Completed list of threats from EMB3D with references (2547aa6c) · Commits · STAN4CRA / EN 304 626 Operating Systems

EN-304-626.md

+49 −18

Original line number	Diff line number	Diff line
		@@ -950,18 +950,25 @@ and authenticated

		From [MITRE EMB3D](https://emb3d.mitre.org/):


		Hardware:
		(Hardware-related threats that can have mitigations in software)
		+ [TID-101](https://emb3d.mitre.org/threats/TID-101.html): Power Consumption Analysis Side Channel
		* [TID-101](https://emb3d.mitre.org/threats/TID-101.html): Power Consumption Analysis Side Channel
		* [TID-102](https://emb3d.mitre.org/threats/TID-102.html): Electromagnetic Analysis Side Channel
		* [TID-103](https://emb3d.mitre.org/threats/TID-103.html): Microarchitectural Side Channels
		* [TID-105](https://emb3d.mitre.org/threats/TID-105.html): Hardware Fault Injection – Control Flow Modification
		* [TID-106](https://emb3d.mitre.org/threats/TID-106.html): Data Bus Interception
		* [TID-107](https://emb3d.mitre.org/threats/TID-107.html): Unauthorized Direct Memory Access (DMA)
		* [TID-108](https://emb3d.mitre.org/threats/TID-108.html): ROM/NVRAM Data Extraction or Modification
		* [TID-109](https://emb3d.mitre.org/threats/TID-109.html): RAM Chip Contents Readout
		* [TID-110](https://emb3d.mitre.org/threats/TID-110.html): Hardware Fault Injection – Data Manipulation
		* [TID-111](https://emb3d.mitre.org/threats/TID-111.html): Untrusted External Storage
		* [TID-113](https://emb3d.mitre.org/threats/TID-113.html): Unverified Peripheral Firmware Loaded
		* [TID-114](https://emb3d.mitre.org/threats/TID-114.html): Peripheral Data Bus Interception
		* [TID-115](https://emb3d.mitre.org/threats/TID-115.html): Firmware/Data Extraction via Hardware Interface
		* [TID-116](https://emb3d.mitre.org/threats/TID-116.html): Latent Privileged Access Port
		* [TID-118](https://emb3d.mitre.org/threats/TID-118.html): Weak Peripheral Port Electrical Damage Protection
		* [TID-119](https://emb3d.mitre.org/threats/TID-119.html): Latent Hardware Debug Port Allows Memory/Code Manipulation

		System Software
		System Software:
		* [TID-201](https://emb3d.mitre.org/threats/TID-201.html): Inadequate Bootloader Protection and Verification
		* [TID-202](https://emb3d.mitre.org/threats/TID-202.html): Exploitable System Network Stack Component
		* [TID-203](https://emb3d.mitre.org/threats/TID-203.html): Malicious OS Kernel Driver/Module Installable
		@@ -971,48 +978,72 @@ System Software
		* [TID-207](https://emb3d.mitre.org/threats/TID-207.html): Container Escape
		* [TID-208](https://emb3d.mitre.org/threats/TID-208.html): Virtual Machine Escape
		* [TID-209](https://emb3d.mitre.org/threats/TID-209.html): Host Can Manipulate Guest Virtual Machines

		(not relevant if we assume patching capabilities?)
		* [TID-210](https://emb3d.mitre.org/threats/TID-210.html): Device Vulnerabilities Unpatchable

		(to what extend is secure FW update and software only bootloader OSes responsibility?)
		* [TID-211](https://emb3d.mitre.org/threats/TID-211.html): Device Allows Unauthenticated Firmware Installation
		* [TID-212](https://emb3d.mitre.org/threats/TID-212.html): FW/SW Update Integrity Shared Secrets Extraction
		* [TID-213](https://emb3d.mitre.org/threats/TID-213.html): Faulty FW/SW Update Integrity Verification
		* [TID-214](https://emb3d.mitre.org/threats/TID-214.html): Secrets Extracted from Device Root of Trust
		* [TID-215](https://emb3d.mitre.org/threats/TID-215.html): Unencrypted SW/FW Updates
		* [TID-216](https://emb3d.mitre.org/threats/TID-216.html): Firmware Update Rollbacks Allowed (?)
		* [TID-216](https://emb3d.mitre.org/threats/TID-216.html): Firmware Update Rollbacks Allowed
		* [TID-217](https://emb3d.mitre.org/threats/TID-217.html): Remotely Initiated Updates Can Cause DoS
		* [TID-218](https://emb3d.mitre.org/threats/TID-218.html): Operating System Susceptible to Rootkit
		* [TID-219](https://emb3d.mitre.org/threats/TID-219.html): OS/Kernel Privilege Escalation
		* [TID-220](https://emb3d.mitre.org/threats/TID-220.html): Unpatchable Hardware Root of Trust
		* [TID-221](https://emb3d.mitre.org/threats/TID-221.html): Authentication Bypass By Message Replay
		* [TID-222](https://emb3d.mitre.org/threats/TID-222.html): Critical System Service May Be Disabled
		* [TID-223](https://emb3d.mitre.org/threats/TID-223.html): System Susceptible to RAM Scraping (?)
		* [TID-223](https://emb3d.mitre.org/threats/TID-223.html): System Susceptible to RAM Scraping
		* [TID-224](https://emb3d.mitre.org/threats/TID-224.html): Excessive Access via Software Diagnostic Features
		* [TID-225](https://emb3d.mitre.org/threats/TID-225.html): Logs can be manipulated on the device
		* [TID-226](https://emb3d.mitre.org/threats/TID-226.html): Device leaks security information in logs


		Application Level
		Application Software:
		* [TID-301](https://emb3d.mitre.org/threats/TID-301.html): Applications Binaries Modified
		* [TID-302](https://emb3d.mitre.org/threats/TID-302.html): Install Untrusted Application
		* [TID-303](https://emb3d.mitre.org/threats/TID-303.html): Excessive Trust in Offboard Management/IDE Software (not sure if this is relevant to OS in general)
		* [TID-303](https://emb3d.mitre.org/threats/TID-303.html): Excessive Trust in Offboard Management/IDE Software
		* [TID-304](https://emb3d.mitre.org/threats/TID-304.html): Manipulate Runtime Environment
		* [TID-305](https://emb3d.mitre.org/threats/TID-305.html): Program Executes Dangerous System Calls
		* [TID-306](https://emb3d.mitre.org/threats/TID-306.html): Sandboxed Environments Escaped

		(the following require "Device includes support for "program uploads" to retrieve programs from the device from an engineering workstation")
		* [TID-307](https://emb3d.mitre.org/threats/TID-307.html): Device Code Representations Inconsistent (quite a specific case)
		* [TID-307](https://emb3d.mitre.org/threats/TID-307.html): Device Code Representations Inconsistent
		* [TID-308](https://emb3d.mitre.org/threats/TID-308.html): Code Overwritten to Avoid Detection
		* [TID-309](https://emb3d.mitre.org/threats/TID-309.html): Device Exploits Engineering Workstation
		* [TID-310](https://emb3d.mitre.org/threats/TID-310.html): Remotely Accessible Unauthenticated Services
		* [TID-311](https://emb3d.mitre.org/threats/TID-311.html): Default Credentials
		* [TID-312](https://emb3d.mitre.org/threats/TID-312.html): Credential Change Mechanism Can Be Abused
		* [TID-313](https://emb3d.mitre.org/threats/TID-313.html): Unauthenticated Session Changes Credential
		* ...
		* [TID-314](https://emb3d.mitre.org/threats/TID-314.html): Passwords Can Be Guessed Using Brute-Force Attempts
		* [TID-315](https://emb3d.mitre.org/threats/TID-315.html): Password Retrieval Mechanism Abused
		* [TID-316](https://emb3d.mitre.org/threats/TID-316.html): Incorrect Certificate Verification Allows Authentication Bypass
		* [TID-317](https://emb3d.mitre.org/threats/TID-317.html): Predictable Cryptographic Key
		* [TID-318](https://emb3d.mitre.org/threats/TID-318.html): Insecure Cryptographic Implementation
		* [TID-319](https://emb3d.mitre.org/threats/TID-319.html): Cross Site Scripting (XSS)
		* [TID-320](https://emb3d.mitre.org/threats/TID-320.html): SQL Injection
		* [TID-321](https://emb3d.mitre.org/threats/TID-321.html): HTTP Application Session Hijacking
		* [TID-322](https://emb3d.mitre.org/threats/TID-322.html): Cross Site Request Forgery (CSRF)
		* [TID-323](https://emb3d.mitre.org/threats/TID-323.html): Path Traversal
		* [TID-324](https://emb3d.mitre.org/threats/TID-324.html): HTTP Direct Object Reference
		* [TID-325](https://emb3d.mitre.org/threats/TID-325.html): HTTP Injection/Response Splitting
		* [TID-326](https://emb3d.mitre.org/threats/TID-326.html): Insecure Deserialization
		* [TID-327](https://emb3d.mitre.org/threats/TID-327.html): Out of Bounds Memory Access
		* [TID-328](https://emb3d.mitre.org/threats/TID-328.html): Hardcoded Credentials
		* [TID-329](https://emb3d.mitre.org/threats/TID-329.html): Improper Password Storage
		* [TID-330](https://emb3d.mitre.org/threats/TID-330.html): Cryptographic Timing Side-Channel

		Networking:
		* [TID-401](https://emb3d.mitre.org/threats/TID-401.html): Undocumented Protocol Features
		* [TID-404](https://emb3d.mitre.org/threats/TID-404.html): Remotely Triggerable Deadlock/DoS
		* [TID-405](https://emb3d.mitre.org/threats/TID-405.html): Network Stack Resource Exhaustion
		* [TID-406](https://emb3d.mitre.org/threats/TID-406.html): Unauthorized Messages or Connections
		* [TID-407](https://emb3d.mitre.org/threats/TID-407.html): Missing Message Replay Protection
		* [TID-408](https://emb3d.mitre.org/threats/TID-408.html): Unencrypted Sensitive Data Communication
		* [TID-410](https://emb3d.mitre.org/threats/TID-410.html): Cryptographic Protocol Side Channel
		* [TID-411](https://emb3d.mitre.org/threats/TID-411.html): Weak/Insecure Cryptographic Protocol
		* [TID-412](https://emb3d.mitre.org/threats/TID-412.html): Network Routing Capability Abuse

		Baseband OS running on the baseband processor on most smartphones is a special case: Usually it has DMA write access to the user-facing OS (Android), on the application procesor and the user-facing OS can't protect itself against that.

		Anything can run with elevated privileges if root runs it... is there a mitigation here?

		> FIXME list more threats
		<mark> FIXME list more threats (e.g. other sources) </mark>

		## C.3 Assumptions