Commit cf46fd1d authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Add PHY physical access risk factor

parent 1c64699b

EN-304-625.md

+54 −42
Original line number Diff line number Diff line
@@ -1676,6 +1676,18 @@ Risk factors may increase the likelihood of an incident, increase the impact of 


The overall risk related to each use case should be considered as a result of combining risk factors affecting both likelihood and impact of an incident.



**[PHY]** Degree of physical access to the device



Description: Exposure of the device to physical access by users.



Rationale: More users with physical access to the device increases the likelihood of an attack via physical interfaces.



Type: Affects likelihood of attacks originating from physical access



  * **[PHY-L-0]** Foreseeable use is physical access only by authorized users

  * **[PHY-L-1]** Foreseeable use is incidental physical access by untrusted users

  * **[PHY-L-2]** Foreseeable use is frequent physical access by untrusted users



**[SFT]** Degree of local software access to the host system



Description: How many agents have unprivileged software access to the host system.
@@ -2012,39 +2024,39 @@ Requirements: NKEV, SCUD, SSDD, MSAF, LMAS, LOGG 


#### C.5.2.1 Wired network interface use cases



| Use case | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro |

|----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------|

| UC-WD-1  | 0   | 0   | 1   | 1   | 0   | 0   | 0   | 0   | 1   | 2   | SP-WD-1 |

| UC-WD-2  | 0   | 0   | 1   | 0   | 0   | 1   | 0   | 1   | 1   | 1   | SP-WD-1 |

| UC-WD-3  | 0   | 1   | 1   | 0   | 1   | 1   | 0   | 1   | 2   | 1   | SP-WD-2 |

| UC-WD-4  | 0   | 2   | 1   | 0   | 2   | 2   | 0   | 1   | 2   | 1   | SP-WD-2 |

| UC-WD-5  | 0   | 2   | 1   | 1   | 2   | 1   | 0   | 1   | 1   | 1   | SP-WD-2 |

| UC-WD-6  | 1   | 1   | 1   | 0   | 1   | 1   | 0   | 1   | 1   | 1   | SP-WD-3 |

| UC-WD-7  | 1   | 1   | 1   | 1   | 0   | 1   | 0   | 1   | 1   | 1   | SP-WD-3 |

| UC-WD-8  | 1   | 2   | 1   | 1   | 2   | 1   | 0   | 1   | 1   | 1   | SP-WD-3 |

| UC-WD-9  | 2   | 1   | 1   | 0   | 2   | 2   | 0   | 1   | 2   | 1   | SP-WD-4 |

| UC-WD-10 | 2   | 1   | 1   | 0   | 2   | 2   | 0   | 0   | 0   | 1   | SP-WD-4 |

| Use case | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro |

|----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------|

| UC-WD-1  | 0   | 0   | 0   | 1   | 1   | 0   | 0   | 0   | 0   | 1   | 2   | SP-WD-1 |

| UC-WD-2  | 0   | 0   | 0   | 1   | 0   | 0   | 1   | 0   | 1   | 1   | 1   | SP-WD-1 |

| UC-WD-3  | 0   | 0   | 1   | 1   | 0   | 1   | 1   | 0   | 1   | 2   | 1   | SP-WD-2 |

| UC-WD-4  | 0   | 0   | 2   | 1   | 0   | 2   | 2   | 0   | 1   | 2   | 1   | SP-WD-2 |

| UC-WD-5  | 0   | 0   | 2   | 1   | 1   | 2   | 1   | 0   | 1   | 1   | 1   | SP-WD-2 |

| UC-WD-6  | 1   | 1   | 1   | 1   | 0   | 1   | 1   | 0   | 1   | 1   | 1   | SP-WD-3 |

| UC-WD-7  | 1   | 1   | 1   | 1   | 1   | 0   | 1   | 0   | 1   | 1   | 1   | SP-WD-3 |

| UC-WD-8  | 1   | 1   | 2   | 1   | 1   | 2   | 1   | 0   | 1   | 1   | 1   | SP-WD-3 |

| UC-WD-9  | 0   | 2   | 1   | 1   | 0   | 2   | 2   | 0   | 1   | 2   | 1   | SP-WD-4 |

| UC-WD-10 | 2   | 2   | 1   | 1   | 0   | 2   | 2   | 0   | 0   | 0   | 1   | SP-WD-4 |



#### C.5.2.2 Wireless network interface use cases



| Use case | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro |

|----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------|

| UC-WL-1  | 0   | 0   | 2   | 0   | 0   | 1   | 1   | 1   | 1   | 1   | SP-WL-1 |

| UC-WL-2  | 0   | 1   | 2   | 1   | 1   | 0   | 0   | 0   | 1   | 2   | SP-WL-1 |

| UC-WL-3  | 0   | 2   | 2   | 1   | 2   | 2   | 1   | 1   | 1   | 1   | SP-WL-2 |

| UC-WL-4  | 1   | 2   | 2   | 0   | 2   | 2   | 1   | 1   | 1   | 1   | SP-WL-2 |

| UC-WL-5  | 1   | 1   | 2   | 1   | 1   | 1   | 1   | 1   | 1   | 1   | SP-WL-2 |

| UC-WL-6  | 1   | 2   | 2   | 1   | 2   | 2   | 1   | 1   | 1   | 1   | SP-WL-3 |

| UC-WL-7  | 2   | 1   | 2   | 1   | 2   | 1   | 0   | 0   | 0   | 1   | SP-WL-3 |

| Use case | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro |

|----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------|

| UC-WL-1  | 0   | 0   | 0   | 2   | 0   | 0   | 1   | 1   | 1   | 1   | 1   | SP-WL-1 |

| UC-WL-2  | 0   | 0   | 1   | 2   | 1   | 1   | 0   | 0   | 0   | 1   | 2   | SP-WL-1 |

| UC-WL-3  | 0   | 0   | 2   | 2   | 1   | 2   | 2   | 1   | 1   | 1   | 1   | SP-WL-2 |

| UC-WL-4  | 1   | 1   | 2   | 2   | 0   | 2   | 2   | 1   | 1   | 1   | 1   | SP-WL-2 |

| UC-WL-5  | 0   | 1   | 1   | 2   | 1   | 1   | 1   | 1   | 1   | 1   | 1   | SP-WL-2 |

| UC-WL-6  | 1   | 1   | 2   | 2   | 1   | 2   | 2   | 1   | 1   | 1   | 1   | SP-WL-3 |

| UC-WL-7  | 2   | 2   | 1   | 2   | 1   | 2   | 1   | 0   | 0   | 0   | 1   | SP-WL-3 |



#### C.5.2.3 Virtual network interface use cases



| Use case | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro |

|----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------|

| UC-VI-1  | 1   | 0   | 0   | 1   | 0   | 0   | 1   | 1   | 1   | 0   | SP-VI-1 |

| UC-VI-2  | 1   | 2   | 2   | 1   | 0   | 1   | 1   | 1   | 1   | 0   | SP-VI-2 |

| UC-VI-3  | 1   | 1   | 2   | 0   | 0   | 2   | 2   | 2   | 2   | 0   | SP-VI-2 |

| UC-VI-4  | 2   | 2   | 2   | 0   | 0   | 2   | 2   | 2   | 2   | 0   | SP-VI-2 |

| Use case | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro |

|----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------|

| UC-VI-1  | 0   | 1   | 0   | 0   | 1   | 0   | 0   | 1   | 1   | 1   | 0   | SP-VI-1 |

| UC-VI-2  | 0   | 1   | 2   | 2   | 1   | 0   | 1   | 1   | 1   | 1   | 0   | SP-VI-2 |

| UC-VI-3  | 0   | 1   | 1   | 2   | 0   | 0   | 2   | 2   | 2   | 2   | 0   | SP-VI-2 |

| UC-VI-4  | 0   | 2   | 2   | 2   | 0   | 0   | 2   | 2   | 2   | 2   | 0   | SP-VI-2 |



## C.6 Security profiles
@@ -2058,27 +2070,27 @@ Security profiles are associated with sets of risk factor levels. 


#### C.6.2.1 Wired network interface security profiles



| Security profile | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT |

|------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|

| SP-WD-1          | 0   | 0   | 1   | 1   | 0   | 1   | 0   | 1   | 1   | 2   |

| SP-WD-2          | 0   | 2   | 1   | 1   | 2   | 2   | 0   | 1   | 2   | 1   |

| SP-WD-3          | 1   | 2   | 1   | 1   | 2   | 1   | 0   | 1   | 1   | 1   |

| SP-WD-4          | 2   | 2   | 1   | 0   | 2   | 2   | 0   | 1   | 2   | 1   |

| Security profile | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT |

|------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|

| SP-WD-1          | 0   | 0   | 0   | 1   | 1   | 0   | 1   | 0   | 1   | 1   | 2   |

| SP-WD-2          | 0   | 0   | 2   | 1   | 1   | 2   | 2   | 0   | 1   | 2   | 1   |

| SP-WD-3          | 1   | 1   | 2   | 1   | 1   | 2   | 1   | 0   | 1   | 1   | 1   |

| SP-WD-4          | 2   | 2   | 2   | 1   | 0   | 2   | 2   | 0   | 1   | 2   | 1   |



#### C.6.2.2 Wireless network interface security profiles



| Security profile | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT |

|------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|

| SP-WL-1          | 0   | 1   | 2   | 1   | 1   | 1   | 1   | 1   | 1   | 1   |

| SP-WL-2          | 1   | 2   | 2   | 1   | 2   | 2   | 1   | 1   | 1   | 1   |

| SP-WL-3          | 2   | 2   | 2   | 1   | 2   | 2   | 1   | 1   | 1   | 1   |

| Security profile | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT |

|------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|

| SP-WL-1          | 0   | 0   | 1   | 2   | 1   | 1   | 1   | 1   | 1   | 1   | 1   |

| SP-WL-2          | 1   | 1   | 2   | 2   | 1   | 2   | 2   | 1   | 1   | 1   | 1   |

| SP-WL-3          | 2   | 2   | 2   | 2   | 1   | 2   | 2   | 1   | 1   | 1   | 1   |



#### C.6.2.3 Virtual network interface security profiles



| Security profile | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT |

|------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|

| SP-VI-1          | 1   | 0   | 0   | 1   | 0   | 1   | 1   | 1   | 1   | 0   |

| SP-VI-2          | 2   | 2   | 2   | 1   | 0   | 2   | 2   | 2   | 2   | 0   |

| Security profile | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT |

|------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|

| SP-VI-1          | 0   | 1   | 0   | 0   | 1   | 0   | 1   | 1   | 1   | 1   | 0   |

| SP-VI-2          | 0   | 2   | 2   | 2   | 1   | 0   | 2   | 2   | 2   | 2   | 0   |



# Annex D (informative): Risk evaluation guidance