@@ -1887,37 +1887,25 @@ _List any related ETSI standards and how they interact with the present document
> Example threats can be found in the same documents suggested in the section on security requirements.
From BSI Common Criteria Protection Profile:
**[TH-USDA]:** An attacker may read or modify data without proper authorization while stored or in transmission.
TSF = Target of evaluation Security Function
**[TH-DATA]:** An attacker may read or modify data without proper authorization while being processed, stored, or transmitted by the operating system.
T.ACCESS.TSFDATA: A threat agent might read or modify TSF data without the necessary
authorization when the data is stored or transmitted.
**[TH-FUNC]:** An attacker may use or modify functions of the operating system without proper authorization.
T.ACCESS.USERDATA: A threat agent might gain access to user data stored, processed or
transmitted by the TOE without being appropriately authorized
according to the TOE security policy.
**[TH-TRCH]:** An attacker may access or intercept the establishment of a communication channel over a network with a trusted system without proper authorization, or masquerade as a trusted system during the establishment.
T.ACCESS.TSFFUNC: A threat agent might use or modify functionality of the TSF without
the necessary privilege to grant itself or others unauthorized access to
TSF data or user data.
**[TH-NETA]:** An attacker may transmit or access data over the network without proper authorization.
T.ACCESS.COMM: A threat agent might access a communication channel that establishes
a trust relationship between the TOE and another remote trusted IT
system or masquerade as another remote trusted IT system.
**[TH-MASQ]:** An attacker may masquerade as the operating system itself to access data in remote systems without proper authorization.
T.RESTRICT.NETTRAFFIC: A threat agent might get access to information or transmit information
to other recipients via network communication channels without
authorization for this communication attempt by the information flow
control policy.
**[TH-DOSE]:** An attacker may prevent the performance of the essential functions of the operating system by overloading system resources.
T.IA.MASQUERADE: A threat agent might masquerade as an authorized entity including the
TOE itself or a part of the TOE in order to gain unauthorized access to
user data, TSF data, or TOE resources.
**[TH-DOSA]:** An attacker may use the unauthorized access to the operating system to prevent the performance of the essential functions of other devices.
T.IA.USER: A threat agent might gain access to user data, TSF data or TOE
resources with the exception of public objects without being identified
and authenticated
**[TH-CONF]:** An attacker may read or modify configuration data of the operating system without proper authorization.
**[TH-UPDA]:** An attacker may cause unauthorized software updates to be installed or prevent authorized software updates.
Baseband OS running on the baseband processor on most smartphones is a special case: Usually it has DMA write access to the user-facing OS (Android), on the application procesor and the user-facing OS can't protect itself against that.
Anything can run with elevated privileges if root runs it... is there a mitigation here?
<mark> FIXME list more threats (e.g. other sources) </mark>
## C.3 Assumptions
> List assumptions that are relevant to the risk analysis for these threats. Everything is hackable if you try hard enough. What kinds of threats are in and out of scope? What are you assuming is the sophistication of attack? Relate to use cases.
