@@ -185,6 +185,8 @@ Products not in scope include:
This standard does not cover products in use in contexts other than those identified in Annex <L>.
> FIXME add remote management capabilities to in scope
# 2 References
## 2.1 Normative references
@@ -328,6 +330,8 @@ A physical network interface connects via its communications bus to the host. Th
> FIXME mermaid chart temporarily removed to generate Word doc
> FIXME change Host OS to be more generic
A wired network interface transmits data via a solid transmission media such as Ethernet cable, fiber optic cable, or coaxial cable. A wireless network interface uses radiofrequency transmissions to transmit data. A virtual network interface transmits data within the memory of a host system.
Wireless network interfaces often have an independent real-time operating system on the network interface itself. Wireless transmission media often requires real-time response to modulate the radio frequency transmissions properly. The network interface also must prevent improper settings of radio frequency transmission parameters, which is often implemented by having the internal firmware set the parameters, rather than exposing them to the host. The complexity of this firmware may increase the risk of a wireless interface.
@@ -342,6 +346,8 @@ A virtual interface emulates the device driver interface of a network interface
A device driver is software running on the host that facilitates the transmission of network data. The device driver communicates with the host software, if any, by means of a network device driver interface. This interface abstracts the implementation details of the underlying network interface. This network device driver interface is typically defined by the host operating system and is used by its network stack to send or receive data through any device driver that supports this interface.
> FIXME phsyical dveice can access host memory
Physical interfaces require device drivers to make use of the physical hardware. Virtual interfaces are effectively all device driver since there is no underlying hardware, only software.
The device driver often needs elevated privileges to read and write memory. Device drivers for physical network interfaces often must also have access to address space mapped to the network interface's control registers, and sometimes to enable or disable interrupts or other host hardware functions. This usually requires that the device driver have a high degree of privilege on the host system.
@@ -352,6 +358,8 @@ This list of use cases is an informative resource to the manufacturer to simplif
### 4.4.1 Wired network interface use cases
> FIXME do wired IoT, etc. versions of wireless
* UC-WD-1 Wired enterprise device in isolated internal infrastructure
* Data center for internal job processing
* Behind a firewall, no direct route to internet
@@ -488,12 +496,20 @@ The risk factors identified by the risk assessment in Annex C are grouped into r
***[USR-L-2]** Trusted users within the home
***[USR-L-3]** Untrusted users
> FIXME raw sockets vs not
> FIXME users -> entities or something
> FIXME make it clearer this is access from inside the system
* Degree of access to attached network by untrusted users
***[ACC-L-0]** Untrusted users have no or highly filtered access to attached network
***[ACC-L-1]** Untrusted users have somewhat filtered access to attached network
***[ACC-L-2]** Untrusted users have unfiltered access to attached network
> FIXME make it clearer this is access from outside the system
* Complexity of network interface implementation
***[COM-L-0]** Minimal features to send/recv packets
