Commit 925d8a84 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Add exhaustive testing and compiler flags requirements 

Co-authored-by: Alessio Di Carlo, Riccardo Fiorelli, Laura Annamaria Bonini
parent e574b87e

EN-304-625.md

+35 −1
Original line number Diff line number Diff line
@@ -902,7 +902,41 @@ FIXME copy from OS 


#### 5.2.X.x MI-ETIN Exhaustive testing of inputs



TBD describe this, basically smart fuzzing by hand :)

FIXME make more specific



The manufacturer shall perform functional and robustness testing on all security-relevant input paths of the network interface. These tests shall verify that the interface correctly handles both valid inputs, as defined by the relevant protocol standards, and invalid, malformed, or unexpected inputs.



Suggested type of tests include, but are not limited to:



* Functional testing: verify that all intended features of the interface respond correctly to valid inputs according to the protocol specifications.

* Boundary value analysis: test inputs at the upper and lower limits of accepted parameters (e.g., maximum/minimum packet length, field values).

* Negative testing: send malformed, incomplete, or out-of-specification inputs to ensure the interface does not crash, enter in an unsecure state or behave as not expected.

* Protocol compliance testing: ensure that interface adheres to protocol specifications, even when presented with borderline or non-standard inputs.



* Test: execute a test suite that covers all the commands and messages defined by the protocol, all boundary and edge cases, invalid and unexpected inputs, input sequences simulating error or stress condition.

* Result: the interface responds correctly to valid inputs and invalid input are handled gracefully, without causing crashes.

* Documentation: test suite used (types of tests, case covered, tools), test results and any known limitations with their justification.



#### 5.2.X.x MI-SCF Secure Compilation Flags



FIXME make more specific



The manufacturer shall ensure that all security-relevant firmware and software are compiled with secure compilation flags and options appropriate to the target platform and language.



Secure compilation flags may include, but are not limited to:



* Stack protection (e.g., -fstack-protector, -fstack-protector-strong)

* Buffer overflow protection (e.g., -D_FORTIFY_SOURCE=2)

* Position-independent code (-fPIC)

* Control Flow Integrity (CFI) options, if available

* Compiler warnings as errors (-Werror)

* Address Sanitizer or other runtime checks, where feasible



The manufacturer shall document the compilation flags used, their rationale, and any exceptions or limitations.



* Test: run a source code analysis tool, e.g. checksec binary, on the relevant parts of the network interface firmware and software.

* Result: no warnings, or present warnings are justified by technical documentation

* Documentation: output of the source code analysis checker, list of compliation flags and options used, documentation of any suppressed warnings or disabled flags with justifications.



#### 5.2.X.x Mapping of mitigations to risk factors and security profiles