@@ -49,8 +49,7 @@ The present document may be made available in electronic versions and/or in prin
Users should be aware that the present document may be revised or have its status changed, this information is available in the [Milestones listing].
If you find errors in the present document, please send your comments to
the relevant service listed under [Committee Support Staff].
If you find errors in the present document, please send your comments to the relevant service listed under [Committee Support Staff].
If you find a security vulnerability in the present document, please report it through our
@@ -326,6 +325,8 @@ Wireless network interfaces often have an independent real-time operating system
A virtual interface emulates the device driver interface of a network interface to the host operating system. Instead of a physical network interface, it may send and receive packets to a hypervisor, a container, another device driver, another part of the network stack, an application, or other software.
> FIXME add hypervisor or other software to diagram
@@ -579,6 +580,8 @@ Other functionality is generally implemented outside of the device driver.
The technical requirements of the present document apply under the environmental profile for operation of the equipment, which shall be in accordance with its intended use. The equipment shall comply with all the technical requirements of the present document at all times when operating within the boundary limits of the operational environmental profile defined by its intended use.
The manufacturer will document and communicate the expected environmental profile for the product to the consumer.
The network device will operate in the context of a host system and operating system. If the device driver is not included with the product, it will be provided by the operating system or other part of the system. See Section 4.10 for more details.
## 4.9 Users
@@ -601,7 +604,7 @@ For each security requirement, a product may:
2. Require security functions be provided by some other part of its context
3. Provide security functions for the use of other components
A useful analogy might be that of Lego&TM; blocks. Most blocks have both "studs," the round projections, and "anti-studs," the round holes that the studs lock into. Studs are security functions provided to other components, and anti-studs are the security functions a product requires from its context. Some products are a lego brick with a flat bottom and some have a flat top. To build a secure system, an integrator snaps together blocks with compatible studs and anti-studs, making sure that every anti-stud is matched with a stud.
For example, most individual hardware components do not have a built-in method of securely updating any firmware in the product. Usually this requires a full-featured system running an operating system which can check for firmware updates, download and verify them, and carry out the process of updating the firmware.
### 4.10.2 Security functions provided outside the product
@@ -700,6 +703,7 @@ Problems with the implementation of the protocols by the interface are in scope.
* Firmware
* All network packets going in and out
* Device configuration
* Statistics
> FIXME add assets for device driver and virtual interface
@@ -732,8 +736,14 @@ Physical interfaces:
> FIXME lookup CVEs - anything from host-generated packets?
A generic CVE for many NICs that copied data beyond the end of the packet in memory and sent it on the network.
> List assumptions that are relevant to the risk analysis for these threats. Everything is hackable if you try hard enough. What kinds of threats are in and out of scope? What are you assuming is the sophistication of attack? Relate to use cases.
