Convert MISO mitigation mapping table to better format (71ed12f6) · Commits · STAN4CRA / EN 304 626 Operating Systems

EN-304-626.md

+19 −21

Original line number	Diff line number	Diff line
		@@ -1131,27 +1131,25 @@ The product shall enable Address Space Layout Randomization (ASLR) by default fo

		Mitigations satisfy technical requirements only under when they mitigate the relevant risks appropriately. Risk factors are used to determine this. The below table shows which mitigations are appropriate to which use cases or security profiles based on the risk factors determined in the risk assessment.

		\| Mitigation \| Satisfies TR if risk factors are \|
		\|------------\|----------------------------------\|
		\| None \| All risk factors are 0 \|
		\| SSCA \| CUSR = 0 & SWMD = 0 \|
		\| MMAC \| CUSR <= 2 & SWMD <= 2 \|
		\| CCON \| CUSR <= 1 \|
		\| UCON \| CUSR <= 1 \|
		\| TRMD \| ADMN <= 1 \|
		\| PMSC \| any \|

		FIXME change the above mapping to be based on a combination of likelihood and impact

		FIXME add MMAC being okay with CUSR 3 and low impact

		\| Mitigation \| Satisfies TR for these security profiles \|
		\|------------\|--------------------------------------------\|
		\| None \| LR \|
		\| SSCA \| IoT-\, OT-\ \|
		\| MMAC \| WE-1, ST-1, PC-\* LA-\, SE-1, SE-2, IF-\ \|
		\| UCON \| MOB-\* \|
		\| PMSC \| SE-3 \|
		\| Risk factors \| Requires mitigations \|
		\|---------------------\|--------------------------\|
		\| all risk factors 0 \| None \|
		\| CUSR = 0 & SWMD = 0 \| SSCA \|
		\| CUSR < 3 & SWMD < 2 \| SSCA, MMAC \|
		\| CUSR < 2 \| SSCA, MMAC, CCON or UCON \|
		\| CUSR > 2 & RT-High \| SSCA, MMAC \|
		\| CUSR > 2 & ADMN < 2 \| SSCA, MMAC, TRMD or PMSC \|
		\| CUSR > 2 & ADMN > 1 \| SSCA, MMAC, PMSC \|

		\| Security Profile \| Requires mitigations \|
		\|--------------------------------------------------\|--------------------------\|
		\| LR \| None \|
		\| IoT-\, OT-\ \| SSCA \|
		\| WE-1, ST-1, PC-\, LA-\, SE-\[1,2] IF-\, FI-\ \| SSCA, MMAC \|
		\| MOB-\* \| SSCA, MMAC, CCON or UCON \|
		\| SE-3 \| SSCA, MMAC, TRMD or PMSC \|

		> TODO: Consistency check above

		### 5.2.X TR-MSAF: Memory safety

Original line number	Diff line number	Diff line
		@@ -1131,27 +1131,25 @@ The product shall enable Address Space Layout Randomization (ASLR) by default fo

		Mitigations satisfy technical requirements only under when they mitigate the relevant risks appropriately. Risk factors are used to determine this. The below table shows which mitigations are appropriate to which use cases or security profiles based on the risk factors determined in the risk assessment.

		\| Mitigation \| Satisfies TR if risk factors are \|
		\|------------\|----------------------------------\|
		\| None \| All risk factors are 0 \|
		\| SSCA \| CUSR = 0 & SWMD = 0 \|
		\| MMAC \| CUSR <= 2 & SWMD <= 2 \|
		\| CCON \| CUSR <= 1 \|
		\| UCON \| CUSR <= 1 \|
		\| TRMD \| ADMN <= 1 \|
		\| PMSC \| any \|

		FIXME change the above mapping to be based on a combination of likelihood and impact

		FIXME add MMAC being okay with CUSR 3 and low impact

		\| Mitigation \| Satisfies TR for these security profiles \|
		\|------------\|--------------------------------------------\|
		\| None \| LR \|
		\| SSCA \| IoT-\, OT-\ \|
		\| MMAC \| WE-1, ST-1, PC-\* LA-\, SE-1, SE-2, IF-\ \|
		\| UCON \| MOB-\* \|
		\| PMSC \| SE-3 \|
		\| Risk factors \| Requires mitigations \|
		\|---------------------\|--------------------------\|
		\| all risk factors 0 \| None \|
		\| CUSR = 0 & SWMD = 0 \| SSCA \|
		\| CUSR < 3 & SWMD < 2 \| SSCA, MMAC \|
		\| CUSR < 2 \| SSCA, MMAC, CCON or UCON \|
		\| CUSR > 2 & RT-High \| SSCA, MMAC \|
		\| CUSR > 2 & ADMN < 2 \| SSCA, MMAC, TRMD or PMSC \|
		\| CUSR > 2 & ADMN > 1 \| SSCA, MMAC, PMSC \|

		\| Security Profile \| Requires mitigations \|
		\|--------------------------------------------------\|--------------------------\|
		\| LR \| None \|
		\| IoT-\, OT-\ \| SSCA \|
		\| WE-1, ST-1, PC-\, LA-\, SE-\[1,2] IF-\, FI-\ \| SSCA, MMAC \|
		\| MOB-\* \| SSCA, MMAC, CCON or UCON \|
		\| SE-3 \| SSCA, MMAC, TRMD or PMSC \|

		> TODO: Consistency check above

		### 5.2.X TR-MSAF: Memory safety