Loading EN-304-626.md +44 −1 Original line number Diff line number Diff line Loading @@ -962,6 +962,49 @@ Potential additional sources of security requirements * [CHERI BSD](https://www.cheribsd.org/) * [ETSI EN 103 732](https://portal.etsi.org/webapp/workprogram/Report_WorkItem.asp?WKI_ID=69549) Probably the most digestible is Ubuntu: https://documentation.ubuntu.com/security/docs/security-features/ they have the "qa regression test" suite, which has a bunch of security testing (search "security" in here): https://git.launchpad.net/qa-regression-testing/tree/scripts for example, config testing: https://git.launchpad.net/qa-regression-testing/tree/scripts/test-kernel-security.py behavioral testing: https://git.launchpad.net/qa-regression-testing/tree/scripts/kernel-security Chrome OS security principles: https://www.chromium.org/chromium-os/developer-library/reference/security/security-whitepaper/#principles-of-chromeos-security Much of the Chrome OS testing has been slowly getting merged into the much more complex Android stuff below... Android. This is weird to navigate, but start here: https://source.android.com/docs/security/overview on the left will be "Kernel security", "App security", "Implement security". Linked in there is the Compatibility Definition Document (CDD), which is "you have to do this to say you're and 'Android' device": https://source.android.com/docs/compatibility/cdd The latest is 16: https://source.android.com/docs/compatibility/16/android-16-cdd the CDD has an extensive security section: https://source.android.com/docs/compatibility/16/android-16-cdd#9_security_model_compatibility including specific features: https://source.android.com/docs/compatibility/16/android-16-cdd#97_security_features The _testing_ for the CDD is the Android Compatibility Test Suite (CTS): https://source.android.com/docs/compatibility/cts Which has kernel security tests, for example, though it is a bit minimal: https://cs.android.com/android/platform/superproject/+/android-latest-release:cts/hostsidetests/security/src/android/security/cts/KernelConfigTest.java **Hardware-Based Countermeasures** * Secure boot with HW Root of Trust: Ensures that only authenticated firmware is executed, anchored in immutable hardware * Hardware-backed Key Storage (e.g., TPM, Secure Enclave): Protects cryptographic keys from software-level attacks and unauthorized access Loading Loading
EN-304-626.md +44 −1 Original line number Diff line number Diff line Loading @@ -962,6 +962,49 @@ Potential additional sources of security requirements * [CHERI BSD](https://www.cheribsd.org/) * [ETSI EN 103 732](https://portal.etsi.org/webapp/workprogram/Report_WorkItem.asp?WKI_ID=69549) Probably the most digestible is Ubuntu: https://documentation.ubuntu.com/security/docs/security-features/ they have the "qa regression test" suite, which has a bunch of security testing (search "security" in here): https://git.launchpad.net/qa-regression-testing/tree/scripts for example, config testing: https://git.launchpad.net/qa-regression-testing/tree/scripts/test-kernel-security.py behavioral testing: https://git.launchpad.net/qa-regression-testing/tree/scripts/kernel-security Chrome OS security principles: https://www.chromium.org/chromium-os/developer-library/reference/security/security-whitepaper/#principles-of-chromeos-security Much of the Chrome OS testing has been slowly getting merged into the much more complex Android stuff below... Android. This is weird to navigate, but start here: https://source.android.com/docs/security/overview on the left will be "Kernel security", "App security", "Implement security". Linked in there is the Compatibility Definition Document (CDD), which is "you have to do this to say you're and 'Android' device": https://source.android.com/docs/compatibility/cdd The latest is 16: https://source.android.com/docs/compatibility/16/android-16-cdd the CDD has an extensive security section: https://source.android.com/docs/compatibility/16/android-16-cdd#9_security_model_compatibility including specific features: https://source.android.com/docs/compatibility/16/android-16-cdd#97_security_features The _testing_ for the CDD is the Android Compatibility Test Suite (CTS): https://source.android.com/docs/compatibility/cts Which has kernel security tests, for example, though it is a bit minimal: https://cs.android.com/android/platform/superproject/+/android-latest-release:cts/hostsidetests/security/src/android/security/cts/KernelConfigTest.java **Hardware-Based Countermeasures** * Secure boot with HW Root of Trust: Ensures that only authenticated firmware is executed, anchored in immutable hardware * Hardware-backed Key Storage (e.g., TPM, Secure Enclave): Protects cryptographic keys from software-level attacks and unauthorized access Loading
Valerie Aurora (Bow Shock) <1467-aurora@users.noreply.forge.etsi.org>Valerie Aurora (Bow Shock) <1467-aurora@users.noreply.forge.etsi.org>