@@ -210,7 +210,7 @@ Usermode "operating systems" are applications simulating an operating system in
Boot managers have the primary purpose of initializing the hardware after power on or reset with the goal of choosing, loading, and/or transferring execution to an operating system or other program. While many boot managers provide some or all of the services of an operating system (or are literally operating systems adapted for use as a boot manager), they are designed and intended primarily to transfer control to an operating system or other program, rather than continuously operate and provide services.
Firmware running on a device is an operating system if its core function is to abstract the hardware platform and control the execution of software that uses services it provides. Otherwise it is special purpose device-specific firmware.
FIXME: make this more specific. Firmware running on a device is an operating system if its core function is to abstract the hardware platform and control the execution of software that uses services it provides. Otherwise it is special purpose device-specific firmware.
Device drivers are generally included in the security-relevant parts of an operating system. However, the manufacturer of the operating system is only responsible for device drivers included in the operating system.
@@ -289,7 +289,15 @@ ISO/IEC 15408).
**Sensitive Data:** Sensitive data may include all user or enterprise data or may be specific application data such as PII, emails, messaging, documents, calendar items, and contacts. Sensitive data must minimally include credentials and keys.
**Data Execution Prevention:** An anti-exploitation feature of modern operating systems executing on modern computer hardware, which enforces a non-execute permission on pages of memory. This prevents pages of memory from containing both data and instructions, which makes it more difficult for an attacker to introduce and execute code.
**Data Execution Prevention:** An anti-exploitation feature of modern operating systems executing on modern computer hardware, which enforces a non-execute permission on pages of memory that are not code. This prevents pages of memory from containing both data and instructions, which makes it more difficult for an attacker to introduce and execute code.
FIXME add "non-writable executable memory" i.e. W^X
FIXME add "Attack Surface" i.e. reduce the attack surface of the system call interface...
FIXME add "Principle of Least Privilege"
FIXME add "Threat Actor"
**Credential:** Data that establishes the identity of a user, e.g. a cryptographic key or password.
@@ -583,7 +591,7 @@ Note: "account" refers to a user in the operating systems sense: a unique system
**[RF-NUSR]:** Manufacturers of operating systems which are intended to store personal data, including user login data, shall account for the risk to such data in the risk calculation and ensure that appropriate protections are available. System-level users (such as root) do not count towards this risk.
* NUSR-0: the operating system is designed not to allow end-users to authenticate
* NUSR-1: the operating system is designed to only allow one end-user to authenticate; to switch users, the device must be reset
* NUSR-1: the operating system is designed to only allow one end-user to authenticate; to switch users, the user must factory reset the device FIXME is this correct?
* NUSR-2: the operating system is designed to allow for more than one end-user account
