteractionKey>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0:896a1395-66c3-4292-9a27-d8cb32bf438a:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Duke Encounters May be Subject to Elevation of Privilege Using Remote Code Execution</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Registered User may be able to remotely execute code for Duke Encounters.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E7578ea862-2e0c-4b5e-85e4-18ffbf8e62d0896a1395-66c3-4292-9a27-d8cb32bf438a602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>896a1395-66c3-4292-9a27-d8cb32bf438a</b:FlowGuid><b:Id>152</b:Id><b:InteractionKey>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0:896a1395-66c3-4292-9a27-d8cb32bf438a:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation by Changing the Execution Flow in Duke Encounters</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An attacker may pass data into Duke Encounters in order to change the flow of program execution within Duke Encounters to the attacker's choosing.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E7</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>8404dcf5-bdd8-4902-abc2-3b6c967b0261578ea862-2e0c-4b5e-85e4-18ffbf8e62d0896a1395-66c3-4292-9a27-d8cb32bf438a602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>896a1395-66c3-4292-9a27-d8cb32bf438a</b:FlowGuid><b:Id>153</b:Id><b:InteractionKey>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0:896a1395-66c3-4292-9a27-d8cb32bf438a:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Cross Site Request Forgery</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Cross-site request forgery (CSRF or XSRF) is a type of attack in which an attacker forces a user's browser to make a forged request to a vulnerable site by exploiting an existing trust relationship between the browser and the vulnerable web site.  In a simple scenario, a user is logged in to web site A using a cookie as a credential.  The other browses to web site B.  Web site B returns a page with a hidden form that posts to web site A.  Since the browser will carry the user's cookie to web site A, web site B now can take any action on web site A, for example, adding an admin to an account.  The attack can be used to exploit any requests that the browser automatically authenticates, e.g. by session cookie, integrated authentication, IP whitelisting, …  The attack can be carried out in many ways such as by luring the victim to a site under control of the attacker, getting the user to click a link in a phishing email, or hacking a reputable web site that the victim will visit. The issue can only be resolved on the server side by requiring that all authenticated state-changing requests include an additional piece of secret payload (canary or CSRF token) which is known only to the legitimate web site and the browser and which is protected in transit through SSL/TLS. See the Forgery Protection property on the flow stencil for a list of mitigations.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>8404dcf5-bdd8-4902-abc2-3b6c967b0261</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E7602f74d8-d8ec-4bf8-93df-c4c28e71a8b2bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac</b:FlowGuid><b:Id>163</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:bd7dd97e-3858-4ac3-8dc2-151ed6bc99ac:578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation by Changing the Execution Flow in Registered User</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An attacker may pass data into Registered User in order to change the flow of program execution within Registered User to the attacker's choosing.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>578ea862-2e0c-4b5e-85e4-18ffbf8e62d0</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E7</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>R6602f74d8-d8ec-4bf8-93df-c4c28e71a8b256c465cc-fdc5-499e-8fb7-3dc74037d8c91513f24c-932a-483d-a578-398f3adf8b1a</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>56c465cc-fdc5-499e-8fb7-3dc74037d8c9</b:FlowGuid><b:Id>167</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:56c465cc-fdc5-499e-8fb7-3dc74037d8c9:1513f24c-932a-483d-a578-398f3adf8b1a</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Data Repudiation by Admin User</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Repudiation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Repudiation threats involve an adversary denying that something happened.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Admin User claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>R6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>I26602f74d8-d8ec-4bf8-93df-c4c28e71a8b256c465cc-fdc5-499e-8fb7-3dc74037d8c91513f24c-932a-483d-a578-398f3adf8b1a</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>56c465cc-fdc5-499e-8fb7-3dc74037d8c9</b:FlowGuid><b:Id>168</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:56c465cc-fdc5-499e-8fb7-3dc74037d8c9:1513f24c-932a-483d-a578-398f3adf8b1a</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Weak Authentication Scheme</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Information Disclosure</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Information disclosure happens when the information can be read by an unauthorized party.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Custom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system. Consider the impact and potential mitigations for your custom authentication scheme.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>I26</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D3602f74d8-d8ec-4bf8-93df-c4c28e71a8b256c465cc-fdc5-499e-8fb7-3dc74037d8c91513f24c-932a-483d-a578-398f3adf8b1a</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>56c465cc-fdc5-499e-8fb7-3dc74037d8c9</b:FlowGuid><b:Id>169</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:56c465cc-fdc5-499e-8fb7-3dc74037d8c9:1513f24c-932a-483d-a578-398f3adf8b1a</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Process Crash or Stop for Admin User</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Admin User crashes, halts, stops or runs slowly; in all cases violating an availability metric.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D3</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D4602f74d8-d8ec-4bf8-93df-c4c28e71a8b256c465cc-fdc5-499e-8fb7-3dc74037d8c91513f24c-932a-483d-a578-398f3adf8b1a</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>56c465cc-fdc5-499e-8fb7-3dc74037d8c9</b:FlowGuid><b:Id>170</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:56c465cc-fdc5-499e-8fb7-3dc74037d8c9:1513f24c-932a-483d-a578-398f3adf8b1a</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Data Flow HTTPS Is Potentially Interrupted</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An external agent interrupts data flowing across a trust boundary in either direction.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D4</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E5602f74d8-d8ec-4bf8-93df-c4c28e71a8b256c465cc-fdc5-499e-8fb7-3dc74037d8c91513f24c-932a-483d-a578-398f3adf8b1a</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>56c465cc-fdc5-499e-8fb7-3dc74037d8c9</b:FlowGuid><b:Id>171</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:56c465cc-fdc5-499e-8fb7-3dc74037d8c9:1513f24c-932a-483d-a578-398f3adf8b1a</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation Using Impersonation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Admin User may be able to impersonate the context of Duke Encounters in order to gain additional privilege.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E5</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E6602f74d8-d8ec-4bf8-93df-c4c28e71a8b256c465cc-fdc5-499e-8fb7-3dc74037d8c91513f24c-932a-483d-a578-398f3adf8b1a</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>56c465cc-fdc5-499e-8fb7-3dc74037d8c9</b:FlowGuid><b:Id>172</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:56c465cc-fdc5-499e-8fb7-3dc74037d8c9:1513f24c-932a-483d-a578-398f3adf8b1a</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Admin User May be Subject to Elevation of Privilege Using Remote Code Execution</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Duke Encounters may be able to remotely execute code for Admin User.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E7602f74d8-d8ec-4bf8-93df-c4c28e71a8b256c465cc-fdc5-499e-8fb7-3dc74037d8c91513f24c-932a-483d-a578-398f3adf8b1a</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>56c465cc-fdc5-499e-8fb7-3dc74037d8c9</b:FlowGuid><b:Id>173</b:Id><b:InteractionKey>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2:56c465cc-fdc5-499e-8fb7-3dc74037d8c9:1513f24c-932a-483d-a578-398f3adf8b1a</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation by Changing the Execution Flow in Admin User</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An attacker may pass data into Admin User in order to change the flow of program execution within Admin User to the attacker's choosing.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E7</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>R61513f24c-932a-483d-a578-398f3adf8b1a9f165aff-d80a-439c-928d-af0a0e589858602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>9f165aff-d80a-439c-928d-af0a0e589858</b:FlowGuid><b:Id>177</b:Id><b:InteractionKey>1513f24c-932a-483d-a578-398f3adf8b1a:9f165aff-d80a-439c-928d-af0a0e589858:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Data Repudiation by Duke Encounters</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Repudiation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Repudiation threats involve an adversary denying that something happened.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Duke Encounters claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>R6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D31513f24c-932a-483d-a578-398f3adf8b1a9f165aff-d80a-439c-928d-af0a0e589858602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>9f165aff-d80a-439c-928d-af0a0e589858</b:FlowGuid><b:Id>178</b:Id><b:InteractionKey>1513f24c-932a-483d-a578-398f3adf8b1a:9f165aff-d80a-439c-928d-af0a0e589858:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Process Crash or Stop for Duke Encounters</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Duke Encounters crashes, halts, stops or runs slowly; in all cases violating an availability metric.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D3</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D41513f24c-932a-483d-a578-398f3adf8b1a9f165aff-d80a-439c-928d-af0a0e589858602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>9f165aff-d80a-439c-928d-af0a0e589858</b:FlowGuid><b:Id>179</b:Id><b:InteractionKey>1513f24c-932a-483d-a578-398f3adf8b1a:9f165aff-d80a-439c-928d-af0a0e589858:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Data Flow HTTPS Is Potentially Interrupted</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An external agent interrupts data flowing across a trust boundary in either direction.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D4</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E51513f24c-932a-483d-a578-398f3adf8b1a9f165aff-d80a-439c-928d-af0a0e589858602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>9f165aff-d80a-439c-928d-af0a0e589858</b:FlowGuid><b:Id>180</b:Id><b:InteractionKey>1513f24c-932a-483d-a578-398f3adf8b1a:9f165aff-d80a-439c-928d-af0a0e589858:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation Using Impersonation</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Duke Encounters may be able to impersonate the context of Admin User in order to gain additional privilege.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E5</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E61513f24c-932a-483d-a578-398f3adf8b1a9f165aff-d80a-439c-928d-af0a0e589858602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>9f165aff-d80a-439c-928d-af0a0e589858</b:FlowGuid><b:Id>181</b:Id><b:InteractionKey>1513f24c-932a-483d-a578-398f3adf8b1a:9f165aff-d80a-439c-928d-af0a0e589858:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Duke Encounters May be Subject to Elevation of Privilege Using Remote Code Execution</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Admin User may be able to remotely execute code for Duke Encounters.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E6</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>E71513f24c-932a-483d-a578-398f3adf8b1a9f165aff-d80a-439c-928d-af0a0e589858602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>9f165aff-d80a-439c-928d-af0a0e589858</b:FlowGuid><b:Id>182</b:Id><b:InteractionKey>1513f24c-932a-483d-a578-398f3adf8b1a:9f165aff-d80a-439c-928d-af0a0e589858:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Elevation by Changing the Execution Flow in Duke Encounters</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>An attacker may pass data into Duke Encounters in order to change the flow of program execution within Duke Encounters to the attacker's choosing.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>E7</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>8404dcf5-bdd8-4902-abc2-3b6c967b02611513f24c-932a-483d-a578-398f3adf8b1a9f165aff-d80a-439c-928d-af0a0e589858602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>9f165aff-d80a-439c-928d-af0a0e589858</b:FlowGuid><b:Id>183</b:Id><b:InteractionKey>1513f24c-932a-483d-a578-398f3adf8b1a:9f165aff-d80a-439c-928d-af0a0e589858:602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Cross Site Request Forgery</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Elevation Of Privilege</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Cross-site request forgery (CSRF or XSRF) is a type of attack in which an attacker forces a user's browser to make a forged request to a vulnerable site by exploiting an existing trust relationship between the browser and the vulnerable web site.  In a simple scenario, a user is logged in to web site A using a cookie as a credential.  The other browses to web site B.  Web site B returns a page with a hidden form that posts to web site A.  Since the browser will carry the user's cookie to web site A, web site B now can take any action on web site A, for example, adding an admin to an account.  The attack can be used to exploit any requests that the browser automatically authenticates, e.g. by session cookie, integrated authentication, IP whitelisting, …  The attack can be carried out in many ways such as by luring the victim to a site under control of the attacker, getting the user to click a link in a phishing email, or hacking a reputable web site that the victim will visit. The issue can only be resolved on the server side by requiring that all authenticated state-changing requests include an additional piece of secret payload (canary or CSRF token) which is known only to the legitimate web site and the browser and which is protected in transit through SSL/TLS. See the Forgery Protection property on the flow stencil for a list of mitigations.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>HTTPS</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>1513f24c-932a-483d-a578-398f3adf8b1a</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>602f74d8-d8ec-4bf8-93df-c4c28e71a8b2</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>8404dcf5-bdd8-4902-abc2-3b6c967b0261</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>I2369d999f0-41a1-40c1-b45e-ca036e4ac412cd3252dd-5711-4994-9057-b3e3e981c364a799fbc8-9fcf-4921-8d39-dd5996d42b59</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>cd3252dd-5711-4994-9057-b3e3e981c364</b:FlowGuid><b:Id>193</b:Id><b:InteractionKey>69d999f0-41a1-40c1-b45e-ca036e4ac412:cd3252dd-5711-4994-9057-b3e3e981c364:a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Weak Access Control for a Resource</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Information Disclosure</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Information disclosure happens when the information can be read by an unauthorized party.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Improper data protection of Cookies can allow an attacker to read information not intended for disclosure. Review authorization settings.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>read</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>69d999f0-41a1-40c1-b45e-ca036e4ac412</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>I23</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>S7.1a799fbc8-9fcf-4921-8d39-dd5996d42b59b4ef336a-ddf9-4341-beda-42444ee0b22b69d999f0-41a1-40c1-b45e-ca036e4ac412</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>b4ef336a-ddf9-4341-beda-42444ee0b22b</b:FlowGuid><b:Id>194</b:Id><b:InteractionKey>a799fbc8-9fcf-4921-8d39-dd5996d42b59:b4ef336a-ddf9-4341-beda-42444ee0b22b:69d999f0-41a1-40c1-b45e-ca036e4ac412</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Spoofing of Destination Data Store Cookies</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Spoofing</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Cookies may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Cookies. Consider using a standard authentication mechanism to identify the destination data store.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>write</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>69d999f0-41a1-40c1-b45e-ca036e4ac412</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>S7.1</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB><a:KeyValueOfstringThreatpc_P0_PhOB><a:Key>D2a799fbc8-9fcf-4921-8d39-dd5996d42b59b4ef336a-ddf9-4341-beda-42444ee0b22b69d999f0-41a1-40c1-b45e-ca036e4ac412</a:Key><a:Value xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"><b:ChangedBy i:nil="true"/><b:DrawingSurfaceGuid>ef763f2f-d77d-4c39-9a01-0d17612772a7</b:DrawingSurfaceGuid><b:FlowGuid>b4ef336a-ddf9-4341-beda-42444ee0b22b</b:FlowGuid><b:Id>195</b:Id><b:InteractionKey>a799fbc8-9fcf-4921-8d39-dd5996d42b59:b4ef336a-ddf9-4341-beda-42444ee0b22b:69d999f0-41a1-40c1-b45e-ca036e4ac412</b:InteractionKey><b:InteractionString i:nil="true"/><b:ModifiedAt>0001-01-01T00:00:00</b:ModifiedAt><b:Priority>High</b:Priority><b:Properties><a:KeyValueOfstringstring><a:Key>Title</a:Key><a:Value>Potential Excessive Resource Consumption for Anonymous User or Cookies</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatCategory</a:Key><a:Value>Denial Of Service</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatShortDescription</a:Key><a:Value>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>UserThreatDescription</a:Key><a:Value>Does Anonymous User or Cookies take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>InteractionString</a:Key><a:Value>write</a:Value></a:KeyValueOfstringstring><a:KeyValueOfstringstring><a:Key>Priority</a:Key><a:Value>High</a:Value></a:KeyValueOfstringstring></b:Properties><b:SourceGuid>a799fbc8-9fcf-4921-8d39-dd5996d42b59</b:SourceGuid><b:State>AutoGenerated</b:State><b:StateInformation i:nil="true"/><b:TargetGuid>69d999f0-41a1-40c1-b45e-ca036e4ac412</b:TargetGuid><b:Title i:nil="true"/><b:TypeId>D2</b:TypeId><b:Upgraded>false</b:Upgraded><b:UserThreatCategory i:nil="true"/><b:UserThreatDescription i:nil="true"/><b:UserThreatShortDescription i:nil="true"/><b:Wide>false</b:Wide></a:Value></a:KeyValueOfstringThreatpc_P0_PhOB></ThreatInstances><ThreatGenerationEnabled>true</ThreatGenerationEnabled><Validations xmlns:a="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase"/><Version>4.3</Version><KnowledgeBase z:Id="i33" xmlns:a="http://schemas.datacontract.org/2004/07/ThreatModeling.KnowledgeBase" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/"><a:GenericElements><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Managed</b:Value><b:Value>Unmanaged</b:Value></a:AttributeValues><a:DisplayName>Code Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>codeType</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Kernel</b:Value><b:Value>System</b:Value><b:Value>Network Service</b:Value><b:Value>Local Service</b:Value><b:Value>Administrator</b:Value><b:Value>Standard User With Elevation</b:Value><b:Value>Standard User Without Elevation</b:Value><b:Value>Windows Store App</b:Value></a:AttributeValues><a:DisplayName>Running As</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>runningAs</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>AppContainer</b:Value><b:Value>Low Integrity Level</b:Value><b:Value>Microsoft Office Isolated Conversion Environment (MOICE)</b:Value><b:Value>Sandbox</b:Value></a:AttributeValues><a:DisplayName>Isolation Level</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>Isolation</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Any Remote User or Entity</b:Value><b:Value>Kernel, System, or Local Admin</b:Value><b:Value>Local or Network Service</b:Value><b:Value>Local Standard User With Elevation</b:Value><b:Value>Local Standard User Without Elevation</b:Value><b:Value>Windows Store Apps or App Container Processes</b:Value><b:Value>Nothing</b:Value><b:Value>Other</b:Value></a:AttributeValues><a:DisplayName>Accepts Input From</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>acceptsInputFrom</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Implements or Uses an Authentication Mechanism</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>implementsAuthenticationScheme</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Implements or Uses an Authorization Mechanism</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>implementsCustomAuthorizationMechanism</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Implements or Uses a Communication Protocol</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>implementsCommunicationProtocol</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Sanitizes Input</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>hasInputSanitizers</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Sanitizes Output</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>hasOutputSanitizers</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>A representation of a generic process.</a:Description><a:Hidden>false</a:Hidden><a:Id>GE.P</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAARRJREFUOE99ksFmQ0EUhtOHKCGUUi6hhEieoVy6CiGrkG3IA2TVB+hThVLyDN1eSghdZTX5P84fc5u5d/H558z5z5kzc+/gYVb/ZydS6F0+pdTCCcwHUYsvQQPU8Vb0NjgKirog39vgXWA8iZWYhBKzT76zwUZ47KV4ER/iOWL2yeMrNriECUbiM9Y0IXYOX7FBPsFCcPJeUEzMfu8E8CYw/gqKnkKJ2SdvbwsvvgXGLsi3Co0X+X+AUoTy+v4PXgXX+xFDMRa3Bjlr8RfqvbmgqT+rdZ4X9sGD0pRJH0OJR3evmiODaQQnVqE8MtoUC40MhsKz4GTujhJXxUIjg5kKTmTsXKfFQiNDDg/JJBRzBcX14ApRBWL6a6sYxQAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Generic Process</a:Name><a:ParentId>ROOT</a:ParentId><a:Representation>Ellipse</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Applicable</b:Value><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Authenticates Itself</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>authenticatesItself</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Code</b:Value><b:Value>Human</b:Value></a:AttributeValues><a:DisplayName>Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>type</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Microsoft</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>MS</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an external interactor.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>GE.EI</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAALEwAACxMBAJqcGAAAANBJREFUOE9j+P//P1UwVkFyMJhgNPX+jwW/B2J5dA24MJhAMwCOmc19LgJpfnRN2DCYQDeADGxPFYN0I7J8aG+QgGPYHdWglJ0wvkVi0SJWC7/PyGpgGK9B6W2TM4Fy2iDDAkqau4BsJb+ixg5savEaxGTm8wFI64MMA2IpEBsYix+R1cAwwTASdY1MB8mDMLdt0FRsakAYr0FQ74BdAsJAtjpymCFjQoG9Ekjrg7wI86aEe/R6ZDUwTNBrxGLqGwTErhRiQZhBFGOsgqTj/wwAWDijBcYFCvcAAAAASUVORK5CYII=</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Generic External Interactor</a:Name><a:ParentId>ROOT</a:ParentId><a:Representation>Rectangle</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Stores Credentials</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>storesCredentials</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Stores Log Data</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>storesLogData</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Encrypted</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>Encrypted</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Signed</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>Signed</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Write Access</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>AccessType</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Removable Storage</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>RemoveableStorage</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Backup</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>Backup</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Shared</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>shared</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>SQL Relational Database</b:Value><b:Value>Non Relational Database</b:Value><b:Value>File System</b:Value><b:Value>Registry</b:Value><b:Value>Configuration</b:Value><b:Value>Cache</b:Value><b:Value>HTML5 Storage</b:Value><b:Value>Cookie</b:Value><b:Value>Device</b:Value></a:AttributeValues><a:DisplayName>Store Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>storeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of a data store.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>GE.DS</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAIxJREFUOE9j+P//PxwzmnrPB+L/BPB5IOaH6SFVMxgzmflcANJgQ0jWDMMwQ8jSDMMgQ0Au0AZiVzKxBcgFWE0nFoMNcM6smoaPxoZhcpS7AIu/SMLDIQxKJswpxoVhikC2YZMHYVAgCuLCMANcs6vDsMmDMMwL9jDFJGCwHrABuhFZPkgSRGGIHu//AJbS3MIG0q+eAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Generic Data Store</a:Name><a:ParentId>ROOT</a:ParentId><a:Representation>ParallelLines</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Wire</b:Value><b:Value>Wi-Fi</b:Value><b:Value>Bluetooth</b:Value><b:Value>2G-4G</b:Value></a:AttributeValues><a:DisplayName>Physical Network</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>channel</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Source Authenticated</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>authenticatesSource</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Destination Authenticated</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>authenticatesDestination</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Provides Confidentiality</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>providesConfidentiality</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Provides Integrity</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>providesIntegrity</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Transmits XML</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>XMLenc</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Contains Cookies</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>Cookies</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>SOAP Payload</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>SOAP</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>REST Payload</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>REST</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>RSS Payload</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>RSS</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>JSON Payload</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>JSON</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>ValidateAntiForgeryTokenAttribute</b:Value><b:Value>ViewStateUserKey</b:Value><b:Value>Nonce</b:Value><b:Value>Other dynamic canary</b:Value><b:Value>Static header not available to the browser</b:Value><b:Value>Other</b:Value><b:Value>None</b:Value><b:Value>Not applicable because the request does not change data</b:Value></a:AttributeValues><a:DisplayName>Forgery Protection</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>54851a3b-65da-4902-b4e0-94ef015be735</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A unidirectional representation of the flow of data between elements.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>GE.DF</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEtJREFUOE9j+P//P1bMaOr9Hx2jqwFhDAEYHngDYBiXRhjGKoiMR5IBIIWkYmwGgGh0jFN8OBkA4qBhbGJYxbEagMNQrOIUGuD9HwBIkRfD8QF9EgAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Generic Data Flow</a:Name><a:ParentId>ROOT</a:ParentId><a:Representation>Line</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
        An arc representation of a trust boundary.
      </a:Description><a:Hidden>false</a:Hidden><a:Id>GE.TB.L</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAZdEVYdFNvZnR3YXJlAEFkb2JlIEltYWdlUmVhZHlxyWU8AAABX0lEQVQ4T2NgNPXGh/mhGJscGCNzQArtgVgfxmcy87kAwlA5ZLVwDGOAFQPp/1Dcj8zHZwiY4LUPdgLSMM0YmM8+5JaAY5gRkI3dAJuUUlsgjVUzCM/ZuDPg////vEA2dgNAkqpBKTuBbKwGRNV0iQNpmCZQGMG9AxPk57IJvA6ksRrAYu67EEjLA7E+s7nPReQwAWtGC0CiMMwQkPNZ5H0TtqArIIRBAWueUCgM9gLQEG1QGHDbBr1YuftQDJDvapFYtAhdEwwDY+TO8cvXXUCWw8IAbMjCrXtDgDQHlK8E04CO1YPTVoA0A9nwQIQZAtYMxaBAw2oAFINSLaoBSFgfGEgPgDQ2jWAs5hZVCaSxGwB0Ca+iX9I2IBusGORn3YistTA+q4Xf59KJcy1BarEaAMJAQ8ABixRg6omN/fWgwF26Y38EzLsghfiwNhBbADELlC8KxEpAzAHh/2cAANCSU7ngF2KpAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Generic Trust Line Boundary</a:Name><a:ParentId>ROOT</a:ParentId><a:Representation>LineBoundary</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
        A border representation of a trust boundary.
      </a:Description><a:Hidden>false</a:Hidden><a:Id>GE.TB.B</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Generic Trust Border Boundary</a:Name><a:ParentId>ROOT</a:ParentId><a:Representation>BorderBoundary</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an annotation.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>GE.A</a:Id><a:ImageLocation i:nil="true"/><a:ImageSource i:nil="true"/><a:ImageStream i:nil="true"/><a:Name>Free Text Annotation</a:Name><a:ParentId>ROOT</a:ParentId><a:Representation>Annotation</a:Representation><a:Shape i:nil="true"/></a:ElementType></a:GenericElements><a:Manifest><a:Author>TwC MSEC</a:Author><a:Id>cc62ebae-3748-431e-b1df-f4220dc9003f</a:Id><a:Name>SDL TM Knowledge Base (Core)</a:Name><a:Version>4.1.0.9</a:Version></a:Manifest><a:StandardElements><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A Windows Process.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.OSProcess</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEFJREFUOE9jYDT1ngnE/8nEM0EG/EETJAV/ABmATYJYTD0DQDQ5eNSAUQNAmDoGgDITugSxGGzAfCAGuYIM7D0HAH9a5DRx46KEAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>OS Process</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A thread of execution in a Windows process.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.Thread</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEFJREFUOE9jYDT1ngnE/8nEM0EG/EETJAV/ABmATYJYTD0DQDQ5eNSAUQNAmDoGgDITugSxGGzAfCAGuYIM7D0HAH9a5DRx46KEAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Thread</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Unmanaged</b:Value></a:AttributeValues><a:DisplayName>Code Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>codeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A thread of execution in the Windows kernel.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.KernelThread</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEFJREFUOE9jYDT1ngnE/8nEM0EG/EETJAV/ABmATYJYTD0DQDQ5eNSAUQNAmDoGgDITugSxGGzAfCAGuYIM7D0HAH9a5DRx46KEAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Kernel Thread</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Unmanaged</b:Value></a:AttributeValues><a:DisplayName>Code Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>codeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of a Win32 or Win64 application.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.WinApp</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEFJREFUOE9jYDT1ngnE/8nEM0EG/EETJAV/ABmATYJYTD0DQDQ5eNSAUQNAmDoGgDITugSxGGzAfCAGuYIM7D0HAH9a5DRx46KEAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Native Application</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Managed</b:Value></a:AttributeValues><a:DisplayName>Code Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>codeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of a .NET Web application.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.NetApp</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAANFJREFUOE+t09EGAkEUxvF6lG6jqxQR3cbQbURERER0FV31ErEsveI+QNT3X3NYszPsji5+Zsycvjk7o8Fw5gr5ZioI+ASLfVQExDa6+l8AY45kgJO7HGQvD78W1kUD+MFYljLxmE9lJ83aVsBRLsLTnuXpMWftKtQkA+yErR+tA+Z01qxBK+AlJ+E0RuuAeelH9pIBls7lMfbuYCNruQkXx6dgLrwKe9QkA8BJI1mJdcCcEOvCRAPA6dw4nwJeYSFhXR3Anync6KoOeAtdZHDlD8vn/L46Hi6/AAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Managed Application</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Unmanaged</b:Value></a:AttributeValues><a:DisplayName>Code Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>codeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of a thick client.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.ThickClient</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAGBJREFUOE/FjdEJwDAIBe1QnaJ7BzpA5nmpH8KjkaC2kI9L5MBTAHzClRnkOK/+gABdF95+EissoL/N/wRMrOAAsyfArhRgSgF2pQBTCrDT59YhQLMlZrqUxZUZXBkHMgDkpHNwRk9QLgAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Thick Client</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Unmanaged</b:Value></a:AttributeValues><a:DisplayName>Code Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>codeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of a browser client.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.BrowserClient</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAASBJREFUOE+l0q1LBGEQx/FdMMsVg/H+AG1WmxqMZ1WDWC5dUMQiyImIQVARRTGpRVHwpYigd/iCmLQZBINYD8yG576/Y0Y27AOehs/O7PA8s/PwbBJC+JfcYjuStG/Y9WAML9jAE0ZQRGuNNhBDlm+exDvqKmLP4hXeMIifBv515Xp04Rrb2MIdZiyu4NB0xBos4RZzOMYNplHDPhZwj7JvylJBo+tFi78s37X4iSPLa7EGq9D441jDJkattowJy+e9gaLnenwogcb/tvzAYgMXltdjE1Rwjins4ARli+uYhZqUYhN04gFqoi+/ompRt6Kr1XRpbAIZwjMuVYQf4QyP6EX0P3DdGMApFqEj9KOA1prcCbzbX+UW25Fb/L2QNAG8ROHz0OoHewAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Browser Client</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>ActiveX</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>ActiveX</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Brower Plug-in Object (BHO)</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>BHO</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an browser plugin.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.PlugIn</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAANxJREFUOE+l070OwVAYgGEdDG7BbJUYMPhZJKYmBgYJg9lgwCDhAoTJHXSR2A0MRPxdA4nRDRgYxML7JW3SoI62w5PTnp68+XKSBrSEXsPTI0MCl7dNVyRgvcizG64CafTQte0pA1G0McASKdi//wyUccQaMzxwRgzWGcdAGAdskUEIHciZFZSBLDaYY4wJppAzMokyEMcOezTRQh1VVKAMyLgnXJGEhgL6kLtRBkZo4A7Zv5mrjJ/HXwFZS1hA7mKICKwzwjGQQxEyftDc++Yj4IkEfP9MPn5n3XgBkdQdpG8eZzEAAAAASUVORK5CYII=</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Browser and ActiveX Plugins</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Managed</b:Value></a:AttributeValues><a:DisplayName>Code Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>codeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an Web Server Process.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.WebServer</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAJ5JREFUOE9j+P//Pxgzmnr/JwejGOCcWTWtZMKcYmIxhgGu2dVhQLYgsRjDAN2ILB8YnxgMNgBEYMH22DSgY5BarAYQ6xKQWjABCjwBx7A7qkEpO8kyAB3T3wDk+Ec2iBiM1QW4DMSW0LC6ADlBIRuALaERDAOLxKJFMBxS3qYHE4dhnAZgE0fC8IQGIlyxYJDzsInDMEgebgAF+D8DAHhvQ2cWCf/0AAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Web Server</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Local</b:Value><b:Value>Web</b:Value></a:AttributeValues><a:DisplayName>Context</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>context</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Documents Library capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>documentsLibrary</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Enterprise Authentication capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>enterprizeAuthentication</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Internet (Client &amp; Server) capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>internetClientServer</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Internet (Client) capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>internetClient</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Location capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>location</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Microphone capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>microphone</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Music Library capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>musicLibrary</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Pictures Library capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>pictureLibrary</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Private Networks (Client &amp; Server) capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>privateNetworkClientServer</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Proximity capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>proximity</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Removable Storage capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>removableStorage</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Shared User Certificates capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>sharedUserCertificates</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Text Messaging capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>sms</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Videos Library capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>videosLibrary</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Selected</b:Value><b:Value>Yes</b:Value><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Webcam capability</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>webcam</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Managed</b:Value></a:AttributeValues><a:DisplayName>Code Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>codeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of a Windows Store process.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.Modern</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAARRJREFUOE99ksFmQ0EUhtOHKCGUUi6hhEieoVy6CiGrkG3IA2TVB+hThVLyDN1eSghdZTX5P84fc5u5d/H558z5z5kzc+/gYVb/ZydS6F0+pdTCCcwHUYsvQQPU8Vb0NjgKirog39vgXWA8iZWYhBKzT76zwUZ47KV4ER/iOWL2yeMrNriECUbiM9Y0IXYOX7FBPsFCcPJeUEzMfu8E8CYw/gqKnkKJ2SdvbwsvvgXGLsi3Co0X+X+AUoTy+v4PXgXX+xFDMRa3Bjlr8RfqvbmgqT+rdZ4X9sGD0pRJH0OJR3evmiODaQQnVqE8MtoUC40MhsKz4GTujhJXxUIjg5kKTmTsXKfFQiNDDg/JJBRzBcX14ApRBWL6a6sYxQAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Windows Store Process</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Unmanaged</b:Value></a:AttributeValues><a:DisplayName>Code Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>codeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an network process or service.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.Win32Service</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAANFJREFUOE+t09EGAkEUxvF6lG6jqxQR3cbQbURERER0FV31ErEsveI+QNT3X3NYszPsji5+Zsycvjk7o8Fw5gr5ZioI+ASLfVQExDa6+l8AY45kgJO7HGQvD78W1kUD+MFYljLxmE9lJ83aVsBRLsLTnuXpMWftKtQkA+yErR+tA+Z01qxBK+AlJ+E0RuuAeelH9pIBls7lMfbuYCNruQkXx6dgLrwKe9QkA8BJI1mJdcCcEOvCRAPA6dw4nwJeYSFhXR3Anync6KoOeAtdZHDlD8vn/L46Hi6/AAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Win32 Service</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Unmanaged</b:Value></a:AttributeValues><a:DisplayName>Code Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>codeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      Delivers web content to a human user.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.WebApp</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAANFJREFUOE+t09EGAkEUxvF6lG6jqxQR3cbQbURERER0FV31ErEsveI+QNT3X3NYszPsji5+Zsycvjk7o8Fw5gr5ZioI+ASLfVQExDa6+l8AY45kgJO7HGQvD78W1kUD+MFYljLxmE9lJ83aVsBRLsLTnuXpMWftKtQkA+yErR+tA+Z01qxBK+AlJ+E0RuuAeelH9pIBls7lMfbuYCNruQkXx6dgLrwKe9QkA8BJI1mJdcCcEOvCRAPA6dw4nwJeYSFhXR3Anync6KoOeAtdZHDlD8vn/L46Hi6/AAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Web Application</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Unmanaged</b:Value></a:AttributeValues><a:DisplayName>Code Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>codeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      Exposes a programmatic interface.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.WebSvc</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAANFJREFUOE+t09EGAkEUxvF6lG6jqxQR3cbQbURERER0FV31ErEsveI+QNT3X3NYszPsji5+Zsycvjk7o8Fw5gr5ZioI+ASLfVQExDa6+l8AY45kgJO7HGQvD78W1kUD+MFYljLxmE9lJ83aVsBRLsLTnuXpMWftKtQkA+yErR+tA+Z01qxBK+AlJ+E0RuuAeelH9pIBls7lMfbuYCNruQkXx6dgLrwKe9QkA8BJI1mJdcCcEOvCRAPA6dw4nwJeYSFhXR3Anync6KoOeAtdZHDlD8vn/L46Hi6/AAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Web Service</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A virtual machine running in a Hyper-V partition.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.VM</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAARRJREFUOE99ksFmQ0EUhtOHKCGUUi6hhEieoVy6CiGrkG3IA2TVB+hThVLyDN1eSghdZTX5P84fc5u5d/H558z5z5kzc+/gYVb/ZydS6F0+pdTCCcwHUYsvQQPU8Vb0NjgKirog39vgXWA8iZWYhBKzT76zwUZ47KV4ER/iOWL2yeMrNriECUbiM9Y0IXYOX7FBPsFCcPJeUEzMfu8E8CYw/gqKnkKJ2SdvbwsvvgXGLsi3Co0X+X+AUoTy+v4PXgXX+xFDMRa3Bjlr8RfqvbmgqT+rdZ4X9sGD0pRJH0OJR3evmiODaQQnVqE8MtoUC40MhsKz4GTujhJXxUIjg5kKTmTsXKfFQiNDDg/JJBRzBcX14ApRBWL6a6sYxQAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Virtual Machine</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      Microsoft applications running on operating systems from Google or Apple.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.P.TMCore.NonMS</a:Id><a:ImageLocation>Centered on stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAARRJREFUOE99ksFmQ0EUhtOHKCGUUi6hhEieoVy6CiGrkG3IA2TVB+hThVLyDN1eSghdZTX5P84fc5u5d/H558z5z5kzc+/gYVb/ZydS6F0+pdTCCcwHUYsvQQPU8Vb0NjgKirog39vgXWA8iZWYhBKzT76zwUZ47KV4ER/iOWL2yeMrNriECUbiM9Y0IXYOX7FBPsFCcPJeUEzMfu8E8CYw/gqKnkKJ2SdvbwsvvgXGLsi3Co0X+X+AUoTy+v4PXgXX+xFDMRa3Bjlr8RfqvbmgqT+rdZ4X9sGD0pRJH0OJR3evmiODaQQnVqE8MtoUC40MhsKz4GTujhJXxUIjg5kKTmTsXKfFQiNDDg/JJBRzBcX14ApRBWL6a6sYxQAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Applications Running on a non Microsoft OS</a:Name><a:ParentId>GE.P</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Code</b:Value></a:AttributeValues><a:DisplayName>Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>type</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an external Web browser.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.EI.TMCore.Browser</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAMRJREFUOE9j+P//PwOjqfd/NGwPEkfH2NSBJUomzCmGCTpnVk1rmbdCHl0zLnVgCZggDPPaBzuha8alDquEbkSWD5C+jyYuj8YHq8NnAIqYuFu0K7oY2AAgA90mkjCG7aRinAaAQhkbGx3jNMA1uzoMGD6uUCyHTQ0I4zQAFECgAIZhbGpAeJAYYJFYtAiUTEE4sbG/HiSGzQBs6hi4bYNegBjoOKS8TQ/ZAFzqQJI2QAwLbWTMAcRwA4AYqzpkBWTg/wwA3lTsAWB+hJkAAAAASUVORK5CYII=</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Browser</a:Name><a:ParentId>GE.EI</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an external authorization provider.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.EI.TMCore.AuthProvider</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAATpJREFUOE9j+P//PwZmNPWuB+L7QPwfit8D8Xwg5kdXi8IBYajC/0YxeXNLJswpBmG/osYOFnPfT0xmPhfQDUHXHA/SDNIE5CsBsSAUS529fseH1cLvM9CghSC1MIxiALuV/xXVoJSdQDZIE4ocELOAXAKyANkVKIpAkuGVHfHIYsh47sZd6iA1vPbBTjAxFAUgSd2ILB9kMWRsnlAojK4GRYGAY9gdLpvApchiyJjTOjAJZEDLvBXyMDEUBW45NU0gBUCM4Q2gmD6zuc9HaBixwMRRFAGxFEgB1BCU6AJG4Qd+h9DbO0+cM0cWhzOQsDbIAJBzYWJAvjxILLSirQzIh9sOwnAGMoa6AAObxhX4o6tF4SBhVxwYI32gcJAxFhfYY1OHIYCECdoOwhgCyJiQ7SCMVZB4/J8BAHcPi99NNItPAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Authorization Provider</a:Name><a:ParentId>GE.EI</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Code</b:Value></a:AttributeValues><a:DisplayName>Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>type</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an external Web application (portal, front ed, etc.).
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.EI.TMCore.WebApp</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAIBJREFUOE9j+P//PwOjqXc8EP8nEc8H6QUbwGzu8xGLAmKwPswFYAHnzKppJRPmFBPCMPUqgSmeKAa4ZleHAfmChDBMvW5Elg+KASABEJ8QHjVg1AAQxmkAqRhuAKuF32dsCmB5A5scCNuklNqCDfArauzApgAfVg1K2fn//39eAIdsIEry0cBoAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>External Web Application</a:Name><a:ParentId>GE.EI</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Code</b:Value></a:AttributeValues><a:DisplayName>Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>type</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an external Web service.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.EI.TMCore.WebSvc</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAJ5JREFUOE9j+P//Pxgzmnr/JwejGOCcWTWtZMKcYmIxhgGu2dVhQLYgsRjDAN2ILB8YnxgMNgBEYMH22DSgY5BarAYQ6xKQWjABCjwBx7A7qkEpO8kyAB3T3wDk+Ec2iBiM1QW4DMSW0LC6ADlBIRuALaERDAOLxKJFMBxS3qYHE4dhnAZgE0fC8IQGIlyxYJDzsInDMEgebgAF+D8DAHhvQ2cWCf/0AAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>External Web Service</a:Name><a:ParentId>GE.EI</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Human</b:Value></a:AttributeValues><a:DisplayName>Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>type</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of a user.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.EI.TMCore.User</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAQNJREFUOE9j+P//PwZmNPXWB+L7QPwfiveDxLCpxRAAKuRnMvP5gKQZjJnNfS6iqwVhDAFe+2AndM1IGMMVKBwQ1o3I8sGiEYyL+mdLo6tH4YAwl03gUmyaQZjN0r8QXT0KB4SFnSP2YNMMwsoByQ3o6lE4ILzvzEVrVgu/z+iaBRzD7izbcUAbXT0KB4pZlPyTtqMb4JZT0wSSQ1OL1QCG8MqOeHQDgEAKWQ0MYwgAFfMDo3IaugFAHI+uFoThDKACUOqbD8TvoRqwYVDqrAdiebgBQA5IIyipYtOAD4Ms42cAJVE0CaIxi7nvQpALsEoSg/kdQk9RZICgU9gZCg0IOwMAqzT/oq6scnwAAAAASUVORK5CYII=</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Human User</a:Name><a:ParentId>GE.EI</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A large service that has only one instance on the Internet, for example, Outlook.com and Xbox Live.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.EI.TMCore.Megasevrice</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAALBJREFUOE+l0rEJwmAQBeBfBEFwAAcQBHsLwQ1srRwgrUu4gZO4gQNYWQmpbG0d4HwvmHD+eZocFh8JL3eP5CfJzP4iw4g0WG66LKCAlcsarcCZwhnMucEMmjm/UJvDEPLl2hX4vJr3ixO4AIee7+s3a2gVbEENK3v4KNgBX00NKzwL7lQFPGE11EfBgnsWRpQs6DqwXx4sOGVhxJEFY95A5FNKOMBI/t8RMoyQYX+WXnB1v3lL8LpjAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Megaservice</a:Name><a:ParentId>GE.EI</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Applicable</b:Value></a:AttributeValues><a:DisplayName>Authenticates Itself</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>authenticatesItself</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Code</b:Value></a:AttributeValues><a:DisplayName>Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>type</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      Represents the point where an application calls into an unmanged runtime library such as the CRT.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.EI.TMCore.CRT</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAALEwAACxMBAJqcGAAAANBJREFUOE9j+P//P1UwVkFyMJhgNPX+jwW/B2J5dA24MJhAMwCOmc19LgJpfnRN2DCYQDeADGxPFYN0I7J8aG+QgGPYHdWglJ0wvkVi0SJWC7/PyGpgGK9B6W2TM4Fy2iDDAkqau4BsJb+ixg5savEaxGTm8wFI64MMA2IpEBsYix+R1cAwwTASdY1MB8mDMLdt0FRsakAYr0FQ74BdAsJAtjpymCFjQoG9Ekjrg7wI86aEe/R6ZDUwTNBrxGLqGwTErhRiQZhBFGOsgqTj/wwAWDijBcYFCvcAAAAASUVORK5CYII=</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Windows Runtime</a:Name><a:ParentId>GE.EI</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Applicable</b:Value></a:AttributeValues><a:DisplayName>Authenticates Itself</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>authenticatesItself</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Code</b:Value></a:AttributeValues><a:DisplayName>Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>type</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      Represents the point where an application calls into the .NET Framework.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.EI.TMCore.NFX</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAALEwAACxMBAJqcGAAAANBJREFUOE9j+P//P1UwVkFyMJhgNPX+jwW/B2J5dA24MJhAMwCOmc19LgJpfnRN2DCYQDeADGxPFYN0I7J8aG+QgGPYHdWglJ0wvkVi0SJWC7/PyGpgGK9B6W2TM4Fy2iDDAkqau4BsJb+ixg5savEaxGTm8wFI64MMA2IpEBsYix+R1cAwwTASdY1MB8mDMLdt0FRsakAYr0FQ74BdAsJAtjpymCFjQoG9Ekjrg7wI86aEe/R6ZDUwTNBrxGLqGwTErhRiQZhBFGOsgqTj/wwAWDijBcYFCvcAAAAASUVORK5CYII=</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Windows .NET Runtime</a:Name><a:ParentId>GE.EI</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Not Applicable</b:Value></a:AttributeValues><a:DisplayName>Authenticates Itself</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>authenticatesItself</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Code</b:Value></a:AttributeValues><a:DisplayName>Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>type</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      Represents the point where an application calls into WinRT.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.EI.TMCore.WinRT</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAALEwAACxMBAJqcGAAAANBJREFUOE9j+P//P1UwVkFyMJhgNPX+jwW/B2J5dA24MJhAMwCOmc19LgJpfnRN2DCYQDeADGxPFYN0I7J8aG+QgGPYHdWglJ0wvkVi0SJWC7/PyGpgGK9B6W2TM4Fy2iDDAkqau4BsJb+ixg5savEaxGTm8wFI64MMA2IpEBsYix+R1cAwwTASdY1MB8mDMLdt0FRsakAYr0FQ74BdAsJAtjpymCFjQoG9Ekjrg7wI86aEe/R6ZDUwTNBrxGLqGwTErhRiQZhBFGOsgqTj/wwAWDijBcYFCvcAAAAASUVORK5CYII=</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Windows RT Runtime</a:Name><a:ParentId>GE.EI</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
          A representation of a Cloud Storage.
        </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DS.TMCore.CloudStorage</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOwwAADsMBx2+oZAAAAXRJREFUOE+NkztLA0EUhVcFg4U2goUgWKxVKnGNqKCBKBYGZBVUkO1iEfHR+0ZSCoKNIGIjwR+ghb2Vv8DeVlDBLiYZ7zfM6OyyPorD5J57zpndvTeeUioVLcOzgeBFoBxQB64uZrJAJGi25oofQbRVnVnfPeWkhndDXNOlaerbEN/cPyxJzxf0cVLDC16tzw1odoyHz9zWXVh+5BQ+Y/sGGZ6ECyxnzbeQe2dXq1JzW86crlkju1g+QCuoUGOuQLSPzr0L0WWFwq0ZoZTfAYfn1QCt6VUQ1o057wr9sLSTFiDgtfImpE6AKpS3TxKi3wI08NDTAUPRJu8eE/wVYPuejKThjiUp+CmgbaT4htezYxGwZXy4XkHNcC5qGOUMBXpD8ZLmmy1rQA6ubPRH+8eM6mup+H10cU24ngxaPHjtI7FtU4JpAV+5Z2C+dGcDjJgRsxto0OJJ/y8YZNnMzsmFJ/mtxWlIJR1MCMYSXAyp5P+hvE94cVhHBmDVoQAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Cloud Storage</a:Name><a:ParentId>GE.DS</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>SQL Relational Database</b:Value></a:AttributeValues><a:DisplayName>Store Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>storeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of a SQL Database.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DS.TMCore.SQL</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAASJJREFUOE99kj1Ow0AQhQ2IjsJHSA7Bj4SJZCmpiNLQUSJRIwpQOAItSgvKDXIe6lyAAgkoyPA+s2vtrr2O9Ekz895MdrxbmFmxd3y5FB9iJ6wH6uhL/CE0I9j+yXx3NLnaXtw+vKZQR8eHPx1gGJRMxbkY9UB9ig+/fvEAx694F6wD10FMHb3xdgZwzMOzxafi7DdAx0feGTBe3DwrqcVsAPRR7wBHtEJoSmBYm2dX8AbFlfjydQd51Q7IrOCbw8aUanAF3f230yI4Le8CfXAFH4fgk1Y7/7+pbwXVm+O7R0beNituXi8UfpJIVyhdHTZucNQMfOk6t8LB6fzH52IjomZ0f5+8984tPL683YUNKeh+QI7yabW+T07S/DN1Myv/AMyfAkxuIUzjAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>SQL Database</a:Name><a:ParentId>GE.DS</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Non Relational Database</b:Value></a:AttributeValues><a:DisplayName>Store Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>storeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of a non-relational database.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DS.TMCore.NoSQL</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAQtJREFUOE99krFKA0EQhs8EO4t7hOQhokLOQCBWOa6xsxSsQ4qE+Ai2kjYhr5XaF7AQ1MKM88nOsdnb3YMPdv7/37md2ytEpLgYzTfKh3JSJAI6/oa8D5sxpHddn64mD+93z6tdCDo+OfJhAyGgxUwZK4MI6DNy5PU5b+D4VY4K48Cjt0bH/892GnDMy9vmU9fJb4BPjrrTYNg8vWoxVe4z4A+iDRxnI/ihAJq1dXIEC+i6Ur5Md1BXbYPECLbZ3xhSZUfQu/92Xgf+C/zsCLbOkRxB9fb4vm6YV7g3U4QjlE7Pwpeepkbo39Q/VsfAt/vkf+/cwvptv4htNPCtQYryZXtYhiehRheR8g/o7QMp4dB2sAAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Non Relational Database</a:Name><a:ParentId>GE.DS</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>NTFS</b:Value><b:Value>ExFAT</b:Value><b:Value>FAT</b:Value><b:Value>ReFS</b:Value><b:Value>IFS</b:Value><b:Value>UDF</b:Value><b:Value>Other</b:Value></a:AttributeValues><a:DisplayName>File System Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>fsType</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>File System</b:Value></a:AttributeValues><a:DisplayName>Store Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>storeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of a file system.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DS.TMCore.FS</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAASFJREFUOE9j+P//PwOjqfd/InE8SD0yJtUAEEYxBMUAIHDFhZEMQDEE3QC4yegYSTOKISiSMMXYMJJGZKyPIomsASp+GYiLoHwM76gEpnhiNQDIPgfEZ5nMfH6zWfo/ArIfA3EbkjxYvW5Elg9WA/jsQ66B+OxW/m+ZzX1+gthA27ph8jD1WA0A0seAmr5zWge+LZs0L9sqqXgui7nvdyB+CZS7TNAAoIYufofQ20ANXwSdwhoFHMO2Ag38LeoaecYysXgSQQOAWBZo+xMQHxgGf4D0PxBbyT9pBVBOHlk9zjAASizWj8xeAwpEcbfoc0D+ervUskKYPEEDgFgViNWEnSOuAp3dCWSrA7E4VI4oA2DYDIhl0cRwG0AqpoIBWT4AXz0GcRbZcbEAAAAASUVORK5CYII=</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>File System</a:Name><a:ParentId>GE.DS</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Registry</b:Value></a:AttributeValues><a:DisplayName>Store Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>storeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of a Registry.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DS.TMCore.Registry</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAZxJREFUOE+Vkr1LQlEYxm9lSyFlUEuEEEFDxJ3KOxSSUEFqYoVJECoEQYt97eocqHO0VNgm0hC4hBQ0BEUNLUFQTbVV9Afcnudwj5x7uUENv3vPed6Pc877vpppmoKWsbAOaiAotb8gPgjKAbN/bvW0dTzyiXUJdDmd3RDBbYHI1275YAfCSKXeSHLfbswXnM5uaP5ouszTEfSKf8wTiF5wT90twEkzgRNnAmgpEFM1oqXzxXD3VOJJDe6cXHinbgX6QUOxs9DN+vDjBYaR2T6iw2hyo3r98DhLHfusVVShD4RTV1yDDyBuo15nEEyDYeCBgzi1YyL+ZhWYup4plHIo8LeVqKYmsEEHPuXw7HwJe59i62WnrAT2IBXpgCe84N8cLqxj8llEikGQlU6WJhwUOFwsoE2nY4kZvcHFOtZ3QP8lgSvCcau4v4kgvSe0fIsCXf47gcUz/75Q4oYJWHkWUbHb4OzsHVfXNaUlgqH42gkTAB/ngf1X7YQzA7sBvFoFLembWblnIvYYIvsti+nhXt5GngqNMwO7qf0AFBEVY8ZCOLAAAAAASUVORK5CYII=</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Registry Hive</a:Name><a:ParentId>GE.DS</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Configuration</b:Value></a:AttributeValues><a:DisplayName>Store Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>storeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A configuration file, this includes XML, INI, and INF files.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DS.TMCore.ConfigFile</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAZxJREFUOE+Vkr1LQlEYxm9lSyFlUEuEEEFDxJ3KOxSSUEFqYoVJECoEQYt97eocqHO0VNgm0hC4hBQ0BEUNLUFQTbVV9Afcnudwj5x7uUENv3vPed6Pc877vpppmoKWsbAOaiAotb8gPgjKAbN/bvW0dTzyiXUJdDmd3RDBbYHI1275YAfCSKXeSHLfbswXnM5uaP5ouszTEfSKf8wTiF5wT90twEkzgRNnAmgpEFM1oqXzxXD3VOJJDe6cXHinbgX6QUOxs9DN+vDjBYaR2T6iw2hyo3r98DhLHfusVVShD4RTV1yDDyBuo15nEEyDYeCBgzi1YyL+ZhWYup4plHIo8LeVqKYmsEEHPuXw7HwJe59i62WnrAT2IBXpgCe84N8cLqxj8llEikGQlU6WJhwUOFwsoE2nY4kZvcHFOtZ3QP8lgSvCcau4v4kgvSe0fIsCXf47gcUz/75Q4oYJWHkWUbHb4OzsHVfXNaUlgqH42gkTAB/ngf1X7YQzA7sBvFoFLembWblnIvYYIvsti+nhXt5GngqNMwO7qf0AFBEVY8ZCOLAAAAAASUVORK5CYII=</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Configuration File</a:Name><a:ParentId>GE.DS</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Cache</b:Value></a:AttributeValues><a:DisplayName>Store Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>storeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of a local data cache.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DS.TMCore.Cache</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAF1JREFUOE9j+P//PxwzmnrPB+L/BPB5IOaH6SFVMxgzmflcANJgQ0jWDMMwQ8jSDMMgQ0Au0AZiVzKxBcgFWE0nFoMNcM6smoaPxoZhcpS7AIu/SMKjYTAMwsD7PwDo1eAuODnTegAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Cache</a:Name><a:ParentId>GE.DS</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>HTML5 Storage</b:Value></a:AttributeValues><a:DisplayName>Store Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>storeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of HTML5 local storage.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DS.TMCore.HTML5LS</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAS1JREFUOE9j+P//P0UYqyApGEOA0dSbH4jtQTSaOEhMHlkMhFE4QAX6QPweiP+zWfoXoon/h+J4ZD3ImvORFP03TyhMgcm5ZFVpsVr4fUaSnw/EYBfCnAwSAEuCFHYvXpsOlBSFGQDEHEt37I8QcAy7A1PHZOZzAUjLM0AZYEExt6gLZ6/f8QFq4EXSDDcEiC10I7LWIhnygQHZac6ZVQ1ARSxImjBwRvsUf2Q9DO0LVqWg+a8em0YQBsr5g2yFqQ0oae4CSfCCnI3sPyCej0VzPEweKZykYApYjl++7gIKA5giIM5H0gyPRm7boBcgVwPFweEEtwGIQX43gQUStmgEWXDyyk13oBg8kJENgGF1IHYFYpRoBGJHIDYBYpRAhjPIxVgFScFYBYnH/xkAObxzbhFjTVgAAAAASUVORK5CYII=</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>HTML5 Local Storage</a:Name><a:ParentId>GE.DS</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>HTTPOnly</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>HTTPOnly</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Cookie</b:Value></a:AttributeValues><a:DisplayName>Store Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>storeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of cookie storage.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DS.TMCore.Cookie</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAGFJREFUOE9jYDT1/k8JBhvgnFk1rWTCnGJSMdwA1+zqsP///wuSiuEG6EZk+QAF0L1jj0UMQw6nATAxIHbFgkEuIM4AZDEkjN0FQIxhC5oYihyGASA2Eh4NgxEWBuRj7/8An7gYjzKNJXgAAAAASUVORK5CYII=</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Cookies</a:Name><a:ParentId>GE.DS</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>GPS</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>GPS</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Contacts</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>Contacts</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Calendar Events</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>Calendar</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>SMS messages</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>SMSmessages</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Cached Credentials</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>Creds</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Enterprise Data</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>Enterprise</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Messaging Data (Mail, IM, SMS)</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>e-mail</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>SIM Storage</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>SIM</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Other Data</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>misc</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Device</b:Value></a:AttributeValues><a:DisplayName>Store Type</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>storeType</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of device local storage.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DS.TMCore.Device</a:Id><a:ImageLocation>Lower right of stencil</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAKpJREFUOE9j+P//P0UYzmA09bYH4v9E4noMAzisA7ZgUYgVM5v7fEQxACgoj66ICBwPNwBo+2QsCvBidiv/K2ADgBx+kJPQFRCJ7Rk4rQOTsEgQhblsApcysJj7PsImSSwGeQGrBLEYbIBzZtW0kglziknFcANcs6vDQLRuRJYPOg0MaUF0jKwGbABUoStUAToNT2xIGCwHN4ASDDONbIzuNJIxVkHi8X8GAIAQEkmTSFVLAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Device</a:Name><a:ParentId>GE.DS</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Source Authenticated</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>authenticatesSource</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Destination Authenticated</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>authenticatesDestination</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Provides Confidentiality</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>providesConfidentiality</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value></a:AttributeValues><a:DisplayName>Provides Integrity</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>providesIntegrity</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an HTTP data flow.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DF.TMCore.HTTP</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAADhJREFUOE9jYDT1/k8JHjWAWgaAAIwmBWA1AEQTw4bRcANgAF0hNjYMgPhkuwCGqWMAJXjUAO//APzi2/y5tNUIAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>HTTP</a:Name><a:ParentId>GE.DF</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Destination Authenticated</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>authenticatesDestination</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Provides Confidentiality</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>providesConfidentiality</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Provides Integrity</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>providesIntegrity</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an HTTPS data flow.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DF.TMCore.HTTPS</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAP9JREFUOE+10s1mQ0EYxvFECCGr3EcI0dBVKeFw6B1kFULpKqvSVSkl5A5yE9lmFbINJWSVVbZZhRBKmf6f8U5NT9pptbL4OWfmvO8zH06pfJG7/zh7wAzX6GCIFT7VpALWqDrnSoHGeLbvXirgMWp8wAKZjSfwdamApyhgbnNvuEQdW82lApZRwBVebX5kc/4oqQDxW7aGNkZo2riPkwDd8tTete1aCCji21h1xYAXNHAP38yzC61WiZqbOOAjYIM9dK67qDDDEarZQf/FErpMv2gI0HZaGBSaw8V9KwRIL2rO8WOzhAAV1635xsYnxV+Jd6CLusWvmyUO+IPcvQN8C4wQAsHzwgAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>HTTPS</a:Name><a:ParentId>GE.DF</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an Binary data flow.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DF.TMCore.Binary</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAGNJREFUOE9jYDT1/k8JhhnwGYjnAPEHKB8fBqkBqQXpgRswGYhB7BYoHx8GqQGpBelBccFMIH4L5ePDIDUgtSguIBtT3wAgYMCH0dVT3wBSMfUNQHcyOkZXPxwNIBVTaID3fwAn5sGwmvgmbgAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Binary</a:Name><a:ParentId>GE.DF</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Source Authenticated</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>authenticatesSource</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Destination Authenticated</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>authenticatesDestination</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Provides Confidentiality</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>providesConfidentiality</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Provides Integrity</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Static</a:Mode><a:Name>providesIntegrity</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an IPsec data flow.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DF.TMCore.IPsec</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAPtJREFUOE+l0kFnA0EYxvGtUErIqdeeeiqlRG6lp5xCv0S+wVKW0lPJKacSSk79BqWUEHIKJZR8j5xKCWH6f9a8a2ynnWUPv8g7mecxO5vMOddK+XE0GP1liCU+MMUlqt9TBRfYwwU0Fyj3pAoeYMFHXOPdz2MkC+5hBTd+rYM1vnCWKujDClY4htbv/FqRKhA7smyg8NbP81iBbvnWf9exv2EFdXms4Ao7TGDhBeY4+Fl0im5YcI4e9IqeYBv1CCfQnlPof6G70WWWWSvI8YlnhGG7uKiwQF5g4Tf8G5awQJv1bhV+9fOvQF39BLqoGRqFpSpoI7rYnMt+APCSd3DankzjAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>IPsec</a:Name><a:ParentId>GE.DF</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of a named pipe data flow.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DF.TMCore.NamedPipe</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAKxJREFUOE9jYDT1rgDin0D8HwueD8QgNfxAfBIqhowvgSS/AfFtIJ6JAzsBMS5DwAaAGEuBGMTGh0EGHANisgzApploA7BpLoWKwQ2YBsToGkEYm78zgRgkxwPEM0EMfAZwAvFeIEbXDMPMIAKfASAMMwRdcxQQE2UALrwFiKeBGJQYQDAQ8eHBYcA9EIMSAx6CGJ+B+BUQnyERfwBisBdCgPgwVJAUDEwb3vYAyzfmxSXYv1YAAAAASUVORK5CYII=</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Named Pipe</a:Name><a:ParentId>GE.DF</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of a SMBv1 or SMBv2 data flow.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DF.TMCore.SMB</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEhJREFUOE/NzLENACAMA8EwFFNk/3kCpotc2VBg6eTuY8ysGyewF463AbyCAo4WwCso4GgBvIICjhbAKyjgaAG8ggKOjwK+rAUpwkqHruWEswAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>SMB</a:Name><a:ParentId>GE.DF</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an RPC or Distributed COM (DCOM) data flow.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DF.TMCore.RPC</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAG5JREFUOE+VjMENwDAIA5OhOkX3n4eqSK4cakfhEeQ7E0ZE5JvXHe8Dn7rWsnKtZTD79oGa7bJyKttl5cDsbcEerNwnIWpmVk5+4sys3CJrWVk5W4CdB28PuMycQxW7zJxDFWDnwfbAqWst/12MB+3XXGPkZTU+AAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>RPC or DCOM</a:Name><a:ParentId>GE.DF</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A representation of an (Advanced) Local Procedure Call data flow.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DF.TMCore.ALPC</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEtJREFUOE9j+P//P1bMaOr9Hx2jqwFhDAEYHngDYBiXRhjGKoiMR5IBIIWkYmwGgGh0jFN8OBkA4qBhbGJYxbEagMNQrOIUGuD9HwBIkRfD8QF9EgAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>ALPC</a:Name><a:ParentId>GE.DF</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      User Data Protocol Transport.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DF.TMCore.UDP</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEtJREFUOE9j+P//P1bMaOr9Hx2jqwFhDAEYHngDYBiXRhjGKoiMR5IBIIWkYmwGgGh0jFN8OBkA4qBhbGJYxbEagMNQrOIUGuD9HwBIkRfD8QF9EgAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>UDP</a:Name><a:ParentId>GE.DF</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      An interface for an application to communicate to a device driver.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.DF.TMCore.IOCTL</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEjHnZZ3VFTXFofPvXd6oc0wAlKG3rvAANJ7k15FYZgZYCgDDjM0sSGiAhFFRJoiSFDEgNFQJFZEsRAUVLAHJAgoMRhFVCxvRtaLrqy89/Ly++Osb+2z97n77L3PWhcAkqcvl5cGSwGQyhPwgzyc6RGRUXTsAIABHmCAKQBMVka6X7B7CBDJy82FniFyAl8EAfB6WLwCcNPQM4BOB/+fpFnpfIHomAARm7M5GSwRF4g4JUuQLrbPipgalyxmGCVmvihBEcuJOWGRDT77LLKjmNmpPLaIxTmns1PZYu4V8bZMIUfEiK+ICzO5nCwR3xKxRoowlSviN+LYVA4zAwAUSWwXcFiJIjYRMYkfEuQi4uUA4EgJX3HcVyzgZAvEl3JJS8/hcxMSBXQdli7d1NqaQffkZKVwBALDACYrmcln013SUtOZvBwAFu/8WTLi2tJFRbY0tba0NDQzMv2qUP91829K3NtFehn4uWcQrf+L7a/80hoAYMyJarPziy2uCoDOLQDI3fti0zgAgKSobx3Xv7oPTTwviQJBuo2xcVZWlhGXwzISF/QP/U+Hv6GvvmckPu6P8tBdOfFMYYqALq4bKy0lTcinZ6QzWRy64Z+H+B8H/nUeBkGceA6fwxNFhImmjMtLELWbx+YKuGk8Opf3n5r4D8P+pMW5FonS+BFQY4yA1HUqQH7tBygKESDR+8Vd/6NvvvgwIH554SqTi3P/7zf9Z8Gl4iWDm/A5ziUohM4S8jMX98TPEqABAUgCKpAHykAd6ABDYAasgC1wBG7AG/iDEBAJVgMWSASpgA+yQB7YBApBMdgJ9oBqUAcaQTNoBcdBJzgFzoNL4Bq4AW6D+2AUTIBnYBa8BgsQBGEhMkSB5CEVSBPSh8wgBmQPuUG+UBAUCcVCCRAPEkJ50GaoGCqDqqF6qBn6HjoJnYeuQIPQXWgMmoZ+h97BCEyCqbASrAUbwwzYCfaBQ+BVcAK8Bs6FC+AdcCXcAB+FO+Dz8DX4NjwKP4PnEIAQERqiihgiDMQF8UeikHiEj6xHipAKpAFpRbqRPuQmMorMIG9RGBQFRUcZomxRnqhQFAu1BrUeVYKqRh1GdaB6UTdRY6hZ1Ec0Ga2I1kfboL3QEegEdBa6EF2BbkK3oy+ib6Mn0K8xGAwNo42xwnhiIjFJmLWYEsw+TBvmHGYQM46Zw2Kx8lh9rB3WH8vECrCF2CrsUexZ7BB2AvsGR8Sp4Mxw7rgoHA+Xj6vAHcGdwQ3hJnELeCm8Jt4G749n43PwpfhGfDf+On4Cv0CQJmgT7AghhCTCJkIloZVwkfCA8JJIJKoRrYmBRC5xI7GSeIx4mThGfEuSIemRXEjRJCFpB+kQ6RzpLuklmUzWIjuSo8gC8g5yM/kC+RH5jQRFwkjCS4ItsUGiRqJDYkjiuSReUlPSSXK1ZK5kheQJyeuSM1J4KS0pFymm1HqpGqmTUiNSc9IUaVNpf+lU6RLpI9JXpKdksDJaMm4ybJkCmYMyF2TGKQhFneJCYVE2UxopFykTVAxVm+pFTaIWU7+jDlBnZWVkl8mGyWbL1sielh2lITQtmhcthVZKO04bpr1borTEaQlnyfYlrUuGlszLLZVzlOPIFcm1yd2WeydPl3eTT5bfJd8p/1ABpaCnEKiQpbBf4aLCzFLqUtulrKVFS48vvacIK+opBimuVTyo2K84p6Ss5KGUrlSldEFpRpmm7KicpFyufEZ5WoWiYq/CVSlXOavylC5Ld6Kn0CvpvfRZVUVVT1Whar3qgOqCmrZaqFq+WpvaQ3WCOkM9Xr1cvUd9VkNFw08jT6NF454mXpOhmai5V7NPc15LWytca6tWp9aUtpy2l3audov2Ax2yjoPOGp0GnVu6GF2GbrLuPt0berCehV6iXo3edX1Y31Kfq79Pf9AAbWBtwDNoMBgxJBk6GWYathiOGdGMfI3yjTqNnhtrGEcZ7zLuM/5oYmGSYtJoct9UxtTbNN+02/R3Mz0zllmN2S1zsrm7+QbzLvMXy/SXcZbtX3bHgmLhZ7HVosfig6WVJd+y1XLaSsMq1qrWaoRBZQQwShiXrdHWztYbrE9Zv7WxtBHYHLf5zdbQNtn2iO3Ucu3lnOWNy8ft1OyYdvV2o/Z0+1j7A/ajDqoOTIcGh8eO6o5sxybHSSddpySno07PnU2c+c7tzvMuNi7rXM65Iq4erkWuA24ybqFu1W6P3NXcE9xb3Gc9LDzWepzzRHv6eO7yHPFS8mJ5NXvNelt5r/Pu9SH5BPtU+zz21fPl+3b7wX7efrv9HqzQXMFb0ekP/L38d/s/DNAOWBPwYyAmMCCwJvBJkGlQXlBfMCU4JvhI8OsQ55DSkPuhOqHC0J4wybDosOaw+XDX8LLw0QjjiHUR1yIVIrmRXVHYqLCopqi5lW4r96yciLaILoweXqW9KnvVldUKq1NWn46RjGHGnIhFx4bHHol9z/RnNjDn4rziauNmWS6svaxnbEd2OXuaY8cp40zG28WXxU8l2CXsTphOdEisSJzhunCruS+SPJPqkuaT/ZMPJX9KCU9pS8Wlxqae5Mnwknm9acpp2WmD6frphemja2zW7Fkzy/fhN2VAGasyugRU0c9Uv1BHuEU4lmmfWZP5Jiss60S2dDYvuz9HL2d7zmSue+63a1FrWWt78lTzNuWNrXNaV78eWh+3vmeD+oaCDRMbPTYe3kTYlLzpp3yT/LL8V5vDN3cXKBVsLBjf4rGlpVCikF84stV2a9021DbutoHt5turtn8sYhddLTYprih+X8IqufqN6TeV33zaEb9joNSydP9OzE7ezuFdDrsOl0mX5ZaN7/bb3VFOLy8qf7UnZs+VimUVdXsJe4V7Ryt9K7uqNKp2Vr2vTqy+XeNc01arWLu9dn4fe9/Qfsf9rXVKdcV17w5wD9yp96jvaNBqqDiIOZh58EljWGPft4xvm5sUmoqbPhziHRo9HHS4t9mqufmI4pHSFrhF2DJ9NProje9cv+tqNWytb6O1FR8Dx4THnn4f+/3wcZ/jPScYJ1p/0Pyhtp3SXtQBdeR0zHYmdo52RXYNnvQ+2dNt293+o9GPh06pnqo5LXu69AzhTMGZT2dzz86dSz83cz7h/HhPTM/9CxEXbvUG9g5c9Ll4+ZL7pQt9Tn1nL9tdPnXF5srJq4yrndcsr3X0W/S3/2TxU/uA5UDHdavrXTesb3QPLh88M+QwdP6m681Lt7xuXbu94vbgcOjwnZHokdE77DtTd1PuvriXeW/h/sYH6AdFD6UeVjxSfNTws+7PbaOWo6fHXMf6Hwc/vj/OGn/2S8Yv7ycKnpCfVEyqTDZPmU2dmnafvvF05dOJZ+nPFmYKf5X+tfa5zvMffnP8rX82YnbiBf/Fp99LXsq/PPRq2aueuYC5R69TXy/MF72Rf3P4LeNt37vwd5MLWe+x7ys/6H7o/ujz8cGn1E+f/gUDmPP8usTo0wAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAEtJREFUOE9j+P//P1bMaOr9Hx2jqwFhDAEYHngDYBiXRhjGKoiMR5IBIIWkYmwGgGh0jFN8OBkA4qBhbGJYxbEagMNQrOIUGuD9HwBIkRfD8QF9EgAAAABJRU5ErkJggg==</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>IOCTL Interface</a:Name><a:ParentId>GE.DF</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      An arc representation of an Internet trust boundary.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.TB.L.TMCore.Internet</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAZdEVYdFNvZnR3YXJlAEFkb2JlIEltYWdlUmVhZHlxyWU8AAABX0lEQVQ4T2NgNPXGh/mhGJscGCNzQArtgVgfxmcy87kAwlA5ZLVwDGOAFQPp/1Dcj8zHZwiY4LUPdgLSMM0YmM8+5JaAY5gRkI3dAJuUUlsgjVUzCM/ZuDPg////vEA2dgNAkqpBKTuBbKwGRNV0iQNpmCZQGMG9AxPk57IJvA6ksRrAYu67EEjLA7E+s7nPReQwAWtGC0CiMMwQkPNZ5H0TtqArIIRBAWueUCgM9gLQEG1QGHDbBr1YuftQDJDvapFYtAhdEwwDY+TO8cvXXUCWw8IAbMjCrXtDgDQHlK8E04CO1YPTVoA0A9nwQIQZAtYMxaBAw2oAFINSLaoBSFgfGEgPgDQ2jWAs5hZVCaSxGwB0Ca+iX9I2IBusGORn3YistTA+q4Xf59KJcy1BarEaAMJAQ8ABixRg6omN/fWgwF26Y38EzLsghfiwNhBbADELlC8KxEpAzAHh/2cAANCSU7ngF2KpAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Internet Boundary</a:Name><a:ParentId>GE.TB.L</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      An arc representation of a machine trust boundary.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.TB.L.TMCore.Machine</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAZdEVYdFNvZnR3YXJlAEFkb2JlIEltYWdlUmVhZHlxyWU8AAABX0lEQVQ4T2NgNPXGh/mhGJscGCNzQArtgVgfxmcy87kAwlA5ZLVwDGOAFQPp/1Dcj8zHZwiY4LUPdgLSMM0YmM8+5JaAY5gRkI3dAJuUUlsgjVUzCM/ZuDPg////vEA2dgNAkqpBKTuBbKwGRNV0iQNpmCZQGMG9AxPk57IJvA6ksRrAYu67EEjLA7E+s7nPReQwAWtGC0CiMMwQkPNZ5H0TtqArIIRBAWueUCgM9gLQEG1QGHDbBr1YuftQDJDvapFYtAhdEwwDY+TO8cvXXUCWw8IAbMjCrXtDgDQHlK8E04CO1YPTVoA0A9nwQIQZAtYMxaBAw2oAFINSLaoBSFgfGEgPgDQ2jWAs5hZVCaSxGwB0Ca+iX9I2IBusGORn3YistTA+q4Xf59KJcy1BarEaAMJAQ8ABixRg6omN/fWgwF26Y38EzLsghfiwNhBbADELlC8KxEpAzAHh/2cAANCSU7ngF2KpAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Machine Trust Boundary</a:Name><a:ParentId>GE.TB.L</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A border representation of user-model / kernel-mode separation.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.TB.L.TMCore.Kernel</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAZdEVYdFNvZnR3YXJlAEFkb2JlIEltYWdlUmVhZHlxyWU8AAABX0lEQVQ4T2NgNPXGh/mhGJscGCNzQArtgVgfxmcy87kAwlA5ZLVwDGOAFQPp/1Dcj8zHZwiY4LUPdgLSMM0YmM8+5JaAY5gRkI3dAJuUUlsgjVUzCM/ZuDPg////vEA2dgNAkqpBKTuBbKwGRNV0iQNpmCZQGMG9AxPk57IJvA6ksRrAYu67EEjLA7E+s7nPReQwAWtGC0CiMMwQkPNZ5H0TtqArIIRBAWueUCgM9gLQEG1QGHDbBr1YuftQDJDvapFYtAhdEwwDY+TO8cvXXUCWw8IAbMjCrXtDgDQHlK8E04CO1YPTVoA0A9nwQIQZAtYMxaBAw2oAFINSLaoBSFgfGEgPgDQ2jWAs5hZVCaSxGwB0Ca+iX9I2IBusGORn3YistTA+q4Xf59KJcy1BarEaAMJAQ8ABixRg6omN/fWgwF26Y38EzLsghfiwNhBbADELlC8KxEpAzAHh/2cAANCSU7ngF2KpAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>User mode or Kernel mode Boundary</a:Name><a:ParentId>GE.TB.L</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A border representation for a Window Store AppContainer boundary.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.TB.L.TMCore.AppContainer</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAZdEVYdFNvZnR3YXJlAEFkb2JlIEltYWdlUmVhZHlxyWU8AAABX0lEQVQ4T2NgNPXGh/mhGJscGCNzQArtgVgfxmcy87kAwlA5ZLVwDGOAFQPp/1Dcj8zHZwiY4LUPdgLSMM0YmM8+5JaAY5gRkI3dAJuUUlsgjVUzCM/ZuDPg////vEA2dgNAkqpBKTuBbKwGRNV0iQNpmCZQGMG9AxPk57IJvA6ksRrAYu67EEjLA7E+s7nPReQwAWtGC0CiMMwQkPNZ5H0TtqArIIRBAWueUCgM9gLQEG1QGHDbBr1YuftQDJDvapFYtAhdEwwDY+TO8cvXXUCWw8IAbMjCrXtDgDQHlK8E04CO1YPTVoA0A9nwQIQZAtYMxaBAw2oAFINSLaoBSFgfGEgPgDQ2jWAs5hZVCaSxGwB0Ca+iX9I2IBusGORn3YistTA+q4Xf59KJcy1BarEaAMJAQ8ABixRg6omN/fWgwF26Y38EzLsghfiwNhBbADELlC8KxEpAzAHh/2cAANCSU7ngF2KpAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>AppContainer Boundary</a:Name><a:ParentId>GE.TB.L</a:ParentId><a:Representation>Inherited</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A border representation of a corporate network trust boundary.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.TB.B.TMCore.CorpNet</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>CorpNet Trust Boundary</a:Name><a:ParentId>GE.TB.B</a:ParentId><a:Representation>BorderBoundary</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes/><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      A border representation of a sandbox trust boundary.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.TB.B.TMCore.Sandbox</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Sandbox Trust Boundary Border</a:Name><a:ParentId>GE.TB.B</a:ParentId><a:Representation>BorderBoundary</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Low Integrity Level Sandbox</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>IntegrityLevel</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>App Container Sandbox</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>AppContainer</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>JavaScript Sandbox</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>JavaScript</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Flash Sandbox</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>Flash</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      Describes the types of trust boundaries implemented by Internet Explorer.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.TB.B.TMCore.IEB</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Internet Explorer Boundaries</a:Name><a:ParentId>GE.TB.B</a:ParentId><a:Representation>BorderBoundary</a:Representation><a:Shape i:nil="true"/></a:ElementType><a:ElementType><a:IsExtension>false</a:IsExtension><a:Attributes><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Chrome JavaScript Sandbox</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>ChromeJava</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Chrome Sandbox</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>Chrome</a:Name><a:Type>List</a:Type></a:Attribute><a:Attribute><a:IsExtension>false</a:IsExtension><a:AttributeValues xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.Interfaces"><b:Value>No</b:Value><b:Value>Yes</b:Value></a:AttributeValues><a:DisplayName>Firefox JavaScript Sandbox</a:DisplayName><a:Inheritance>Virtual</a:Inheritance><a:Mode>Dynamic</a:Mode><a:Name>FirefoxJava</a:Name><a:Type>List</a:Type></a:Attribute></a:Attributes><a:AvailableToBaseModels xmlns:b="http://schemas.datacontract.org/2004/07/ThreatModeling.ExternalStorage.OM"/><a:Behavior i:nil="true"/><a:Description>
      Describes the types of trust boundaries implemented by Google Chrome and Firefox.
    </a:Description><a:Hidden>false</a:Hidden><a:Id>SE.TB.B.TMCore.NonIEB</a:Id><a:ImageLocation>Before label</a:ImageLocation><a:ImageSource>iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABGSURBVDhPY/hPIWBQ9Ev6z2jqDccPnr0ESxArzoDMAeEDZy+DFRIrDjeAVDCcDIDyyQajgTioAhGEQekdHx+bGIUGeP8HAJ4fIfJijo6MAAAAAElFTkSuQmCC</a:ImageSource><a:ImageStream i:nil="true"/><a:Name>Other Browsers Boundaries</a:Name><a:ParentId>GE.TB.B</a:ParentId><a:Representation>BorderBoundary</a:Representation><a:Shape i:nil="true"/></a:ElementType></a:StandardElements><a:ThreatCategories><a:ThreatCategory><a:IsExtension>false</a:IsExtension><a:Id>S</a:Id><a:LongDescription/><a:Name>Spoofing</a:Name><a:ShortDescription>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</a:ShortDescription></a:ThreatCategory><a:ThreatCategory><a:IsExtension>false</a:IsExtension><a:Id>T</a:Id><a:LongDescription/><a:Name>Tampering</a:Name><a:ShortDescription>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</a:ShortDescription></a:ThreatCategory><a:ThreatCategory><a:IsExtension>false</a:IsExtension><a:Id>R</a:Id><a:LongDescription/><a:Name>Repudiation</a:Name><a:ShortDescription>Repudiation threats involve an adversary denying that something happened.</a:ShortDescription></a:ThreatCategory><a:ThreatCategory><a:IsExtension>false</a:IsExtension><a:Id>I</a:Id><a:LongDescription/><a:Name>Information Disclosure</a:Name><a:ShortDescription>Information disclosure happens when the information can be read by an unauthorized party.</a:ShortDescription></a:ThreatCategory><a:ThreatCategory><a:IsExtension>false</a:IsExtension><a:Id>D</a:Id><a:LongDescription/><a:Name>Denial Of Service</a:Name><a:ShortDescription>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</a:ShortDescription></a:ThreatCategory><a:ThreatCategory><a:IsExtension>false</a:IsExtension><a:Id>E</a:Id><a:LongDescription/><a:Name>Elevation Of Privilege</a:Name><a:ShortDescription>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</a:ShortDescription></a:ThreatCategory><a:ThreatCategory><a:IsExtension>false</a:IsExtension><a:Id>A</a:Id><a:LongDescription/><a:Name>Abuse</a:Name><a:ShortDescription>Abuse is when a legitimate user violates the terms of use for the system without violating a system security policy.</a:ShortDescription></a:ThreatCategory></a:ThreatCategories><a:ThreatMetaData><IsPriorityUsed>true</IsPriorityUsed><IsStatusUsed>true</IsStatusUsed><PropertiesMetaData><ThreatMetaDatum><Name>Title</Name><Label>Title</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string/></Values><Id>ac0f9ea8-3b39-4ce9-bac2-6787124d7b48</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatCategory</Name><Label>Category</Label><HideFromUI>false</HideFromUI><Values i:nil="true" xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><Id i:nil="true"/></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</b:string><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string><b:string>Repudiation threats involve an adversary denying that something happened.</b:string><b:string>Information disclosure happens when the information can be read by an unauthorized party.</b:string><b:string>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</b:string><b:string>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</b:string><b:string>Abuse is when a legitimate user violates the terms of use for the system without violating a system security policy.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string/></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>StateInformation</Name><Label>Justification</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string/></Values><Id>0406a684-e06e-4643-ba21-0f63104d9131</Id></ThreatMetaDatum><ThreatMetaDatum><Name>InteractionString</Name><Label>Interaction</Label><HideFromUI>false</HideFromUI><Values i:nil="true" xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><Id>d64f8926-f09d-4d67-a86f-fb4ad5036451</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>High</b:string><b:string>Medium</b:string><b:string>Low</b:string></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></PropertiesMetaData></a:ThreatMetaData><a:ThreatTypes><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>S</a:Category><a:Description>Threat was migrated from V3.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'ROOT'</a:Include></a:GenerationFilters><a:Id>SU</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Threat was migrated from V3.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Spoofing (v3)</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>S</a:Category><a:Description>{source.Name} may be spoofed by an attacker and this may lead to unauthorized access to {target.Name}. Consider using a standard authentication mechanism to identify the source process.</a:Description><a:GenerationFilters><a:Exclude>flow.authenticatesSource is 'Yes' or source.implementsAuthenticationScheme is 'Yes'</a:Exclude><a:Include>source is 'GE.P' and (target is 'GE.P' or target is 'GE.DS') and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')</a:Include></a:GenerationFilters><a:Id>S1</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>{source.Name} may be spoofed by an attacker and this may lead to unauthorized access to {target.Name}. Consider using a standard authentication mechanism to identify the source process.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Spoofing the {source.Name} Process</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>S</a:Category><a:Description>{target.Name} may be spoofed by an attacker and this may lead to information disclosure by {source.Name}. Consider using a standard authentication mechanism to identify the destination process.</a:Description><a:GenerationFilters><a:Exclude>flow.authenticatesDestination is 'Yes'</a:Exclude><a:Include>(source is 'GE.P' or source is 'GE.EI' or source is 'GE.DS') and target is 'GE.P' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')</a:Include></a:GenerationFilters><a:Id>S2</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>{target.Name} may be spoofed by an attacker and this may lead to information disclosure by {source.Name}. Consider using a standard authentication mechanism to identify the destination process.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Spoofing the {target.Name} Process</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>S</a:Category><a:Description>{source.Name} may be spoofed by an attacker and this may lead to unauthorized access to {target.Name}. Consider using a standard authentication mechanism to identify the external entity.</a:Description><a:GenerationFilters><a:Exclude>source.authenticatesItself is 'Yes' or flow.authenticatesSource is 'Yes'</a:Exclude><a:Include>source is 'GE.EI' and target is 'GE.P'</a:Include></a:GenerationFilters><a:Id>S3</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>{source.Name} may be spoofed by an attacker and this may lead to unauthorized access to {target.Name}. Consider using a standard authentication mechanism to identify the external entity.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Spoofing the {source.Name} External Entity</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>S</a:Category><a:Description>{source.Name} may be spoofed by an attacker and this may lead to incorrect data delivered to {target.Name}. Consider using a standard authentication mechanism to identify the source data store.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'GE.DS'</a:Include></a:GenerationFilters><a:Id>S7</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>{source.Name} may be spoofed by an attacker and this may lead to incorrect data delivered to {target.Name}. Consider using a standard authentication mechanism to identify the source data store.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Spoofing of Source Data Store {source.Name}</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>S</a:Category><a:Description>{target.Name} may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of {target.Name}. Consider using a standard authentication mechanism to identify the destination data store.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>target is 'GE.DS'</a:Include></a:GenerationFilters><a:Id>S7.1</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>{target.Name} may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of {target.Name}. Consider using a standard authentication mechanism to identify the destination data store.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Spoofing of Destination Data Store {target.Name}</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>S</a:Category><a:Description>{target.Name} may be spoofed by an attacker and this may lead to data being sent to the attacker's target instead of {target.Name}. Consider using a standard authentication mechanism to identify the external entity.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'GE.P' and target is 'GE.EI' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')</a:Include></a:GenerationFilters><a:Id>S8</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>{target.Name} may be spoofed by an attacker and this may lead to data being sent to the attacker's target instead of {target.Name}. Consider using a standard authentication mechanism to identify the external entity.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Spoofing of the {target.Name} External Destination Entity</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>T</a:Category><a:Description>Threat was migrated from V3.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'ROOT'</a:Include></a:GenerationFilters><a:Id>TU</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Threat was migrated from V3.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Tampering (v3)</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>T</a:Category><a:Description>Data flowing across {flow.Name} may be tampered with by an attacker. This may lead to a denial of service attack against {target.Name} or an elevation of privilege attack against {target.Name} or an information disclosure by {target.Name}. Failure to verify that input is as expected is a root cause of a very large number of exploitable issues. Consider all paths and the way they handle data. Verify that all input is verified for correctness using an approved list input validation approach.</a:Description><a:GenerationFilters><a:Exclude>(flow.providesConfidentiality is 'Yes' and flow.providesIntegrity is 'Yes')</a:Exclude><a:Include>(source is 'GE.P' or source is 'GE.EI') and target is 'GE.P' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')</a:Include></a:GenerationFilters><a:Id>T1</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Data flowing across {flow.Name} may be tampered with by an attacker. This may lead to a denial of service attack against {target.Name} or an elevation of privilege attack against {target.Name} or an information disclosure by {target.Name}. Failure to verify that input is as expected is a root cause of a very large number of exploitable issues. Consider all paths and the way they handle data. Verify that all input is verified for correctness using an approved list input validation approach.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Potential Lack of Input Validation for {target.Name}</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>T</a:Category><a:Description>If {source.Name} is given access to memory, such as shared memory or pointers, or is given the ability to control what {target.Name} executes (for example, passing back a function pointer.), then {source.Name} can tamper with {target.Name}. Consider if the function could work with less access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'GE.P' and target is 'GE.P' and target.codeType is 'Unmanaged'</a:Include></a:GenerationFilters><a:Id>T2</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>If {source.Name} is given access to memory, such as shared memory or pointers, or is given the ability to control what {target.Name} executes (for example, passing back a function pointer.), then {source.Name} can tamper with {target.Name}. Consider if the function could work with less access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>{source.Name} Process Memory Tampered</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>T</a:Category><a:Description>Packets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways. Implement or utilize an existing communication protocol that supports anti-replay techniques (investigate sequence numbers before timers) and strong integrity.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'GE.P' and target is 'GE.P' and source.implementsCommunicationProtocol is 'Yes'</a:Include></a:GenerationFilters><a:Id>T3</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Packets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways. Implement or utilize an existing communication protocol that supports anti-replay techniques (investigate sequence numbers before timers) and strong integrity.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Replay Attacks</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>T</a:Category><a:Description>Attackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before filtering it, and ensure you explicitly handle these sorts of cases.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'GE.P' and target is 'GE.P' and source.implementsCommunicationProtocol is 'Yes'</a:Include></a:GenerationFilters><a:Id>T4</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Attackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before filtering it, and ensure you explicitly handle these sorts of cases.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Collision Attacks</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>T</a:Category><a:Description>Log readers can come under attack via log files. Consider ways to canonicalize data in all logs. Implement a single reader for the logs, if possible, in order to reduce attack surface area. Be sure to understand and document log file elements which come from untrusted sources.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>(source is 'GE.P' and target is 'GE.DS' and target.storesLogData is 'Yes') or (target is 'GE.P' and source is 'GE.DS' and source.storesLogData is 'Yes')</a:Include></a:GenerationFilters><a:Id>T5</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Log readers can come under attack via log files. Consider ways to canonicalize data in all logs. Implement a single reader for the logs, if possible, in order to reduce attack surface area. Be sure to understand and document log file elements which come from untrusted sources.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Risks from Logging</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>T</a:Category><a:Description>An attacker can read or modify data transmitted over an authenticated dataflow.</a:Description><a:GenerationFilters><a:Exclude>(flow.providesConfidentiality is 'Yes' and flow.providesIntegrity is 'Yes')</a:Exclude><a:Include>(flow.authenticatesSource is 'Yes' or flow.authenticatesDestination is 'Yes')</a:Include></a:GenerationFilters><a:Id>T6</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>An attacker can read or modify data transmitted over an authenticated dataflow.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Authenticated Data Flow Compromised</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>T</a:Category><a:Description>SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>
        (target is 'SE.DS.TMCore.SQL' and source is 'GE.P')
      </a:Include></a:GenerationFilters><a:Id>T7</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Potential SQL Injection Vulnerability for {target.Name}</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>T</a:Category><a:Description>SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>
        (target is 'SE.DS.TMCore.SQL' and source is 'GE.EI')
      </a:Include></a:GenerationFilters><a:Id>T8</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Possible SQL Injection Vulnerability for {target.Name}</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>T</a:Category><a:Description>If a dataflow contains XML, XML processing threats (DTD and XSLT code execution) may be exploited.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>(flow.XMLenc is 'Yes' and target is 'GE.P')</a:Include></a:GenerationFilters><a:Id>T11</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>If a dataflow contains XML, XML processing threats (DTD and XSLT code execution) may be exploited.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>XML DTD and XSLT Processing</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>T</a:Category><a:Description>If a dataflow contains JSON, JSON processing and hijacking threats may be exploited.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>((flow is 'SE.DF.TMCore.HTTP' or flow is 'SE.DF.TMCore.HTTPS') and flow.JSON is 'Yes' and target is 'GE.P')</a:Include></a:GenerationFilters><a:Id>T12</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>If a dataflow contains JSON, JSON processing and hijacking threats may be exploited.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>JavaScript Object Notation Processing</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>T</a:Category><a:Description>The web server '{target.Name}' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.</a:Description><a:GenerationFilters><a:Exclude>(target.hasOutputSanitizers is 'Yes') and (target.hasInputSanitizers is 'Yes')</a:Exclude><a:Include>(target is 'SE.P.TMCore.WebServer' or target is 'SE.P.TMCore.WebApp')</a:Include></a:GenerationFilters><a:Id>T13.1</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>The web server '{target.Name}' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Cross Site Scripting</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>T</a:Category><a:Description>The web server '{target.Name}' could be a subject to a persistent cross-site scripting attack because it does not sanitize data store '{source.Name}' inputs and output.</a:Description><a:GenerationFilters><a:Exclude>(target.hasOutputSanitizers is 'Yes') and (target.hasInputSanitizers is 'Yes')</a:Exclude><a:Include>(target is 'SE.P.TMCore.WebServer' or target is 'SE.P.TMCore.WebApp') and source is 'GE.DS'</a:Include></a:GenerationFilters><a:Id>T13.2</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>The web server '{target.Name}' could be a subject to a persistent cross-site scripting attack because it does not sanitize data store '{source.Name}' inputs and output.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Persistent Cross Site Scripting</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>T</a:Category><a:Description>Data flowing across {flow.Name} may be tampered with by an attacker. This may lead to corruption of {target.Name}. Ensure the integrity of the data flow to the data store.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>(source is 'GE.P' or source is 'GE.EI') and target is 'GE.DS' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')</a:Include></a:GenerationFilters><a:Id>T18</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Data flowing across {flow.Name} may be tampered with by an attacker. This may lead to corruption of {target.Name}. Ensure the integrity of the data flow to the data store.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>The {target.Name} Data Store Could Be Corrupted</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>R</a:Category><a:Description>Threat was migrated from V3.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'ROOT'</a:Include></a:GenerationFilters><a:Id>RU</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Repudiation threats involve an adversary denying that something happened.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Threat was migrated from V3.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Repudiation (v3)</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>R</a:Category><a:Description>If you have trust levels, is anyone other outside of the highest trust level allowed to log? Letting everyone write to your logs can lead to repudiation problems. Only allow trusted code to log.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>(source is 'GE.P' or source is 'GE.EI') and (target is 'GE.DS') and (target.storesLogData is 'Yes')</a:Include></a:GenerationFilters><a:Id>R1</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Repudiation threats involve an adversary denying that something happened.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>If you have trust levels, is anyone other outside of the highest trust level allowed to log? Letting everyone write to your logs can lead to repudiation problems. Only allow trusted code to log.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Lower Trusted Subject Updates Logs</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>R</a:Category><a:Description>Do you accept logs from unknown or weakly authenticated users or systems? Identify and authenticate the source of the logs before accepting them.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>(source is 'GE.P' or source is 'GE.EI') and (target is 'GE.DS') and (target.storesLogData is 'Yes')</a:Include></a:GenerationFilters><a:Id>R2</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Repudiation threats involve an adversary denying that something happened.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Do you accept logs from unknown or weakly authenticated users or systems? Identify and authenticate the source of the logs before accepting them.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Data Logs from an Unknown Source</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>R</a:Category><a:Description>Does the log capture enough data to understand what happened in the past? Do your logs capture enough data to understand an incident after the fact? Is such capture lightweight enough to be left on all the time? Do you have enough data to deal with repudiation claims? Make sure you log sufficient and appropriate data to handle a repudiation claims. You might want to talk to an audit expert as well as a privacy expert about your choice of data.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'GE.P' and target is 'GE.DS' and target.storesLogData is 'Yes'</a:Include></a:GenerationFilters><a:Id>R3</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Repudiation threats involve an adversary denying that something happened.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Does the log capture enough data to understand what happened in the past? Do your logs capture enough data to understand an incident after the fact? Is such capture lightweight enough to be left on all the time? Do you have enough data to deal with repudiation claims? Make sure you log sufficient and appropriate data to handle a repudiation claims. You might want to talk to an audit expert as well as a privacy expert about your choice of data.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Insufficient Auditing</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>R</a:Category><a:Description>Consider what happens when the audit mechanism comes under attack, including attempts to destroy the logs, or attack log analysis programs. Ensure access to the log is through a reference monitor, which controls read and write separately. Document what filters, if any, readers can rely on, or writers should expect</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'GE.P' and target is 'GE.DS' and target.storesLogData is 'Yes'</a:Include></a:GenerationFilters><a:Id>R4</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Repudiation threats involve an adversary denying that something happened.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Consider what happens when the audit mechanism comes under attack, including attempts to destroy the logs, or attack log analysis programs. Ensure access to the log is through a reference monitor, which controls read and write separately. Document what filters, if any, readers can rely on, or writers should expect</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Potential Weak Protections for Audit Data</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>R</a:Category><a:Description>{target.Name} claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>target is 'GE.P' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')</a:Include></a:GenerationFilters><a:Id>R6</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Repudiation threats involve an adversary denying that something happened.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>{target.Name} claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Potential Data Repudiation by {target.Name}</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>R</a:Category><a:Description>{target.Name} claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>target is 'GE.EI' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')</a:Include></a:GenerationFilters><a:Id>R7</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Repudiation threats involve an adversary denying that something happened.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>{target.Name} claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>External Entity {target.Name} Potentially Denies Receiving Data</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>R</a:Category><a:Description>{target.Name} claims that it did not write data received from an entity on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>target is 'GE.DS' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')</a:Include></a:GenerationFilters><a:Id>R8</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Repudiation threats involve an adversary denying that something happened.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>{target.Name} claims that it did not write data received from an entity on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Data Store Denies {target.Name} Potentially Writing Data</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>I</a:Category><a:Description>Threat was migrated from V3.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'ROOT'</a:Include></a:GenerationFilters><a:Id>IU</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Information disclosure happens when the information can be read by an unauthorized party.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Threat was migrated from V3.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Information Disclosure (v3)</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>I</a:Category><a:Description>Can you access {target.Name} and bypass the permissions for the object? For example by editing the files directly with a hex editor, or reaching it via filesharing? Ensure that your program is the only one that can access the data, and that all other subjects have to use your interface.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'GE.P' and target is 'GE.DS' and source.implementsCustomAuthorizationMechanism is 'Yes'</a:Include></a:GenerationFilters><a:Id>I2</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Information disclosure happens when the information can be read by an unauthorized party.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Can you access {target.Name} and bypass the permissions for the object? For example by editing the files directly with a hex editor, or reaching it via filesharing? Ensure that your program is the only one that can access the data, and that all other subjects have to use your interface.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Authorization Bypass</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>I</a:Category><a:Description>Data flowing across {flow.Name} may be sniffed by an attacker. Depending on what type of data an attacker can read, it may be used to attack other parts of the system or simply be a disclosure of information leading to compliance violations. Consider encrypting the data flow.</a:Description><a:GenerationFilters><a:Exclude>flow.providesConfidentiality is 'Yes'</a:Exclude><a:Include>((source is 'GE.P' or source is 'GE.EI') and target is 'GE.P' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')) or (source is 'GE.P' and target is 'GE.DS' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B'))</a:Include></a:GenerationFilters><a:Id>I6</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Information disclosure happens when the information can be read by an unauthorized party.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Data flowing across {flow.Name} may be sniffed by an attacker. Depending on what type of data an attacker can read, it may be used to attack other parts of the system or simply be a disclosure of information leading to compliance violations. Consider encrypting the data flow.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Data Flow Sniffing</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>I</a:Category><a:Description>Improper data protection of {source.name} can allow an attacker to read information not intended for disclosure. Review authorization settings.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'GE.DS' and (target is 'GE.P' or target is 'GE.EI')</a:Include></a:GenerationFilters><a:Id>I23</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Information disclosure happens when the information can be read by an unauthorized party.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Improper data protection of {source.name} can allow an attacker to read information not intended for disclosure. Review authorization settings.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Weak Access Control for a Resource</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>I</a:Category><a:Description>Credentials held at the server are often disclosed or tampered with and credentials stored on the client are often stolen. For server side, consider storing a salted hash of the credentials instead of storing the credentials themselves. If this is not possible due to business requirements, be sure to encrypt the credentials before storage, using an SDL-approved mechanism. For client side, if storing credentials is required, encrypt them and protect the data store in which they're stored</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'GE.P' and target is 'GE.DS' and target.storesCredentials is 'Yes'</a:Include></a:GenerationFilters><a:Id>I24</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Information disclosure happens when the information can be read by an unauthorized party.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Credentials held at the server are often disclosed or tampered with and credentials stored on the client are often stolen. For server side, consider storing a salted hash of the credentials instead of storing the credentials themselves. If this is not possible due to business requirements, be sure to encrypt the credentials before storage, using an SDL-approved mechanism. For client side, if storing credentials is required, encrypt them and protect the data store in which they're stored</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Weak Credential Storage</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>I</a:Category><a:Description>Credentials on the wire are often subject to sniffing by an attacker. Are the credentials re-usable/re-playable? Are credentials included in a message? For example, sending a zip file with the password in the email. Use strong cryptography for the transmission of credentials. Use the OS libraries if at all possible, and consider cryptographic algorithm agility, rather than hardcoding a choice.</a:Description><a:GenerationFilters><a:Exclude>flow is 'SE.DF.TMCore.HTTPS' or flow is 'SE.DF.TMCore.IPsec'</a:Exclude><a:Include>source is 'GE.P' and (target is 'GE.P' or target is 'GE.DS') and (flow crosses 'SE.TB.L.TMCore.Machine')</a:Include></a:GenerationFilters><a:Id>I25</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Information disclosure happens when the information can be read by an unauthorized party.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Credentials on the wire are often subject to sniffing by an attacker. Are the credentials re-usable/re-playable? Are credentials included in a message? For example, sending a zip file with the password in the email. Use strong cryptography for the transmission of credentials. Use the OS libraries if at all possible, and consider cryptographic algorithm agility, rather than hardcoding a choice.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Weak Credential Transit</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>I</a:Category><a:Description>Custom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system. Consider the impact and potential mitigations for your custom authentication scheme.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'GE.P' and target is 'GE.P' and source.implementsAuthenticationScheme is 'Yes'</a:Include></a:GenerationFilters><a:Id>I26</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Information disclosure happens when the information can be read by an unauthorized party.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Custom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system. Consider the impact and potential mitigations for your custom authentication scheme.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Weak Authentication Scheme</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>D</a:Category><a:Description>Threat was migrated from V3.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'ROOT'</a:Include></a:GenerationFilters><a:Id>DU</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Threat was migrated from V3.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Denial Of Service (v3)</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>D</a:Category><a:Description>Does {source.Name} or {target.Name} take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'GE.P' and target is 'GE.DS'</a:Include></a:GenerationFilters><a:Id>D2</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Does {source.Name} or {target.Name} take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Potential Excessive Resource Consumption for {source.Name} or {target.Name}</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>D</a:Category><a:Description>{target.Name} crashes, halts, stops or runs slowly; in all cases violating an availability metric.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>target is 'GE.P' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')</a:Include></a:GenerationFilters><a:Id>D3</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>{target.Name} crashes, halts, stops or runs slowly; in all cases violating an availability metric.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Potential Process Crash or Stop for {target.Name}</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>D</a:Category><a:Description>An external agent interrupts data flowing across a trust boundary in either direction.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>(flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')</a:Include></a:GenerationFilters><a:Id>D4</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>An external agent interrupts data flowing across a trust boundary in either direction.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Data Flow {flow.Name} Is Potentially Interrupted</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>D</a:Category><a:Description>An external agent prevents access to a data store on the other side of the trust boundary.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>(source is 'GE.DS' or target is 'GE.DS') and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')</a:Include></a:GenerationFilters><a:Id>D5</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>An external agent prevents access to a data store on the other side of the trust boundary.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Data Store Inaccessible</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>E</a:Category><a:Description>Threat was migrated from V3.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>source is 'ROOT'</a:Include></a:GenerationFilters><a:Id>EU</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Threat was migrated from V3.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Elevation Of Privilege (v3)</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>E</a:Category><a:Description>Common SSO implementations such as OAUTH2 and OAUTH Wrap are vulnerable to MitM attacks.</a:Description><a:GenerationFilters><a:Exclude>(target is 'SE.EI.TMCore.AuthProvider' and target.MS is 'Yes')</a:Exclude><a:Include>target is 'SE.EI.TMCore.AuthProvider'</a:Include></a:GenerationFilters><a:Id>E3</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Common SSO implementations such as OAUTH2 and OAUTH Wrap are vulnerable to MitM attacks.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Weakness in SSO Authorization</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>E</a:Category><a:Description>{target.Name} may be able to impersonate the context of {source.Name} in order to gain additional privilege.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>(source is 'GE.EI' or source is 'GE.P') and target is 'GE.P'</a:Include></a:GenerationFilters><a:Id>E5</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>{target.Name} may be able to impersonate the context of {source.Name} in order to gain additional privilege.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Elevation Using Impersonation</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>E</a:Category><a:Description>{source.Name} may be able to remotely execute code for {target.Name}.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>target is 'GE.P' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')</a:Include></a:GenerationFilters><a:Id>E6</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>{source.Name} may be able to remotely execute code for {target.Name}.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>{target.Name} May be Subject to Elevation of Privilege Using Remote Code Execution</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>E</a:Category><a:Description>An attacker may pass data into {target.Name} in order to change the flow of program execution within {target.Name} to the attacker's choosing.</a:Description><a:GenerationFilters><a:Exclude/><a:Include>target is 'GE.P' and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')</a:Include></a:GenerationFilters><a:Id>E7</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>A user subject gains increased capability or privilege by taking advantage of an implementation bug.</b:string></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>An attacker may pass data into {target.Name} in order to change the flow of program execution within {target.Name} to the attacker's choosing.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory i:nil="true"/><a:ShortTitle>Elevation by Changing the Execution Flow in {target.Name}</a:ShortTitle></a:ThreatType><a:ThreatType><a:IsExtension>false</a:IsExtension><a:Category>E</a:Category><a:Description>Cross-site request forgery (CSRF or XSRF) is a type of attack in which an attacker forces a user's browser to make a forged request to a vulnerable site by exploiting an existing trust relationship between the browser and the vulnerable web site.  In a simple scenario, a user is logged in to web site A using a cookie as a credential.  The other browses to web site B.  Web site B returns a page with a hidden form that posts to web site A.  Since the browser will carry the user's cookie to web site A, web site B now can take any action on web site A, for example, adding an admin to an account.  The attack can be used to exploit any requests that the browser automatically authenticates, e.g. by session cookie, integrated authentication, IP whitelisting, …  The attack can be carried out in many ways such as by luring the victim to a site under control of the attacker, getting the user to click a link in a phishing email, or hacking a reputable web site that the victim will visit. The issue can only be resolved on the server side by requiring that all authenticated state-changing requests include an additional piece of secret payload (canary or CSRF token) which is known only to the legitimate web site and the browser and which is protected in transit through SSL/TLS. See the Forgery Protection property on the flow stencil for a list of mitigations.</a:Description><a:GenerationFilters><a:Exclude>(source is 'SE.P.TMCore.OSProcess' or source is 'SE.P.TMCore.Thread' or source is 'SE.P.TMCore.KernelThread' or source is 'SE.P.TMCore.WinApp' or source is 'SE.P.TMCore.NetApp' or source is 'SE.P.TMCore.WebServer' or source is 'SE.P.TMCore.Win32Service' or  source is 'SE.P.TMCore.WebSvc' or source is 'SE.P.TMCore.VM' or (source is 'SE.P.TMCore.Modern' and source.internetClientServer is 'No' and source.internetClient is 'No' ) or source is 'SE.EI.TMCore.AuthProvider' or source is 'SE.EI.TMCore.WebSvc' or source is 'SE.EI.TMCore.WebApp' or source is 'SE.EI.TMCore.Megasevrice' or source is 'SE.EI.TMCore.CRT' or source is 'SE.EI.TMCore.NFX' or source is 'SE.EI.TMCore.WinRT' ) or (target is 'SE.P.TMCore.ThickClient' or target is 'SE.P.TMCore.BrowserClient' or target is 'SE.P.TMCore.PlugIn' or target is 'SE.P.TMCore.Modern') or (flow crosses 'SE.TB.L.TMCore.Machine' or flow crosses 'SE.TB.L.TMCore.Kernel' or flow crosses 'SE.TB.L.TMCore.AppContainer' or flow crosses 'SE.TB.B.TMCore.CorpNet' or flow crosses 'SE.TB.B.TMCore.Sandbox')</a:Exclude><a:Include>(source is 'GE.P' or  source is  'GE.EI') and (target is 'GE.P' ) and (flow.authenticatesSource is 'Not Selected' or  flow.authenticatesSource is 'Yes') and (flow.54851a3b-65da-4902-b4e0-94ef015be735 is 'None' or flow.54851a3b-65da-4902-b4e0-94ef015be735 is 'Not Selected' ) and (flow crosses 'GE.TB.L' or flow crosses 'GE.TB.B')</a:Include></a:GenerationFilters><a:Id>8404dcf5-bdd8-4902-abc2-3b6c967b0261</a:Id><a:PropertiesMetaData><ThreatMetaDatum><Name>UserThreatShortDescription</Name><Label>Short Description</Label><HideFromUI>true</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>5d3b996b-aed5-4d95-8cf6-617bb67bf042</Id></ThreatMetaDatum><ThreatMetaDatum><Name>UserThreatDescription</Name><Label>Description</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>Cross-site request forgery (CSRF or XSRF) is a type of attack in which an attacker forces a user's browser to make a forged request to a vulnerable site by exploiting an existing trust relationship between the browser and the vulnerable web site.  In a simple scenario, a user is logged in to web site A using a cookie as a credential.  The other browses to web site B.  Web site B returns a page with a hidden form that posts to web site A.  Since the browser will carry the user's cookie to web site A, web site B now can take any action on web site A, for example, adding an admin to an account.  The attack can be used to exploit any requests that the browser automatically authenticates, e.g. by session cookie, integrated authentication, IP whitelisting, …  The attack can be carried out in many ways such as by luring the victim to a site under control of the attacker, getting the user to click a link in a phishing email, or hacking a reputable web site that the victim will visit. The issue can only be resolved on the server side by requiring that all authenticated state-changing requests include an additional piece of secret payload (canary or CSRF token) which is known only to the legitimate web site and the browser and which is protected in transit through SSL/TLS. See the Forgery Protection property on the flow stencil for a list of mitigations.</b:string></Values><Id>cf377f97-9dea-42d6-ae63-b097c4a8ec4d</Id></ThreatMetaDatum><ThreatMetaDatum><Name>Priority</Name><Label>Priority</Label><HideFromUI>false</HideFromUI><Values xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string i:nil="true"/></Values><Id>bc9c6e2a-15d0-4863-9cac-589e51e4ca1e</Id></ThreatMetaDatum></a:PropertiesMetaData><a:RelatedCategory/><a:ShortTitle>Cross Site Request Forgery</a:ShortTitle></a:ThreatType></a:ThreatTypes></KnowledgeBase><Profile><PromptedKb xmlns=""/></Profile></ThreatModel>