Loading EN-304-626.md +60 −0 Original line number Diff line number Diff line Loading @@ -857,6 +857,66 @@ T.LOCAL ATTACK: An attacker may compromise applications running on the OS. The c T.LIMITED PHYSICAL ACCESS An attacker may attempt to access data on the OS while having a limited amount of time with the physical device. From BSI Common Criteria Protection Profile: T.ACCESS.TSFDATA: A threat agent might read or modify TSF data without the necessary authorization when the data is stored or transmitted. T.ACCESS.USERDATA: A threat agent might gain access to user data stored, processed or transmitted by the TOE without being appropriately authorized according to the TOE security policy. T.ACCESS.TSFFUNC: A threat agent might use or modify functionality of the TSF without the necessary privilege to grant itself or others unauthorized access to TSF data or user data. T.ACCESS.COMM: A threat agent might access a communication channel that establishes a trust relationship between the TOE and another remote trusted IT system or masquerade as another remote trusted IT system. T.RESTRICT.NETTRAFFIC: A threat agent might get access to information or transmit information to other recipients via network communication channels without authorization for this communication attempt by the information flow control policy. T.IA.MASQUERADE: A threat agent might masquerade as an authorized entity including the TOE itself or a part of the TOE in order to gain unauthorized access to user data, TSF data, or TOE resources. T.IA.USER: A threat agent might gain access to user data, TSF data or TOE resources with the exception of public objects without being identified and authenticated Additional threats (inspired by ENISA Threat Taxonomy): <mark> FIXME discuss the appropriateness of the following points </mark> <mark> FIXME categorize more clearly </mark> <mark> FIXME check if EMB3D "format" is applicable here</mark> Network-related threats * Interception of information (user data, system data) * Intercepting compromising emmission/interfering radiation/side channel * Replay communication messages * Network traffic manipulation Nefarious activity * Malicious code/software/activity * Abuse of resources * Worms/Trojans * Root kits * Elevation of privileges * Injection attacks * Spyware / deceptive adware * Rogue security software * Exploit kits * Abuse information leaks * Unauthorized installation of software * Target APTs Authentication-based threats * Brute force * Abuse of authorization <mark> FIXME list more threats </mark> ## C.3 Assumptions Loading Loading
EN-304-626.md +60 −0 Original line number Diff line number Diff line Loading @@ -857,6 +857,66 @@ T.LOCAL ATTACK: An attacker may compromise applications running on the OS. The c T.LIMITED PHYSICAL ACCESS An attacker may attempt to access data on the OS while having a limited amount of time with the physical device. From BSI Common Criteria Protection Profile: T.ACCESS.TSFDATA: A threat agent might read or modify TSF data without the necessary authorization when the data is stored or transmitted. T.ACCESS.USERDATA: A threat agent might gain access to user data stored, processed or transmitted by the TOE without being appropriately authorized according to the TOE security policy. T.ACCESS.TSFFUNC: A threat agent might use or modify functionality of the TSF without the necessary privilege to grant itself or others unauthorized access to TSF data or user data. T.ACCESS.COMM: A threat agent might access a communication channel that establishes a trust relationship between the TOE and another remote trusted IT system or masquerade as another remote trusted IT system. T.RESTRICT.NETTRAFFIC: A threat agent might get access to information or transmit information to other recipients via network communication channels without authorization for this communication attempt by the information flow control policy. T.IA.MASQUERADE: A threat agent might masquerade as an authorized entity including the TOE itself or a part of the TOE in order to gain unauthorized access to user data, TSF data, or TOE resources. T.IA.USER: A threat agent might gain access to user data, TSF data or TOE resources with the exception of public objects without being identified and authenticated Additional threats (inspired by ENISA Threat Taxonomy): <mark> FIXME discuss the appropriateness of the following points </mark> <mark> FIXME categorize more clearly </mark> <mark> FIXME check if EMB3D "format" is applicable here</mark> Network-related threats * Interception of information (user data, system data) * Intercepting compromising emmission/interfering radiation/side channel * Replay communication messages * Network traffic manipulation Nefarious activity * Malicious code/software/activity * Abuse of resources * Worms/Trojans * Root kits * Elevation of privileges * Injection attacks * Spyware / deceptive adware * Rogue security software * Exploit kits * Abuse information leaks * Unauthorized installation of software * Target APTs Authentication-based threats * Brute force * Abuse of authorization <mark> FIXME list more threats </mark> ## C.3 Assumptions Loading
