Commit 50c5f1ec authored by Valerie Aurora (Bow Shock)'s avatar Valerie Aurora (Bow Shock)
Browse files

Split "justify yourself" TR into documentaiton and scanning

parent e69b9e04

EN-304-626.md

+21 −14
Original line number Diff line number Diff line
@@ -1251,40 +1251,47 @@ Use case: Every product that has multiple user privilege levels? 


### 5.2.X **TR-MINI**: Minimize exposed interfaces



#### 5.2.X.1 Example threat

The manufacturer shall minimize exposed interfaces to the product.



#### 5.2.X.x **MI-DOEI**: Document exposed interfaces



An interface unnecessary for the default functioning of the product is exposed and has a vulnerability.

The manufacturer shall document all exposed interfaces on the product. If any initial configuration is necessary to use the product, the interfaces shall include both those available before the initial configuration and those available after initial configuraiton in compliance with the default secure configuration options. The manufacturer shall document the functioning of each element of each interface and why its availability is necessary for the default functioning of the product.



#### 5.2.X.x **MI-DIDO**: Disable unnecessary interfaces and document remaining interfaces

#### 5.2.X.x **MI-MIIC**: Minimize exposed interfaces before initial configuration



Use case: Above a certain level of risk

If the product requires initial configuration before use, the manufacturer shall implement measures to minimize exposed interfaces on the product before its initial configuration to those necessary for the secure initial configuration of the product.



* Mitigation: Disable interfaces that are unnecessary for default state of product

* Test: Compare available interfaces to documentation, completely enumerating all reachable privilege boundries via:

* Test: On the product before any configuration is carried out, completely enumerate all reachable privilege boundaries via:

  * network ports

  * system calls

  * handle based interfaces (e.g. /dev, /sys, /proc)

  * shared memory regions (e.g. GPU, MMIO)

  * FIXME more

* Result: No undocumented interfaces are found

* Result: All interfaces are found in the documentation produced for MI-DOEI

* Output: List of interfaces found by tests

* Documentation: List all enabled interfaces, document each element, and explain why each is necessary for the default function of the product



FIXME: separate MI for minimum process privileges?

#### 5.2.X.x **MI-MIEI**: Minimize exposed interfaces



> Copy-n-paste mitigation format

The manufacturer shall implement measures to minimize exposed interfaces on the product to those necessary for the default use of the product, after any necessary initial configuration in compliance with the default secure configuration options.



### 5.2.X **TR-XXXX**:

* Test: After initial configuraiton in compliance with the default secure configuration options is carried out if applicable, completely enumerate all reachable privilege boundaries the process in MI-MIIC

* Result: All interfaces are found in the documentation produced for MI-DOEI

* Output: List of interfaces found by tests



#### 5.2.X.1 Example threat

FIXME: separate MI for minimum process privileges?



#### 5.2.X.x Mapping of mitigations to security profiles



All security profiles must implement MI-DOEI and MI-MIEI. If initial configuration is required to use the product, then all security profiles must implement MI-MIIC.



> Copy-n-paste mitigation format



### 5.2.X **TR-XXXX**:



#### 5.2.X.x **MI-XXXX**:



Use case:

_Description of mitigation in "shall" format_



* Mitigation:

* Test:

* Result:

* Output: