Commit 9776a831 authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Moved default verdict and evidence to MSAF and MZERO requirements 

Closes HAS50 #89
parent 46d1b6cb

EN-304-625.md

+7 −13
Original line number Diff line number Diff line
@@ -753,6 +753,8 @@ The product shall reject writes beyond the end of the stack. 
* Reference: ER-SSDD

* Objective: Prevent thread from writing beyond end of stack

* Activities: Write beyond the end of the stack

* Verdict: each involved thread fails to read or write the target data and takes a segmentation fault, has error handling code executed, or is terminated in all tests => PASS, otherwise FAIL

* Evidence: error messages, log message, or the product reboots or halts



Guidance: Two methods of exhausting stack memory include allocating a very large object on the stack, and performing an unbounded recursive function call.
@@ -763,6 +765,8 @@ The product shall reject stack buffer writes that go beyond the end of the stack 
* Reference: ER-SSDD

* Objective: Prevent thread from writing beyond end of stack

* Activities: Write beyond the end of the stack frame

* Verdict: each involved thread fails to read or write the target data and takes a segmentation fault, has error handling code executed, or is terminated in all tests => PASS, otherwise FAIL

* Evidence: error messages, log message, or the product reboots or halts



#### 5.2.2.10 MI-MSAF-3: Array bounds checking
@@ -771,6 +775,8 @@ The product shall reject writes to fixed-size arrays that are beyond the end of 
* Reference: ER-SSDD

* Objective: Prevent thread from writing beyond the end of a fixed-size array

* Activities: Write beyond the end of a fixed-size array

* Verdict: each involved thread fails to read or write the target data and takes a segmentation fault, has error handling code executed, or is terminated in all tests => PASS, otherwise FAIL

* Evidence: error messages, log message, or the product reboots or halts



#### 5.2.2.11 MI-MZRO-1: Stack memory zeroing
@@ -798,19 +804,7 @@ The product shall zero-initialize all heap memory before use. 


The product shall implement appropriate mitigations to limit incident impact.



#### 5.2.3.2 Default Preparation, Verdict, and Evidence for memory safety mitigations



Most memory safety mitigations have the same Verdict and Evidence:



* Preparation: None

* Verdict: each involved thread fails to read or write the target data and takes a segmentation fault, has error handling code executed, or is terminated in all tests => PASS, otherwise FAIL

* Evidence: error messages, log message, or the product reboots or halts



For each mitigation grouped under cybersecurity requirement ER-LMII, for each field Preparation, Verdict, or Evidence, if it is not specified for that test, then the above Preparation, Verdict, or Evidence field shall apply.



#### 5.2.3.8 Mapping of mitigations to risk factors and security profiles



See clause 5.3 for which mitigations are necessary for which security profiles and Annex C.4 for the rationale.

<mark>This subsection is empty after HAS comment changes.</mark>



### 5.2.4 ER-MINI: Minimize impact on other devices and services