@@ -1084,15 +1084,15 @@ Suggested type of tests include, but are not limited to:
* Statistics
* Security keys for validation of access to itself (firmware, management access)
* Security keys for packet encryption or network access
* All accessible host data
* Device driver stored on device, if any
* All accessible host data and functions
#### C.1.1.2 Virtual network interfaces or device drivers
* Device driver code
* Interface configuration that is not stored by the host
* Device driver executable
* Interface configuration
* Statistics
* Security keys
* All accessible host data
### C.1.2 Product functions
@@ -1150,54 +1150,36 @@ Optional:
## C.2 Threats
Threat: Attacker sends a packet to the external adapter that causes the interface to give unauthorized access to data stored on the interface.
Threat: Attacker may get unauthorized access to data stored on the network interface, including configuration, firmware, statistics, or security keys.
Threat: Attacker sends a packet to the external adapter that causes the interface to give unauthorized access to functions on the interface.
Threat: Attacker may get unauthorized access to data transmitted via the network interface, including data intended for the network interface itself and not the host system.
Threat: Attacker sends a packet that causes the interface to give unauthorized access to some or all host system assets.
Threat: Attacker may get unauthorized access to functions of the network interface, including transmission of data, and access to host system data and functions.
Threat: Attacker uses unprivileged host access to the network interface to es the interface to give unauthorized access to data stored on the interface.
Threat: Attacker may intercept a communications channel to an authorized server and read or modify the transmitted data.
Threat: Attacker sends a packet to the external adapter that causes the interface to give unauthorized access to functions on the interface.
Threat: Attacker may masquerade as the authorized server to get unauthorized access to network interface assets.
Threat: Attacker sends a packet that causes the interface to give unauthorized access to some or all host system assets.
Threat: Attacker may degrade or stop the functions of the network interface.
Threat: Attacker may use unauthorized access to the network interface to harm other devices, including the host system.
* Read/write firmware
* Read/write configuration
* Read/write statistics
* Read/write security keys
* Read/write packet contents
* Stop packet processing
* Slow down packet processing
* Drop packets
* Send interrupts to host
* Reboot the host
* Read/write host memory
Threat: Attacker may get unauthorized access to data stored in the device driver, including configuration, software, statistics, or security keys.
* Unprivileged user
Threat: Attacker may get unauthorized access to the functions of the device driver, including access to host system data and functions.
### C.2.2 Device drivers
Threat: Attacker may degrade or stop the functions of the device driver.
FIXME copy from OS
### C.2.3 Virtual interfaces
FIXME copy from OS and add the very small amount of different stuff to mitigate the specific data that is different in a virtual interface.
Threat: Attacker may use unauthorized access to the device driver to harm other devices, including the host system.
Unsorted notes
Physical interfaces:
* Incoming packets that trigger bad behaviour
* Bug that processing incoming packets stops packet processing
* TR: stress testing with just a lot of packets of different types?
* Bugs in chipset allowing unauthorized/malformed access to interface
* Malicious/corrupted firmware updates - do this securely
* TR: the firmware update method must verify firmware in some way
* note that update can be done OS or other stuff
* IoT things updated over wifi
* Bluetooth is exposed to the world and very common
* development/debug commands accessible externally from host
* TR: debug interfaces disabled by default
* TR: debug interface is only used by authorized users via SoTA
