Commit 0fa2fa21 authored by Valerie Aurora (Bow Shock)'s avatar Valerie Aurora (Bow Shock)
Browse files

Split TH-CONF 3 ways to deal with physical/software/network options

parent 4e60dfa1

EN-304-626.md

+100 −40
Original line number Diff line number Diff line
@@ -1859,37 +1859,97 @@ Mitigations for Impact: 


* High to Low: WDOG



### C.4.5 TH-CONF: Access to assets via configuration errors

### C.4.5 TH-UAPP: Unauthorized access to product assets via unprotected physical interfaces in default configuration



Attacker may use configuration errors to get unauthorized access to the product assets.

Attacker may use unprotected debug or management interfaces to get unauthorized access to product assets via physical access in the default configuration of the product.



| Risk factors                         | Likelihood | Security profiles                      |

|----------------------|------------|---------------------------------|

| CONF = 0 or DATA = 0 | Low        | LR, IoT-1, WE-1                 |

| all others           | Medium     | IoT-2, IoT-3, OT-1, PS-1, SE-\* |

| CONF = 2 & DATA = 2  | High       | MOB-1, PC-\*, LA-\*             |

|--------------------------------------|------------|----------------------------------------|

| PHYS = 0                             | Low        | LR, IoT-1                              |

| all others                           | Medium     | IoT-2, IoT-3, RO-1, PC-\*, PS-1, SE-\* |

| PHYS > 0 & max(SNDS, SNDT, SENF) = 2 | High       | OT-1, MOB-1, WE-1, LA-\*               |



| Risk factors              | Impact | Security profiles                                  |

|---------------------------|--------|-----------------------------------------------------------|

|---------------------------|--------|----------------------------------------------------|

| max(SNDS, SNDT, SENF) = 0 | Low    | LR, IoT-1                                          |

| max(SNDS, SNDT, SENF) = 1 | Medium | IoT-2, IoT-3                                       |

| max(SNDS, SNDT, SENF) = 2 | High   | IoT-3, RO-1, OT-1, MOB-1, WE-1, PC-\*, LA-\*, PS-1, SE-\* |

| max(SNDS, SNDT, SENF) = 2 | High   | RO-1, OT-1, MOB-1, WE-1, PC-\*, LA-\*, PS-1, SE-\* |



Requirements that mitigate this threat: CDST, SDEF, DMIN, LOGG

Requirements that mitigate this threat: SDEF, AUTH, LMAS, LOGG



Mitigations for Likelihood:



* Medium to Low: ADEF

* Medium to Low: PDDI-1, AUTH



* High to Low: ADEF

* High to Low: ADEF, PDDI-2, AUTH



Mitigations for Impact:



* Medium to Low: CDST

* Medium to Low: LOGG



* High to Low: JSTY, LOGG



### C.4.6 TH-UAPS: Unauthorized access to product assets via unprotected local software access in default configuration



Attacker may use unprotected debug or management interfaces to get unauthorized access to product assets via local software access in the default configuration of the product.



| Risk factors                                    | Likelihood | Security profiles                |

|-------------------------------------------------|------------|----------------------------------|

| max(NUSR, SWMD) = 0                             | Low        | LR, IoT-\*,                      |

| all others                                      | Medium     | RO-1, OT-1, WE-1                 |

| max(NUSR, SWMD) = 2 & max(SNDS, SNDT, SENF) = 2 | High       | MOB-1, PC-\*, LA-\*, PS-1, SE-\* |



| Risk factors              | Impact | Security profiles                                  |

|---------------------------|--------|----------------------------------------------------|

| max(SNDS, SNDT, SENF) = 0 | Low    | LR, IoT-1                                          |

| max(SNDS, SNDT, SENF) = 1 | Medium | IoT-2, IoT-3                                       |

| max(SNDS, SNDT, SENF) = 2 | High   | RO-1, OT-1, MOB-1, WE-1, PC-\*, LA-\*, PS-1, SE-\* |



Requirements that mitigate this threat: SDEF, AUTH, LMAS, LOGG



Mitigations for Likelihood:



* Medium to Low: PDDI-1, AUTH



* High to Low: ADEF, PDDI-3, AUTH



Mitigations for Impact:



* Medium to Low: LOGG



* High to Low: JSTY, LOGG



### C.4.7 TH-UAPN: Unauthorized access to product assets via unprotected network interfaces in default configuration



Attacker may use unprotected debug or management interfaces to get unauthorized access to product assets via the network in the default configuration of the product.



| Risk factors                                    | Likelihood | Security profiles                                  |

|-------------------------------------------------|------------|----------------------------------------------------|

| max(FNET, TNET) = 0                             | Low        | LR, IoT-1                                          |

| all others                                      | Medium     | IoT-2, IoT-3                                       |

| max(FNET, TNET) > 0 & max(SNDS, SNDT, SENF) = 2 | High       | RO-1, OT-1, MOB-1, WE-1, PC-\*, LA-\*, PS-1, SE-\* |



| Risk factors              | Impact | Security profiles                                  |

|---------------------------|--------|----------------------------------------------------|

| max(SNDS, SNDT, SENF) = 0 | Low    | LR, IoT-1                                          |

| max(SNDS, SNDT, SENF) = 1 | Medium | IoT-2, IoT-3                                       |

| max(SNDS, SNDT, SENF) = 2 | High   | RO-1, OT-1, MOB-1, WE-1, PC-\*, LA-\*, PS-1, SE-\* |



Requirements that mitigate this threat: SDEF, AUTH, LMAS, LOGG



Mitigations for Likelihood:



* Medium to Low: PDDI-1, AUTH



* High to Low: ADEF, PDDI-4, AUTH



Mitigations for Impact:



* Medium to Low: LOGG



* High to Low: CDST, DJST, LOGG

* High to Low: JSTY, LOGG



### C.4.6 TH-UADT: Unauthorized access to confidential data transmitted

### C.4.9 TH-UADT: Unauthorized access to confidential data transmitted



Attacker may use network access to get unauthorized access to confidential data transmitted by the product.
@@ -1919,7 +1979,7 @@ Mitigations for Impact: 


* High to Low: DJST



### C.4.7 TH-PDOS: Denial of service attack on product functions via user or network access

### C.4.10 TH-PDOS: Denial of service attack on product functions via user or network access



Attacker may use user or network access for a denial-of-service attack on product functions.
@@ -1949,7 +2009,7 @@ Mitigations for Impact: 


* High to Low: AVNT, WDOG, FDRP, LMEM, FAIR, LOGG



### C.4.8 TH-DDOS: Denial of service attack on other products via exploitation of vulnerabilities or unauthorized use of product functions

### C.4.11 TH-DDOS: Denial of service attack on other products via exploitation of vulnerabilities or unauthorized use of product functions



Attacker may use the network to exploit vulnerabilities in the product to attack other products.
@@ -1977,7 +2037,7 @@ Mitigations for Impact: 


* High to Low: MDOC or (MNET, MAMP)



### C.4.9 TH-MQSE: Masquerading authorized server

### C.4.12 TH-MQSE: Masquerading authorized server



Attacker may masquerade as an authorized server to get unauthorized access to product assets.
@@ -2007,7 +2067,7 @@ Mitigations for Impact: 


* High to Low: LOGG



### C.4.10 TH-LEAK: Data leak through side channels

### C.4.13 TH-LEAK: Data leak through side channels



Attacker may use the ability to run arbitrary software on the product to get unauthorized read access to confidential data.
@@ -2048,17 +2108,17 @@ Mitigations for Impact: 
| **UC-IoT-2** | 0    | 0    | 1    | 0    | 1    | 1    | 0    | 0    | 1    | 0    | 0    | 0    | 0    | 1    | 1    | 1    | 2    | 2    | 11    |

| **UC-IoT-3** | 0    | 0    | 1    | 0    | 1    | 1    | 1    | 0    | 2    | 0    | 1    | 0    | 0    | 1    | 1    | 1    | 2    | 2    | 14    |

| **UC-RO-1**  | 0    | 0    | 1    | 0    | 1    | 2    | 2    | 0    | 2    | 0    | 0    | 0    | 0    | 2    | 2    | 2    | 1    | 2    | 17    |

| **UC-OT-1**  | 0    | 0    | 0    | 0    | 1    | 1    | 2    | 2    | 1    | 0    | 0    | 0    | 0    | 1    | 1    | 1    | 0    | 2    | 12    |

| **UC-OT-1**  | 0    | 0    | 0    | 0    | 1    | 1    | 2    | 2    | 1    | 0    | 0    | 0    | 0    | 1    | 1    | 2    | 0    | 2    | 13    |

| **UC-MOB-1** | 1    | 1    | 2    | 2    | 2    | 2    | 2    | 2    | 2    | 2    | 0    | 2    | 2    | 2    | 1    | 2    | 2    | 2    | 31    |

| **UC-WE-1**  | 0    | 0    | 1    | 1    | 2    | 1    | 0    | 1    | 2    | 1    | 0    | 1    | 0    | 1    | 0    | 0    | 2    | 1    | 14    |

| **UC-WE-1**  | 0    | 0    | 1    | 1    | 2    | 1    | 0    | 1    | 2    | 1    | 0    | 1    | 0    | 1    | 0    | 1    | 2    | 1    | 15    |

| **UC-PC-1**  | 1    | 1    | 2    | 1    | 2    | 2    | 1    | 0    | 2    | 0    | 2    | 2    | 1    | 2    | 1    | 2    | 2    | 2    | 26    |

| **UC-PC-2**  | 1    | 1    | 2    | 1    | 2    | 2    | 2    | 0    | 2    | 0    | 2    | 2    | 1    | 2    | 1    | 2    | 1    | 2    | 26    |

| **UC-LA-1**  | 1    | 1    | 2    | 1    | 2    | 2    | 1    | 1    | 2    | 1    | 1    | 2    | 2    | 2    | 1    | 2    | 2    | 2    | 28    |

| **UC-LA-2**  | 1    | 1    | 2    | 1    | 2    | 2    | 2    | 1    | 2    | 1    | 1    | 2    | 2    | 2    | 1    | 2    | 1    | 2    | 28    |

| **UC-PS-1**  | 2    | 2    | 2    | 0    | 2    | 2    | 1    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 2    | 1    | 1    | 2    | 25    |

| **UC-SE-1**  | 1    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 1    | 1    | 0    | 2    | 22    |

| **UC-SE-2**  | 2    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 1    | 1    | 0    | 2    | 23    |

| **UC-SE-3**  | 2    | 2    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 2    | 1    | 0    | 2    | 25    |

| **UC-PS-1**  | 2    | 2    | 2    | 0    | 2    | 2    | 1    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 2    | 2    | 1    | 2    | 26    |

| **UC-SE-1**  | 1    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 1    | 2    | 0    | 2    | 23    |

| **UC-SE-2**  | 2    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 1    | 2    | 0    | 2    | 24    |

| **UC-SE-3**  | 2    | 2    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 2    | 2    | 0    | 2    | 26    |



## C.6 Security profiles and security assurance levels
@@ -2077,17 +2137,17 @@ Security profiles are associated with sets of risk factor levels. Each security 
| **SP-IoT-2** | 0    | 0    | 1    | 0    | 1    | 1    | 0    | 0    | 1    | 0    | 0    | 0    | 0    | 1    | 1    | 1    | 2    | 2    | 11    |

| **SP-IoT-3** | 0    | 0    | 1    | 0    | 1    | 1    | 1    | 0    | 2    | 0    | 1    | 0    | 0    | 1    | 1    | 1    | 2    | 2    | 14    |

| **SP-RO-1**  | 0    | 0    | 1    | 0    | 1    | 2    | 2    | 0    | 2    | 0    | 0    | 0    | 0    | 2    | 2    | 2    | 1    | 2    | 17    |

| **SP-OT-1**  | 0    | 0    | 0    | 0    | 1    | 1    | 2    | 2    | 1    | 0    | 0    | 0    | 0    | 1    | 1    | 1    | 0    | 2    | 12    |

| **SP-OT-1**  | 0    | 0    | 0    | 0    | 1    | 1    | 2    | 2    | 1    | 0    | 0    | 0    | 0    | 1    | 1    | 2    | 0    | 2    | 13    |

| **SP-MOB-1** | 1    | 1    | 2    | 2    | 2    | 2    | 2    | 2    | 2    | 2    | 0    | 2    | 2    | 2    | 1    | 2    | 2    | 2    | 31    |

| **SP-WE-1**  | 0    | 0    | 1    | 1    | 2    | 1    | 0    | 1    | 2    | 1    | 0    | 1    | 0    | 1    | 0    | 0    | 2    | 1    | 14    |

| **SP-WE-1**  | 0    | 0    | 1    | 1    | 2    | 1    | 0    | 1    | 2    | 1    | 0    | 1    | 0    | 1    | 0    | 1    | 2    | 1    | 15    |

| **SP-PC-1**  | 1    | 1    | 2    | 1    | 2    | 2    | 1    | 0    | 2    | 0    | 2    | 2    | 1    | 2    | 1    | 2    | 2    | 2    | 26    |

| **SP-PC-2**  | 1    | 1    | 2    | 1    | 2    | 2    | 2    | 0    | 2    | 0    | 2    | 2    | 1    | 2    | 1    | 2    | 1    | 2    | 26    |

| **SP-LA-1**  | 1    | 1    | 2    | 1    | 2    | 2    | 1    | 1    | 2    | 1    | 1    | 2    | 2    | 2    | 1    | 2    | 2    | 2    | 28    |

| **SP-LA-2**  | 1    | 1    | 2    | 1    | 2    | 2    | 2    | 1    | 2    | 1    | 1    | 2    | 2    | 2    | 1    | 2    | 1    | 2    | 28    |

| **SP-PS-1**  | 2    | 2    | 2    | 0    | 2    | 2    | 1    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 2    | 1    | 1    | 2    | 25    |

| **SP-SE-1**  | 1    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 1    | 1    | 0    | 2    | 22    |

| **SP-SE-2**  | 2    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 1    | 1    | 0    | 2    | 23    |

| **SP-SE-3**  | 2    | 2    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 2    | 1    | 0    | 2    | 25    |

| **SP-PS-1**  | 2    | 2    | 2    | 0    | 2    | 2    | 1    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 2    | 2    | 1    | 2    | 26    |

| **SP-SE-1**  | 1    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 1    | 2    | 0    | 2    | 23    |

| **SP-SE-2**  | 2    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 1    | 2    | 0    | 2    | 24    |

| **SP-SE-3**  | 2    | 2    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 2    | 2    | 0    | 2    | 26    |



### C.6.3 Security assurance levels
@@ -2109,17 +2169,17 @@ Security assurance levels are informed by but not determined by the risk factor 
| **SP-IoT-2**     | Internet-enabled power switch                                          | 11       | MED  |

| **SP-IoT-3**     | Internet-connected "smart home" device                                 | 14       | MED  |

| **SP-RO-1**      | Consumer-grade home wireless router                                    | 17       | MED  |

| **SP-OT-1**      | Business-grade remote door locking system                              | 12       | MED  |

| **SP-OT-1**      | Business-grade remote door locking system                              | 13       | MED  |

| **SP-MOB-1**     | Personal mobile device                                                 | 31       | HIGH |

| **SP-WE-1**      | Wearable health tracker                                                | 14       | MED  |

| **SP-WE-1**      | Wearable health tracker                                                | 15       | MED  |

| **SP-PC-1**      | Personal computer in a fixed and generally safe location               | 26       | MED  |

| **SP-PC-2**      | Enterprise workstation in a fixed and generally safe location          | 26       | MED  |

| **SP-LA-1**      | Personal laptop                                                        | 28       | HIGH |

| **SP-LA-2**      | Enterprise laptop                                                      | 28       | HIGH |

| **SP-PS-1**      | Personal server                                                        | 25       | MED  |

| **SP-SE-1**      | Enterprise server in a datacenter with no user accounts                | 22       | MED  |

| **SP-SE-2**      | Enterprise server in a datacenter with only trusted user accounts      | 23       | MED  |

| **SP-SE-3**      | Enterprise server in a datacenter hosting many untrusted user accounts | 25       | MED  |

| **SP-PS-1**      | Personal server                                                        | 26       | MED  |

| **SP-SE-1**      | Enterprise server in a datacenter with no user accounts                | 23       | MED  |

| **SP-SE-2**      | Enterprise server in a datacenter with only trusted user accounts      | 24       | MED  |

| **SP-SE-3**      | Enterprise server in a datacenter hosting many untrusted user accounts | 26       | MED  |



# Annex D (informative): Risk evaluation guidance