Commit 385b5152 authored by Valerie Aurora (Bow Shock)'s avatar Valerie Aurora (Bow Shock)
Browse files

Rewrite address space layout randomization requirement to new format

parent 79e5a22d

EN-304-626.md

+34 −5
Original line number Diff line number Diff line
@@ -1140,9 +1140,6 @@ The documentation provided to the user shall document the risk of microarchitect 
  * Verdict: Documentation sufficiently describes the risks and mitigations => PASS, otherwise FAIL

  * Evidence: Documentation provided with the product



#### 5.2.X.x **MI-ASLR** Address Space Layout Randomization



The product shall enable Address Space Layout Randomization (ASLR) by default for all processes to mitigate exploitation of memory corruption vulnerabilities.



#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
@@ -1168,9 +1165,41 @@ Mitigations satisfy technical requirements only under when they mitigate the rel 


> TODO: Consistency check above



### 5.2.X **TR-MSAF**: Memory safety

### 5.2.X **TR-MIME**: Mitigate memory errors



### 5.2.X.x Requirement



The product shall appropriately mitigate memory errors.



#### 5.2.X.x **MI-ASLR** Address Space Layout Randomization



The product shall enable Address Space Layout Randomization (ASLR) by default for all executables, including the kernel, if any.



  * Applicability: Platform has an MMU and product implements virtual memory



  * Reference: TR-MIME



  * Objective: Exploit mitigation



FIXME: also require of all security-relevant parts of userspace where applicable

  * Preparation: None



  * Activities: For every executable, examine the object file to determine if ALSR is enabled. For one non-kernel executable (if any) and one kernel executable (if any), run the executable twice and read the base addresses of the text, stack, heap, and shared libraries where applicable.



  * Verdict: All executables have ALSR enabled, base addresses collected for executables differ between runs => PASS, else FAIL



  * Evidence: Output of scan for ALSR enabled, base addresses collected



| Risk factors        | Requires mitigations |

|---------------------|----------------------|

| RT-High             | none                 |

| RT-Med, RT-Low      | ALSR                 |



| Security Profile     | Requires mitigations |

|----------------------|----------------------|

| FIXME list RT-High   | none                 |

| FIXME RT-Med, RT-Low | ALSR                 |



### 5.2.X **TR-MSAF**: Memory safety



Implement all relavent mitigations listed in Annex MEMORY-SAFETY-MITIGATIONS