Commit 0d77445a authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Notes/updates on use cases, risks, and terminology 

From conversation with Trammell Hudson
parent aae5c352

EN-304-625.md

+18 −1
Original line number Original line Diff line number Diff line
@@ -165,6 +165,12 @@ Virtual network interfaces are products with digital elements that directly or i 




This category includes but is not limited to wired and wireless network interface cards, controllers and adapters, such as for Wi-Fi, Ethernet, IrDA, USB, Bluetooth, NearLink, Zigbee, or Fieldbus, and Infiniband. It also includes modems that are designed to connect directly to a system bus on the host and provide connection from the host to analog transmission media, as for example Power Line Communication devices.

This category includes but is not limited to wired and wireless network interface cards, controllers and adapters, such as for Wi-Fi, Ethernet, IrDA, USB, Bluetooth, NearLink, Zigbee, or Fieldbus, and Infiniband. It also includes modems that are designed to connect directly to a system bus on the host and provide connection from the host to analog transmission media, as for example Power Line Communication devices.





FIXME: choose something consistent for:

 * system bus

 * communication bus

 * host bus

 * examples USB and PCI E



This category includes purely virtual standalone products, such as virtual network interface cards, container network interfaces, VPN interfaces, and loopback interfaces.

This category includes purely virtual standalone products, such as virtual network interface cards, container network interfaces, VPN interfaces, and loopback interfaces.





This category includes products whose core function is a network interface and provides the feature of remote management interface for the network interface or the host system.

This category includes products whose core function is a network interface and provides the feature of remote management interface for the network interface or the host system.
@@ -424,13 +430,22 @@ This list of use cases describes several system scenarios for network interfaces 
  * Interface implements radio control and encryption

  * Interface implements radio control and encryption

  * Professional administration

  * Professional administration





* UC-WL-2 Wireless stationary home device

* UC-WL-2 Wireless stationary home IoT device

  * E.g. IoT lightbulb, smart oven, stationary personal computer

  * E.g. IoT lightbulb, smart oven, stationary personal computer

  * Behind home gateway firewall, network accessible by physically nearby attackers

  * Behind home gateway firewall, network accessible by physically nearby attackers

  * Host access limited to people within the home

  * Host access limited to people within the home

  * Interface implements radio control and encryption

  * Interface implements radio control and encryption

  * Non-professional administration

  * Non-professional administration





FIXME: update below and above



* UC-WL-2A Wireless stationary home computer

  * E.g. stationary personal computer

  * Behind home gateway firewall, network accessible by physically nearby attackers

  * Host access limited to people within the home

  * Interface implements radio control and encryption

  * Non-professional administration



* UC-WL-3 Wireless stationary device for public use

* UC-WL-3 Wireless stationary device for public use

  * E.g. public library computer, vending machine

  * E.g. public library computer, vending machine

  * Behind some firewall, network accessible by physically nearby attackers

  * Behind some firewall, network accessible by physically nearby attackers
@@ -490,6 +505,8 @@ This measures how many agents on the host can access the network interface from 
  * **[USR-L-2]** Trusted agents within the home

  * **[USR-L-2]** Trusted agents within the home

  * **[USR-L-3]** Untrusted agents

  * **[USR-L-3]** Untrusted agents





FIXME: need to express risk coming from host system due to likelihood of being hacked that is different between a small single purpose IoT device and a full personal computer



**[ACC]** Degree of access to attached network by untrusted entities

**[ACC]** Degree of access to attached network by untrusted entities





This measures how easy it is for untrusted entities to send packets that the network interface will receive from outside the host, such as a user or program on another host attached to the same network.

This measures how easy it is for untrusted entities to send packets that the network interface will receive from outside the host, such as a user or program on another host attached to the same network.