@@ -163,7 +163,7 @@ Physical network interfaces are products with digital elements that directly con
Virtual network interfaces are products with digital elements that directly or indirectly connect a device to a network via an API that emulates that of device drivers of physical network interfaces, typically operating at the data link layer.
This category includes but is not limited to wired and wireless network interface cards, controllers and adapters, such as for Wi-Fi, Ethernet, IrDA, USB, Bluetooth, NearLink, Zigbee, or Fieldbus, and Infiniband. It also includes modems that are designed to connect directly to a system bus on the host and provide connection from the host to an analog transmission media.
This category includes but is not limited to wired and wireless network interface cards, controllers and adapters, such as for Wi-Fi, Ethernet, IrDA, USB, Bluetooth, NearLink, Zigbee, or Fieldbus, and Infiniband. It also includes modems that are designed to connect directly to a system bus on the host and provide connection from the host to analog transmission media, as for example Power Line Communication devices.
It also includes purely virtual standalone products, such as virtual network interface cards, container network interfaces, VPN interfaces, and loopback interfaces.
@@ -239,25 +239,25 @@ This section provides terms and definitions based on CEN/CLC JTC13 WG09's work o
For the purposes of the present document, the following terms apply:
**Device driver:** A device driver is software running on the host that facilitates the transmission of network data
**Device driver:** A device driver is a piece of software or firmware running on the host that enables communication on the network via the network interface
**Network Device Driver Interface (NDDI)** A standardized interface provided by the host operating system or software framework that abstracts the underlying network hardware or virtualized network devices.
**Firmware:** Software stored within a device's non-volatile memory, such as ROM or flash memory, used to allow different types of hardware to communicate with the operating system
**Firmware:** Software stored within a device's non-volatile memory, such as ROM or flash memory, and executed by different types of hardware which can include the physical network interface and the host
**Host:** Any equipment which has complete user functionality when not connected to the network interface part and to which the network interface part provides additional functionality and to which connection is necessary for the network interface part to offer functionality
**Host:** Any equipment to which the network interface part provides additional functionality, mainly network connectivity, and to which connection is necessary for the network interface to operate
**Network Interface:** A physical device or software component that provides a host with a connection to a network
**Network Interface (NI) :** A physical device or software component that provides a host with a connection to a network
**Physical transmission media:** The physical instantion of a network
**Physical transmission medium :** The physical instantiation of a network, which can be wired or wireless
**Physical transmission media adapter:** A physical adapter on a network interface that transmits data on the medium
**Physical transmission media adapter:** A physical adapter on a network interface that transmits and receives data on the medium
**Physical Interface:** A network interface that represents an actual hardware network device.
**Physical (network) interface:** A network interface that represents an actual hardware network device.
**System bus:** A data transmission bus connecting physical network interfaces to a host processor
**System bus:** A data transmission bus connecting one or more physical network interfaces to a host
**Virtual Interface (VNI):** A software-based network interface that simulates the functionality of a physical network adapter.
**Virtual Network Interface (VNI):** A software-based network interface that simulates the functionality of a physical network adapter.
## 3.2 Abbreviations
@@ -268,6 +268,7 @@ For the purposes of the present document, the following abbreviations apply:
| API | Application Programming Interface |
| ISP | Internet Service Provider |
| IT | Information Technology |
| NI | Network Interface |
| NDDI | Network Device Driver Interface |
| OS | Operating System |
| VNI | Virtual Network Interface |
@@ -310,8 +311,8 @@ Out of scope use cases and environments include those explicitly carved out by t
A physical network interface consists of:
* A communications bus to the host
* A hardware transmission adapter
* A local bus interface to connect to the host via a communications bus
* A hardware transceiver to communicate on the network
* Hardware and firmware to process incoming signals and host commands
It also includes the following parts if they are sold with the interface:
@@ -324,7 +325,7 @@ A virtual network interface consists of a device driver only.
### 4.3.2 Types of network interface
A physical network interface connects via its communications bus to the host. The host transmits and receives data to the network by means of the I/O interface provided by the network interface.
A physical network interface connects via the local communications bus to the host. The host transmits and receives data to the network by means of the local bus interface provided by the network interface.
@@ -332,9 +333,9 @@ A physical network interface connects via its communications bus to the host. Th
> FIXME change Host OS to be more generic
A wired network interface transmits data via a solid transmission media such as Ethernet cable, fiber optic cable, or coaxial cable. A wireless network interface uses radiofrequency transmissions to transmit data. A virtual network interface transmits data within the memory of a host system.
A wired network interface transmits data via a wired medium such as Ethernet cable, fiber optic cable, coaxial cable or power lines. A wireless network interface uses radiofrequency transmissions to transmit data over the air. A virtual network interface transmits data only within the memory of a host system.
Wireless network interfaces often have an independent real-time operating system on the network interface itself. Wireless transmission media often requires real-time response to modulate the radio frequency transmissions properly. The network interface also must prevent improper settings of radio frequency transmission parameters, which is often implemented by having the internal firmware set the parameters, rather than exposing them to the host. The complexity of this firmware may increase the risk of a wireless interface.
Wireless network interfaces often have an independent real-time operating system on the network interface itself. Wireless medium access often requires real-time response to manage the radio frequency transmissions properly. The network interface must also prevent improper settings of radio frequency transmission parameters, which is often implemented by having the internal firmware set the parameters, rather than exposing them to the host. The complexity of this firmware may increase the risk of a wireless interface.
A virtual interface emulates the device driver interface of a network interface to the host operating system. Instead of a physical network interface, it may send and receive packets to a hypervisor, a container, another device driver, another part of the network stack, an application, or other software.
@@ -344,84 +345,84 @@ A virtual interface emulates the device driver interface of a network interface
### 4.3.3 Device drivers for network interfaces
A device driver is software running on the host that facilitates the transmission of network data. The device driver communicates with the host software, if any, by means of a network device driver interface. This interface abstracts the implementation details of the underlying network interface. This network device driver interface is typically defined by the host operating system and is used by its network stack to send or receive data through any device driver that supports this interface.
The device driver communicates with the host software or firmware by means of a network device driver interface. This interface abstracts the implementation details of the underlying network interface. Such network device driver interface is typically defined by the host operating system or by the network interface manufacturer and is used by the host network stack to send or receive data through the network interface.
> FIXME phsyical dveice can access host memory
Physical interfaces require device drivers to make use of the physical hardware. Virtual interfaces are effectively all device driver since there is no underlying hardware, only software.
Physical interfaces require device drivers to make use of the physical hardware through the local communication bus. Virtual interfaces are effectively device drivers only, since they are made of software only without underlying hardware.
The device driver often needs elevated privileges to read and write memory. Device drivers for physical network interfaces often must also have access to address space mapped to the network interface's control registers, and sometimes to enable or disable interrupts or other host hardware functions. This usually requires that the device driver have a high degree of privilege on the host system.
The device driver often needs elevated privileges to read and write memory. Device drivers for physical network interfaces often must have access also to the network interface control registers, directly or via host memory address space mapped to them; sometimes device drivers must as well enable or disable interrupts or other host hardware functions. This usually requires that the device driver has a high level of privilege on the host system.
## 4.4 Use cases
This list of use cases is an informative resource to the manufacturer to simplify choosing a set of security requirements. Each use case is mapped to a security profile, which is a collection of risks and the security requirements necessary to mitigate them.
This list of use cases describes several system scenarios for network interfaces, intended as an informative resource to the manufacturer to simplify the choice of a set of security requirements. Each use case is mapped to a security level, which is a collection of risks and the security requirements necessary to mitigate them.
### 4.4.1 Wired network interface use cases
> FIXME do wired IoT, etc. versions of wireless
* UC-WD-1 Wired enterprise device in isolated internal infrastructure
* Data center for internal job processing
* Behind a firewall, no direct route to internet
* Users are administrators and approved applications
*Interface implements performance optimizations
* UC-WD-1 Wired professional device in isolated internal infrastructure
*E.g. Data center for internal job processing, smart meter in an isolated private network
* Behind a firewall/gateway, no direct route to internet
* Users are administrators and approved (predefined, fixed) applications
