@@ -777,16 +777,12 @@ _Table mapping technical security requirements from Section 5 of the present doc
### C.1.1 Data
_What data is stored on the product?_
* User documents
* Credentials
* Financial information
* Personal data of all kinds
* Games
* Business data
<mark> FIXME more kinds of data </mark>
* Logs
* Secrets/credentials
* Executables (kernel, apps, libraries, etc.)
* Configuration
* Firmware images
* User data
### C.1.2 Product functions
@@ -817,6 +813,24 @@ T.LIMITED PHYSICAL ACCESS An attacker may attempt to access data on the OS while
_List assumptions that are relevant to the risk analysis for these threats. Everything is hackable if you try hard enough. What kinds of threats are in and out of scope? What are you assuming is the sophistication of attack? Relate to use cases._
* Proper platform
***Rationale:** An operating system requires a trustworthy platform to perform its functions.
* [A-PP-L-1]: The platform is assumed to be trustworthy.
* [A-PP-L-2]: The platform provides methods to check for corruption or malfunction in itself.
* [A-PP-L-3]: The platform provides methods to use a trusted part of the platform to authenticate and verify other parts of the platform and the software running on it.
* Proper administrator
***Rationale:** An operating system requires effective administration to perform its functions.
* [A-PA-L-1]: The administrator is assumed to be trustworthy.
* [A-PA-L-2]: The administrator is limited to protect against accidental misconfiguration.
* [A-PA-L-3]: The administrator is severely limited to protect against intentional misconfiguration.
* Proper user
<mark> FIXME where does trusted/untrusted hardware devices go? External/internal interfaces, what can the operating system protect against, what can be accessed with a limited time access by attacker? </mark>
* Not being attacked by a state actor
* Not using sophisticated or expensive hardware snooping techniques
