@@ -965,6 +965,8 @@ All warnings, annotations, or other method of suppressing warnings from the anal
#### 5.2.X.x **MI-KSEP**: Separation of operating systems memory from user account memory
The manufacturer shall implement all preceding mitigations for this requirement.
The manufacturer shall implement mechanisms to prevent unauthorized access to security-relevant parts of the operating system memory by unauthorized users or subsystems of the operating systems.
* Test: from a user account, attempt to read, modify, and execute security-relevant parts of operating system memory that the user is not authorized to access
@@ -975,6 +977,8 @@ FIXME should have separate requirement for privileged user still not being able
#### 5.2.X.x **MI-USEP**: Separation of memory by user account
The manufacturer shall implement all preceding mitigations for this requirement.
The manufacturer shall use user identifiers, discretionary access control, or mandatory access control to prevent access of the private in-memory data owned by one user account by different user account.
* Test: with the privileges of one user, attempt to read, modify, and execute process memory owned by another user
@@ -983,6 +987,8 @@ The manufacturer shall use user identifiers, discretionary access control, or ma
The manufacturer shall implement all preceding mitigations for this requirement.
The manufacturer shall implement mechanisms to reject a user account from logging in if a different user account is already logged in.
* Test: with one user logged in, attempt to log in as a second user
@@ -991,6 +997,8 @@ The manufacturer shall implement mechanisms to reject a user account from loggin
#### 5.2.X.x **MI-SPEX** Prevent memory leaks through microarchitectural side channels
The manufacturer shall implement all preceding mitigations for this requirement.
The manufacturer shall implement mechanisms to prevent leaking of memory data to unauthorized user through microarchitectural side channels via the observing the time of cache access for the operations:
* branch prediction
@@ -1002,9 +1010,19 @@ The manufacturer shall implement mechanisms to prevent leaking of memory data to
* Result: there is no difference reliable enough to deduce the contents of a memory address
* Output: the times measured by the tests
### 5.2.X **TR-OOBM**: Out-of-bounds memory access prevention or mitigation
#### 5.2.X.x Mapping of mitigations to security profiles
| Mitigation | Use cases that it satisfies |
|------------|-----------------------------|
| SSCA | IoT-\* |
| KSEP | OT-\*, FI-1 |
| USEP | PC-1, LA-1 |
| UCON | MOB-1, WE-1, ST-1 |
| SPEX | PC-2, LA-2, IF-1, FI-2 |
### 5.2.X **TR-KOBM**: Kernel out-of-bounds memory access prevention or mitigation
FIXME: should all of this be required for executables running with elevated privileges?
FIXME: also require of all security-relevant parts of userspace where applicable
