@@ -1109,9 +1109,7 @@ The product shall prevent a user account from logging in if another user account
#### 5.2.X.x **MI-PMSC** Prevent memory leaks through microarchitectural side channels in provided executables
The product shall implement MI-MMAC.
The product shall implement mechanisms to prevent the executables it provides from leaking memory data to unauthorized users through known exploitable microarchitectural side channels (MASCs), such as via the observing the time of cache access for various operations, for exapmle:
The product shall implement mechanisms to prevent the executables it provides from leaking memory data to unauthorized users through known exploitable microarchitectural side channels (MASCs), such as via the observing the time of cache access for various operations including:
* speculative execution/loads/stores
* branch prediction
@@ -1121,12 +1119,14 @@ The product shall implement mechanisms to prevent the executables it provides fr
* memory access patterns
* prefetching
The manufacturer shall document on which platforms the product mitigates known MASC leaks.
Test:
* Test: for each type of known MASC leak on each supported platform, run a test that detects if an unprivileged user can use the MASC leak to gain unauthorized access to data in memory from security-relevant executables
* Result: tests report that MASC leak can not be used in this way
* Output: the times measured by the tests
* Documentation: list of known exploitable MASCs in each supported platform
* Reference: TR-MISO
* Objective: Prevent unauthorized reads of memory
* Preparation: List known MASC leaks on supported platform
* Activities: For each type of MASC leak, run a test using the best known techniques to exploit the MASC on a system-provided executable
* Verdict: All tests fail to extract data that they do not have authorization to read => PASS, otherwise FAIL
* Evidence: Output of each test
#### 5.2.X.x **MI-TRMD** Transfer risk of microarchitectural side channel data leaks to user
