Add TODOs for packet drop, fair queueing, etc. to TR-AVAI

See Section 5.3 for which mitigations are necessary for which security profiles and Annex C.4 for the rationale.

#### 5.2.X.x MI-FDRP: Fast packet drop

TODO: Write mitigation requiring the interface to do validity checks on packets from both the network and the host in order of cheapest to most expensive so it can drop invalid packets with as little resource usage as possible.

#### 5.2.X.x MI-LMEM: Limit memory usage

TODO: Write mitigation requiring the interface limit memory usage triggered by user input via network or host.

#### 5.2.X.x MI-FAIR: Fair resource usage and prioritization

TODO: Write mitigation requiring the interface implement some form of ensuring fair resource usage by multiple sources of input, including the ability to prioritize some sources of input

#### 5.2.X.x MI-DOST: Document risk transfer to operational environment for denial of service

TODO: Write mitigation documenting that the operational environment must provide denial of service protection, such as an external or internal firewall, fair queueing or filtering be the OS, a proxy, etc.

### 5.2.X **TR-LMAS**: Minimize exposed interfaces

#### 5.2.X.x Requirement

### 5.3.1 Wired network interface risk mitigation sets

SP-WD-1: SCFS, SUDC, (SUVP or SUAP or SUOE or SUAO), DJST, (NTFY or WDOG), LOGG

SP-WD-1: SCFS, SUDC, (SUVP or SUAP or SUOE or SUAO), DJST, (NTFY or WDOG), DOST, LOGG

SP-WD-2: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUAP or SUOE or SUAO), AUTH, CDST, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, VULH

SP-WD-2: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUAP or SUOE or SUAO), AUTH, CDST, DCTX, DJST, NTFY, WDOG, FDRP, LMEM, FAIR, DOST, JSTY, LOGG, VULH

SP-WD-3: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUAP or SUOE or SUAO), AUTH, CDST, DCTX, DJST, (NTFY or WDOG), JSTY, LOGG, VULH

SP-WD-3: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUAP or SUOE or SUAO), AUTH, CDST, DCTX, DJST, (NTFY or WDOG), LMEM, DOST, JSTY, LOGG, VULH

SP-WD-4: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-\*, SUDC, (SUVP or SUAP or SUOE or SUAO), AUTH, CDST, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, VULH

SP-WD-4: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-\*, SUDC, (SUVP or SUAP or SUOE or SUAO), AUTH, CDST, DCTX, DJST, NTFY, WDOG, FDRP, LMEM, FAIR, DOST, JSTY, LOGG, VULH

### 5.3.2 Wireless network interface risk mitigation sets

SP-WL-1: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, SUDC, (SUVP or SUAP or SUOE or SUAO), AUTH, CDST, CDTX, IDST, DCTX, DJST, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

SP-WL-1: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, SUDC, (SUVP or SUAP or SUOE or SUAO), AUTH, CDST, CDTX, IDST, DCTX, DJST, (NTFY or WDOG), LMEM, DOST, JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

SP-WL-2: AUTH, KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUAP or SUAO), AUTH, CDST, CDTX, IDST, DCTX, DJST, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

SP-WL-2: AUTH, KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUAP or SUAO), AUTH, CDST, CDTX, IDST, DCTX, DJST, (NTFY or WDOG), LMEM, DOST, JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

SP-WL-3: AUTH, KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-\*, SUDC, (SUAP or SUAO), AUTH, CDST, CDTX, IDST, DCTX, DJST, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

SP-WL-3: AUTH, KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-\*, SUDC, (SUAP or SUAO), AUTH, CDST, CDTX, IDST, DCTX, DJST, (NTFY or WDOG), LMEM, DOST, JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

### 5.3.3 Virtual network interface risk mitigation sets

SP-VI-1: (KEVD or KEVA or KEVT or SCAN), SCFS, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUAP or SUOE or SUAO), CDST, IDST, DCTX, DJST, (NTFY or WDOG), JSTY, LOGG, SDRF, VULH

SP-VI-1: (KEVD or KEVA or KEVT or SCAN), SCFS, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUAP or SUOE or SUAO), CDST, IDST, DCTX, DJST, (NTFY or WDOG), LMEM, DOST, JSTY, LOGG, SDRF, VULH

SP-VI-2: AUTH, KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-3, PDDI-4, SUDC, (SUAP or SUAO), AUTH, CDST, IDST, DCST, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, (RSET or INST or DELE), SDRF, SDTR, VULH

SP-VI-2: AUTH, KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-3, PDDI-4, SUDC, (SUAP or SUAO), AUTH, CDST, IDST, DCST, DCTX, DJST, NTFY, WDOG, FDRP, LMEM, FAIR, DOST, JSTY, LOGG, (RSET or INST or DELE), SDRF, SDTR, VULH

# 6 Conformity Assessment

| Risk factors      | Likelihood |                                    |

|-------------------|------------|------------------------------------|

| max(SFT, NET) = 0 | Low        | WD-1                               |

| all others        | Medium     | WL-1, VI-1                         |

| max(SFT, NET) = 1 | Medium     | WL-1, VI-1                         |

| max(SFT, NET) = 2 | High       | WD-2, WD-3, WD-4, WL-2, WL-3, VI-2 |

| Risk factors | Impact | Security profiles       |

Requirements that mitigate this threat: AUTH, AVAI, LMII, LOGG

TODO: Need to add mitigations for fast packet drop, limiting memory allocations until authenticated, rate-limiting by source, round-robin queues, etc.

Mitigations for Likelihood:

* Medium to Low: TODO: has to be outsourced to environment?

* Medium to Low: DOST

* High to Low: TODO: has to be outsourced to environment?

* High to Low: DOST

Mitigations for Impact:

* Medium to Low: (NTFY or WDOG), LOGG, TODO: see TODO above

* Medium to Low: (NTFY or WDOG), LMEM, LOGG

* High to Low: NTFY, WDOG, LOGG, TODO: see TODO above

* High to Low: NTFY, WDOG, FDRP, LMEM, FAIR, LOGG

#### C.4.3.8 TH-DDOS: Denial of service attack on other products via exploitation of vulnerabilities