Commit dd920150 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Improve documentation of host accessible interfaces 

Co-authored-by: Alessio Di Carlo
parent 752ebcd7

EN-304-625.md

+15 −24
Original line number Diff line number Diff line
@@ -912,29 +912,19 @@ Debug interfaces 


Remember the integrator - debug enabled is okay there as long as documented



#### 5.2.X.x **MI-SDEH**: Host controls access to interface

#### 5.2.X.x **MI-DPAH**: Documentation of product assets accessible from host



All interfaces for the product whose access is controlled solely by the host system shall have documentation describing the level of security necessary for the host system to protect them from unauthorized access.

The product shall be accompanied by documentation for all interfaces for the product that can be accessed by the host, describing what product assets are accessible from the interface and what type of access is allowed.



FIXME make clear the host system can implement this however



FIXME what are the different security requirements for interfaces, how to define them as lo/me/hi



FIXME FIXME supply chain info about low/medium/high security is completely unclear and doesn't make sense FIXME



Example: encryption keys - don't want any unpriviliged user on the host to be able to read these



packet buffers - same



version of firmware - could be fine for anybody

Guidance: This requirement gives the user or integrator of the product the necessary information they need to implement an appropriate level of access control in the host system. This requirement does not specify how the host implements access control.



  * Applicability: Physical interface

  * Reference: TR-SDEF

  * Objective: Secure by default

  * Preparation: Define a method that can be used to find all interfaces on the device accessible from the host

  * Preparation: Define a method that can be used to find all interfaces on the product accessible from the host

  * Activities: For each interface, review the documentation to see if it is listed

  * Verdict: If every interface discovered is listed in the documentation => PASS, otherwise => FAIL

  * Evidence: List of interfaces allowing access to security-relevant assets, record of activities used to attempt unauthorized access to security-relevant assets, log of results of attempts

  * Verdict: If every interface discovered is listed in the documentation and has the required information => PASS, otherwise => FAIL

  * Evidence: Method to list all interfaces accessible from the host, list of interfaces discovered, documentation of assets



#### 5.2.X.x **MI-SDEE-1**: Physical access to debug interface
@@ -1007,14 +997,15 @@ Depending on the risk factor of who has access to the network => require authori 
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles



| Risk factors      | Requires mitigations |

|---------------------|----------------------|

|-------------------|----------------------|

| any               | DPAH                 |

| FIXME risk factor | SDEE-1               |

| FIXME risk factor | SDEE-2               |



| Security Profile | Requires mitigations |

|---------------------|----------------------|

| FIXME integrator    | SDEE-1               |

| all others          | SDEE-2               |

|------------------|----------------------|

| FIXME integrator | DPAH, SDEE-1         |

| all others       | DPAH, SDEE-2         |



### 5.2.X **TR-CONF**: Confidentiality of assets