Commit b6076e30 authored by Valerie Aurora (Bow Shock)'s avatar Valerie Aurora (Bow Shock)
Browse files

Move list of links to MITRE threats to Notes annex

parent 0b1ec244

EN-304-626.md

+91 −91
Original line number Diff line number Diff line
@@ -2185,97 +2185,6 @@ FIXME should be Annex ZA 


**[TH-UPDA]:** An attacker may cause unauthorized software updates to be installed or prevent authorized software updates.



From [MITRE EMB3D](https://emb3d.mitre.org/):



Hardware:

* [TID-101](https://emb3d.mitre.org/threats/TID-101.html): Power Consumption Analysis Side Channel

* [TID-102](https://emb3d.mitre.org/threats/TID-102.html): Electromagnetic Analysis Side Channel

* [TID-103](https://emb3d.mitre.org/threats/TID-103.html): Microarchitectural Side Channels

* [TID-105](https://emb3d.mitre.org/threats/TID-105.html): Hardware Fault Injection – Control Flow Modification

* [TID-106](https://emb3d.mitre.org/threats/TID-106.html): Data Bus Interception

* [TID-107](https://emb3d.mitre.org/threats/TID-107.html): Unauthorized Direct Memory Access (DMA)

* [TID-108](https://emb3d.mitre.org/threats/TID-108.html): ROM/NVRAM Data Extraction or Modification

* [TID-109](https://emb3d.mitre.org/threats/TID-109.html): RAM Chip Contents Readout

* [TID-110](https://emb3d.mitre.org/threats/TID-110.html): Hardware Fault Injection – Data Manipulation

* [TID-111](https://emb3d.mitre.org/threats/TID-111.html): Untrusted External Storage

* [TID-113](https://emb3d.mitre.org/threats/TID-113.html): Unverified Peripheral Firmware Loaded

* [TID-114](https://emb3d.mitre.org/threats/TID-114.html): Peripheral Data Bus Interception

* [TID-115](https://emb3d.mitre.org/threats/TID-115.html): Firmware/Data Extraction via Hardware Interface

* [TID-116](https://emb3d.mitre.org/threats/TID-116.html): Latent Privileged Access Port

* [TID-118](https://emb3d.mitre.org/threats/TID-118.html): Weak Peripheral Port Electrical Damage Protection

* [TID-119](https://emb3d.mitre.org/threats/TID-119.html): Latent Hardware Debug Port Allows Memory/Code Manipulation



System Software:

* [TID-201](https://emb3d.mitre.org/threats/TID-201.html): Inadequate Bootloader Protection and Verification

* [TID-202](https://emb3d.mitre.org/threats/TID-202.html): Exploitable System Network Stack Component

* [TID-203](https://emb3d.mitre.org/threats/TID-203.html): Malicious OS Kernel Driver/Module Installable

* [TID-204](https://emb3d.mitre.org/threats/TID-204.html): Untrusted Programs Can Access Privileged OS Functions

* [TID-205](https://emb3d.mitre.org/threats/TID-205.html): Existing OS Tools Maliciously Used for Device Manipulation

* [TID-206](https://emb3d.mitre.org/threats/TID-206.html): Memory Management Protections Subverted

* [TID-207](https://emb3d.mitre.org/threats/TID-207.html): Container Escape

* [TID-208](https://emb3d.mitre.org/threats/TID-208.html): Virtual Machine Escape

* [TID-209](https://emb3d.mitre.org/threats/TID-209.html): Host Can Manipulate Guest Virtual Machines

* [TID-210](https://emb3d.mitre.org/threats/TID-210.html): Device Vulnerabilities Unpatchable

* [TID-211](https://emb3d.mitre.org/threats/TID-211.html): Device Allows Unauthenticated Firmware Installation

* [TID-212](https://emb3d.mitre.org/threats/TID-212.html): FW/SW Update Integrity Shared Secrets Extraction

* [TID-213](https://emb3d.mitre.org/threats/TID-213.html): Faulty FW/SW Update Integrity Verification

* [TID-214](https://emb3d.mitre.org/threats/TID-214.html): Secrets Extracted from Device Root of Trust

* [TID-215](https://emb3d.mitre.org/threats/TID-215.html): Unencrypted SW/FW Updates

* [TID-216](https://emb3d.mitre.org/threats/TID-216.html): Firmware Update Rollbacks Allowed

* [TID-217](https://emb3d.mitre.org/threats/TID-217.html): Remotely Initiated Updates Can Cause DoS

* [TID-218](https://emb3d.mitre.org/threats/TID-218.html): Operating System Susceptible to Rootkit

* [TID-219](https://emb3d.mitre.org/threats/TID-219.html): OS/Kernel Privilege Escalation

* [TID-220](https://emb3d.mitre.org/threats/TID-220.html): Unpatchable Hardware Root of Trust

* [TID-221](https://emb3d.mitre.org/threats/TID-221.html): Authentication Bypass By Message Replay

* [TID-222](https://emb3d.mitre.org/threats/TID-222.html): Critical System Service May Be Disabled

* [TID-223](https://emb3d.mitre.org/threats/TID-223.html): System Susceptible to RAM Scraping

* [TID-224](https://emb3d.mitre.org/threats/TID-224.html): Excessive Access via Software Diagnostic Features

* [TID-225](https://emb3d.mitre.org/threats/TID-225.html): Logs can be manipulated on the device

* [TID-226](https://emb3d.mitre.org/threats/TID-226.html): Device leaks security information in logs



Application Software:

* [TID-301](https://emb3d.mitre.org/threats/TID-301.html): Applications Binaries Modified

* [TID-302](https://emb3d.mitre.org/threats/TID-302.html): Install Untrusted Application

* [TID-303](https://emb3d.mitre.org/threats/TID-303.html): Excessive Trust in Offboard Management/IDE Software

* [TID-304](https://emb3d.mitre.org/threats/TID-304.html): Manipulate Runtime Environment

* [TID-305](https://emb3d.mitre.org/threats/TID-305.html): Program Executes Dangerous System Calls

* [TID-306](https://emb3d.mitre.org/threats/TID-306.html): Sandboxed Environments Escaped

* [TID-307](https://emb3d.mitre.org/threats/TID-307.html): Device Code Representations Inconsistent

* [TID-308](https://emb3d.mitre.org/threats/TID-308.html): Code Overwritten to Avoid Detection

* [TID-309](https://emb3d.mitre.org/threats/TID-309.html): Device Exploits Engineering Workstation

* [TID-310](https://emb3d.mitre.org/threats/TID-310.html): Remotely Accessible Unauthenticated Services

* [TID-311](https://emb3d.mitre.org/threats/TID-311.html): Default Credentials

* [TID-312](https://emb3d.mitre.org/threats/TID-312.html): Credential Change Mechanism Can Be Abused

* [TID-313](https://emb3d.mitre.org/threats/TID-313.html): Unauthenticated Session Changes Credential

* [TID-314](https://emb3d.mitre.org/threats/TID-314.html): Passwords Can Be Guessed Using Brute-Force Attempts

* [TID-315](https://emb3d.mitre.org/threats/TID-315.html): Password Retrieval Mechanism Abused

* [TID-316](https://emb3d.mitre.org/threats/TID-316.html): Incorrect Certificate Verification Allows Authentication Bypass

* [TID-317](https://emb3d.mitre.org/threats/TID-317.html): Predictable Cryptographic Key

* [TID-318](https://emb3d.mitre.org/threats/TID-318.html): Insecure Cryptographic Implementation

* [TID-319](https://emb3d.mitre.org/threats/TID-319.html): Cross Site Scripting (XSS)

* [TID-320](https://emb3d.mitre.org/threats/TID-320.html): SQL Injection

* [TID-321](https://emb3d.mitre.org/threats/TID-321.html): HTTP Application Session Hijacking

* [TID-322](https://emb3d.mitre.org/threats/TID-322.html): Cross Site Request Forgery (CSRF)

* [TID-323](https://emb3d.mitre.org/threats/TID-323.html): Path Traversal

* [TID-324](https://emb3d.mitre.org/threats/TID-324.html): HTTP Direct Object Reference

* [TID-325](https://emb3d.mitre.org/threats/TID-325.html): HTTP Injection/Response Splitting

* [TID-326](https://emb3d.mitre.org/threats/TID-326.html): Insecure Deserialization

* [TID-327](https://emb3d.mitre.org/threats/TID-327.html): Out of Bounds Memory Access

* [TID-328](https://emb3d.mitre.org/threats/TID-328.html): Hardcoded Credentials

* [TID-329](https://emb3d.mitre.org/threats/TID-329.html): Improper Password Storage

* [TID-330](https://emb3d.mitre.org/threats/TID-330.html): Cryptographic Timing Side-Channel



Networking:

* [TID-401](https://emb3d.mitre.org/threats/TID-401.html): Undocumented Protocol Features

* [TID-404](https://emb3d.mitre.org/threats/TID-404.html): Remotely Triggerable Deadlock/DoS

* [TID-405](https://emb3d.mitre.org/threats/TID-405.html): Network Stack Resource Exhaustion

* [TID-406](https://emb3d.mitre.org/threats/TID-406.html): Unauthorized Messages or Connections

* [TID-407](https://emb3d.mitre.org/threats/TID-407.html): Missing Message Replay Protection

* [TID-408](https://emb3d.mitre.org/threats/TID-408.html): Unencrypted Sensitive Data Communication

* [TID-410](https://emb3d.mitre.org/threats/TID-410.html): Cryptographic Protocol Side Channel

* [TID-411](https://emb3d.mitre.org/threats/TID-411.html): Weak/Insecure Cryptographic Protocol

* [TID-412](https://emb3d.mitre.org/threats/TID-412.html): Network Routing Capability Abuse



## C.3 Assumptions



> List assumptions that are relevant to the risk analysis for these threats. Everything is hackable if you try hard enough. What kinds of threats are in and out of scope? What are you assuming is the sophistication of attack? Relate to use cases.
@@ -2631,6 +2540,97 @@ Random ideas 
* Opt-in for all network functionality

* What about commonly disabled features for minimization



From [MITRE EMB3D](https://emb3d.mitre.org/):



Hardware:

* [TID-101](https://emb3d.mitre.org/threats/TID-101.html): Power Consumption Analysis Side Channel

* [TID-102](https://emb3d.mitre.org/threats/TID-102.html): Electromagnetic Analysis Side Channel

* [TID-103](https://emb3d.mitre.org/threats/TID-103.html): Microarchitectural Side Channels

* [TID-105](https://emb3d.mitre.org/threats/TID-105.html): Hardware Fault Injection – Control Flow Modification

* [TID-106](https://emb3d.mitre.org/threats/TID-106.html): Data Bus Interception

* [TID-107](https://emb3d.mitre.org/threats/TID-107.html): Unauthorized Direct Memory Access (DMA)

* [TID-108](https://emb3d.mitre.org/threats/TID-108.html): ROM/NVRAM Data Extraction or Modification

* [TID-109](https://emb3d.mitre.org/threats/TID-109.html): RAM Chip Contents Readout

* [TID-110](https://emb3d.mitre.org/threats/TID-110.html): Hardware Fault Injection – Data Manipulation

* [TID-111](https://emb3d.mitre.org/threats/TID-111.html): Untrusted External Storage

* [TID-113](https://emb3d.mitre.org/threats/TID-113.html): Unverified Peripheral Firmware Loaded

* [TID-114](https://emb3d.mitre.org/threats/TID-114.html): Peripheral Data Bus Interception

* [TID-115](https://emb3d.mitre.org/threats/TID-115.html): Firmware/Data Extraction via Hardware Interface

* [TID-116](https://emb3d.mitre.org/threats/TID-116.html): Latent Privileged Access Port

* [TID-118](https://emb3d.mitre.org/threats/TID-118.html): Weak Peripheral Port Electrical Damage Protection

* [TID-119](https://emb3d.mitre.org/threats/TID-119.html): Latent Hardware Debug Port Allows Memory/Code Manipulation



System Software:

* [TID-201](https://emb3d.mitre.org/threats/TID-201.html): Inadequate Bootloader Protection and Verification

* [TID-202](https://emb3d.mitre.org/threats/TID-202.html): Exploitable System Network Stack Component

* [TID-203](https://emb3d.mitre.org/threats/TID-203.html): Malicious OS Kernel Driver/Module Installable

* [TID-204](https://emb3d.mitre.org/threats/TID-204.html): Untrusted Programs Can Access Privileged OS Functions

* [TID-205](https://emb3d.mitre.org/threats/TID-205.html): Existing OS Tools Maliciously Used for Device Manipulation

* [TID-206](https://emb3d.mitre.org/threats/TID-206.html): Memory Management Protections Subverted

* [TID-207](https://emb3d.mitre.org/threats/TID-207.html): Container Escape

* [TID-208](https://emb3d.mitre.org/threats/TID-208.html): Virtual Machine Escape

* [TID-209](https://emb3d.mitre.org/threats/TID-209.html): Host Can Manipulate Guest Virtual Machines

* [TID-210](https://emb3d.mitre.org/threats/TID-210.html): Device Vulnerabilities Unpatchable

* [TID-211](https://emb3d.mitre.org/threats/TID-211.html): Device Allows Unauthenticated Firmware Installation

* [TID-212](https://emb3d.mitre.org/threats/TID-212.html): FW/SW Update Integrity Shared Secrets Extraction

* [TID-213](https://emb3d.mitre.org/threats/TID-213.html): Faulty FW/SW Update Integrity Verification

* [TID-214](https://emb3d.mitre.org/threats/TID-214.html): Secrets Extracted from Device Root of Trust

* [TID-215](https://emb3d.mitre.org/threats/TID-215.html): Unencrypted SW/FW Updates

* [TID-216](https://emb3d.mitre.org/threats/TID-216.html): Firmware Update Rollbacks Allowed

* [TID-217](https://emb3d.mitre.org/threats/TID-217.html): Remotely Initiated Updates Can Cause DoS

* [TID-218](https://emb3d.mitre.org/threats/TID-218.html): Operating System Susceptible to Rootkit

* [TID-219](https://emb3d.mitre.org/threats/TID-219.html): OS/Kernel Privilege Escalation

* [TID-220](https://emb3d.mitre.org/threats/TID-220.html): Unpatchable Hardware Root of Trust

* [TID-221](https://emb3d.mitre.org/threats/TID-221.html): Authentication Bypass By Message Replay

* [TID-222](https://emb3d.mitre.org/threats/TID-222.html): Critical System Service May Be Disabled

* [TID-223](https://emb3d.mitre.org/threats/TID-223.html): System Susceptible to RAM Scraping

* [TID-224](https://emb3d.mitre.org/threats/TID-224.html): Excessive Access via Software Diagnostic Features

* [TID-225](https://emb3d.mitre.org/threats/TID-225.html): Logs can be manipulated on the device

* [TID-226](https://emb3d.mitre.org/threats/TID-226.html): Device leaks security information in logs



Application Software:

* [TID-301](https://emb3d.mitre.org/threats/TID-301.html): Applications Binaries Modified

* [TID-302](https://emb3d.mitre.org/threats/TID-302.html): Install Untrusted Application

* [TID-303](https://emb3d.mitre.org/threats/TID-303.html): Excessive Trust in Offboard Management/IDE Software

* [TID-304](https://emb3d.mitre.org/threats/TID-304.html): Manipulate Runtime Environment

* [TID-305](https://emb3d.mitre.org/threats/TID-305.html): Program Executes Dangerous System Calls

* [TID-306](https://emb3d.mitre.org/threats/TID-306.html): Sandboxed Environments Escaped

* [TID-307](https://emb3d.mitre.org/threats/TID-307.html): Device Code Representations Inconsistent

* [TID-308](https://emb3d.mitre.org/threats/TID-308.html): Code Overwritten to Avoid Detection

* [TID-309](https://emb3d.mitre.org/threats/TID-309.html): Device Exploits Engineering Workstation

* [TID-310](https://emb3d.mitre.org/threats/TID-310.html): Remotely Accessible Unauthenticated Services

* [TID-311](https://emb3d.mitre.org/threats/TID-311.html): Default Credentials

* [TID-312](https://emb3d.mitre.org/threats/TID-312.html): Credential Change Mechanism Can Be Abused

* [TID-313](https://emb3d.mitre.org/threats/TID-313.html): Unauthenticated Session Changes Credential

* [TID-314](https://emb3d.mitre.org/threats/TID-314.html): Passwords Can Be Guessed Using Brute-Force Attempts

* [TID-315](https://emb3d.mitre.org/threats/TID-315.html): Password Retrieval Mechanism Abused

* [TID-316](https://emb3d.mitre.org/threats/TID-316.html): Incorrect Certificate Verification Allows Authentication Bypass

* [TID-317](https://emb3d.mitre.org/threats/TID-317.html): Predictable Cryptographic Key

* [TID-318](https://emb3d.mitre.org/threats/TID-318.html): Insecure Cryptographic Implementation

* [TID-319](https://emb3d.mitre.org/threats/TID-319.html): Cross Site Scripting (XSS)

* [TID-320](https://emb3d.mitre.org/threats/TID-320.html): SQL Injection

* [TID-321](https://emb3d.mitre.org/threats/TID-321.html): HTTP Application Session Hijacking

* [TID-322](https://emb3d.mitre.org/threats/TID-322.html): Cross Site Request Forgery (CSRF)

* [TID-323](https://emb3d.mitre.org/threats/TID-323.html): Path Traversal

* [TID-324](https://emb3d.mitre.org/threats/TID-324.html): HTTP Direct Object Reference

* [TID-325](https://emb3d.mitre.org/threats/TID-325.html): HTTP Injection/Response Splitting

* [TID-326](https://emb3d.mitre.org/threats/TID-326.html): Insecure Deserialization

* [TID-327](https://emb3d.mitre.org/threats/TID-327.html): Out of Bounds Memory Access

* [TID-328](https://emb3d.mitre.org/threats/TID-328.html): Hardcoded Credentials

* [TID-329](https://emb3d.mitre.org/threats/TID-329.html): Improper Password Storage

* [TID-330](https://emb3d.mitre.org/threats/TID-330.html): Cryptographic Timing Side-Channel



Networking:

* [TID-401](https://emb3d.mitre.org/threats/TID-401.html): Undocumented Protocol Features

* [TID-404](https://emb3d.mitre.org/threats/TID-404.html): Remotely Triggerable Deadlock/DoS

* [TID-405](https://emb3d.mitre.org/threats/TID-405.html): Network Stack Resource Exhaustion

* [TID-406](https://emb3d.mitre.org/threats/TID-406.html): Unauthorized Messages or Connections

* [TID-407](https://emb3d.mitre.org/threats/TID-407.html): Missing Message Replay Protection

* [TID-408](https://emb3d.mitre.org/threats/TID-408.html): Unencrypted Sensitive Data Communication

* [TID-410](https://emb3d.mitre.org/threats/TID-410.html): Cryptographic Protocol Side Channel

* [TID-411](https://emb3d.mitre.org/threats/TID-411.html): Weak/Insecure Cryptographic Protocol

* [TID-412](https://emb3d.mitre.org/threats/TID-412.html): Network Routing Capability Abuse



Potential additional sources of security requirements



* [NCP Checklists](https://ncp.nist.gov/repository)