@@ -900,22 +900,13 @@ TBD: define memory-safe language
FIXME copy from OS
#### 5.2.X.x MI-ETIN Exhaustive testing of inputs
#### 5.2.X.x MI-ETIN Exhaustive testing of inputs that may cause memory errors
FIXME make more specific
The manufacturer shall perform functional and robustness testing on all security-relevant input paths of the network interface. These tests shall verify that the interface correctly handles both valid inputs, as defined by the relevant protocol standards, and invalid, malformed, or unexpected inputs.
The manufacturer shall identify which input fields may produce memory errors in the firmware or device driver. The manufacturer shall conduct boundary tests for all such inputs while monitoring for memory errors.
Suggested type of tests include, but are not limited to:
* Functional testing: verify that all intended features of the interface respond correctly to valid inputs according to the protocol specifications.
* Boundary value analysis: test inputs at the upper and lower limits of accepted parameters (e.g., maximum/minimum packet length, field values).
* Negative testing: send malformed, incomplete, or out-of-specification inputs to ensure the interface does not crash, enter in an unsecure state or behave as not expected.
* Protocol compliance testing: ensure that interface adheres to protocol specifications, even when presented with borderline or non-standard inputs.
* Test: execute a test suite that covers all the commands and messages defined by the protocol, all boundary and edge cases, invalid and unexpected inputs, input sequences simulating error or stress condition.
* Result: the interface responds correctly to valid inputs and invalid input are handled gracefully, without causing crashes.
* Documentation: test suite used (types of tests, case covered, tools), test results and any known limitations with their justification.
* Test: run boundary tests for all identified inputs while monitoring for memory errors
* Result: no memory errors
* Documentation: documentation of identified inputs and what inputs were boundary testing
#### 5.2.X.x MI-SCF Secure Compilation Flags
@@ -946,13 +937,13 @@ Mitigations satisfy technical requirements only under when they mitigate the rel
|---------------------|----------------------|
| NET = 0 | None |
| NET <= 0 or COM = 0 | SSCA |
| NET > 0 and COM > 0 | FZ95 or IMSL |
| NET > 0 and COM > 0 | FZ95 or ETIN or IMSL |
| Security Profile | Requires mitigations |
|---------------------|----------------------|
| VI-1 | None |
| WD-2 | SSCA |
| all others | FZ95 or IMSL |
| all others | FZ95 or ETIN or IMSL |
### 5.2.X TR-MDNF: Mitigate disabling of network functions
FIXME security profiles aren't rated for REM or FUN yet
### 5.2.X **TR-XXXX**: Encryption related stuff
#### 5.2.X.x **MI-XXXX**:
Need to specify encryption related stuff that is not covered by ACM.
_Description of mitigation in "shall" format._
* Test:
* Result:
* Output:
* False positive test:
* Requirements:
* Documentation:
> Copy-n-paste mitigation format
### 5.2.X **TR-XXXX**:
@@ -1009,6 +1015,23 @@ _Description of mitigation in "shall" format._
* Requirements:
* Documentation:
#### Notes
Pull out more tests from this:
The manufacturer shall perform functional and robustness testing on all security-relevant input paths of the network interface. These tests shall verify that the interface correctly handles both valid inputs, as defined by the relevant protocol standards, and invalid, malformed, or unexpected inputs.
Suggested type of tests include, but are not limited to:
* Functional testing: verify that all intended features of the interface respond correctly to valid inputs according to the protocol specifications.
* Boundary value analysis: test inputs at the upper and lower limits of accepted parameters (e.g., maximum/minimum packet length, field values).
* Negative testing: send malformed, incomplete, or out-of-specification inputs to ensure the interface does not crash, enter in an unsecure state or behave as not expected.
* Protocol compliance testing: ensure that interface adheres to protocol specifications, even when presented with borderline or non-standard inputs.
* Test: execute a test suite that covers all the commands and messages defined by the protocol, all boundary and edge cases, invalid and unexpected inputs, input sequences simulating error or stress condition.
* Result: the interface responds correctly to valid inputs and invalid input are handled gracefully, without causing crashes.
* Documentation: test suite used (types of tests, case covered, tools), test results and any known limitations with their justification.
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
