Number and annotate S4.7 Use Cases

## 4.7 Use Cases

_The following use cases are an illustrative subset of all possible use cases. Manufacturers may contribute additional use cases._

**EDITORS NOTE:** The following list of use cases is an illustrative set of possible use cases selected to demonstrate the mechanics of this standard and provide clear guidance for the most common product categories.

* **UC-LR** Operating system for learning and research

**EDITORS NOTE:** Considering that Operating Systems provide an essential functionality for all Digital Products, it is not feasible to list in detail either all extant or all potential use cases for operating systems.

**EDITORS NOTE:** We anticipate that future revisions of this document may include additional use cases, such as for the following product scenarios: embedded devides, baseband management controllers, network interface cards, graphics cards, real-time applications, and special purpose operating systems.

### 4.7.1 **UC-LR** Operating system for learning and research

  * is not used for any purpose beyond learning and research

  * does not store any sensitive or useful data

  * security is provided entirely by the environment

  * is highly modified by the user

* **UC-IoT-1** Non-internet-connected device such as a bluetooth speaker

### 4.7.2 **UC-IoT-1** Non-internet-connected device such as a bluetooth speaker

  * does not store any user-specific data

  * has no means to connect directly to a public network

  * not intended to support hardware, software, or operating system changes

* **UC-IoT-2** Internet-enabled power switch

### 4.7.3 **UC-IoT-2** Internet-enabled power switch

  * connects to a central service, operated by the device manufacturer, for remote data processing

  * stores account information to authenticate to WiFi and to cloud service provider

  * has a minimalistic interface, such as a single button for pairing and a reset button

  * does not have accessible I/O ports

* **UC-IoT-3** Internet-connected "smart home" device

### 4.7.4 **UC-IoT-3** Internet-connected "smart home" device

  * e.g. a thermostat, fridge, or alarm system

  * connects to a central service, operated by the device manufacturer, for remote data process

  * stores account information to authenticate to WiFi and to cloud service provider

  * may display personalized information, such as location-specific weather forecast

  * serviced by trained professionals who do not modify software or hardware outside of manufacturer specifications

* **UC-RO-1** Consumer-grade home wireless router

### 4.7.5 **UC-RO-1** Consumer-grade home wireless router

  * stores account information for authentication with ISP

  * not intended for end-user hardware or software modification

  * is exposed to the open internet

* **UC-OT-1** Business-grade remote door locking system

### 4.7.6 **UC-OT-1** Business-grade remote door locking system

  * does not store any user data

  * not intended for hardware or software modification

  * is not exposed to the open internet, and is only connected to trusted networks

  * does not have accessible I/O ports

  * hardware likely contains tamper-evident signals which operating system can rely on

* **UC-MOB-1** Personal mobile device

### 4.7.7 **UC-MOB-1** Personal mobile device

  * stores highly sensitive personal information

  * large number of sensors allow mass collection of sensitive personal data

  * size and cost make it a common target of theft

  * device frequently collects user's location at all times

  * device is often always on and always connected

* **UC-WE-1** Wearable health tracker

### 4.7.8 **UC-WE-1** Wearable health tracker

  * e.g. a smart watch or step tracker

  * stores information about a single user only

  * stored information may be highly sensitive, and is likely to be strictly structured (not arbitrary files)

  * connections are proxied by a trusted device, such as a mobile phone

  * is not exposed to a public network

* **UC-PC-1** Personal computer in a fixed and generally safe location

### 4.7.9 **UC-PC-1** Personal computer in a fixed and generally safe location

  * hardware, software and operating system may be configured and modified by the end-user

  * the user may not be either highly skilled or an authorized representative of the manufacturer

  * foreseeably connects to a public network and to low-trust local networks, but is not reachable from the open internet

  * stores personal information and arbitrary files

* **UC-PC-2** Enterprise workstation in a fixed and generally safe location

### 4.7.10 **UC-PC-2** Enterprise workstation in a fixed and generally safe location

  * installed in an access-controlled workspace

  * serviced by trained professionals who may modify both software and hardware

  * connected to a public network with external mitigations, such as enterprise-grade firewalls

  * used for web browsing

  * stores business data, personal information and arbitrary files

* **UC-LA-1** Personal laptop

### 4.7.11 **UC-LA-1** Personal laptop

  * hardware, software and operating system may be configured and modified by the end-user

  * device is a foreseeable target of theft and tampering by untrusted 3rd parties

  * stores personal information and arbitrary files

  * is frequently connected to untrusted networks

  * hardware likely contains tamper-evident indicators and secure elements for cryptographic storage

* **UC-LA-2** Enterprise laptop

### 4.7.12 **UC-LA-2** Enterprise laptop

  * hardware, software and operating system may be configured and modified by the end-user

  * serviced by trained professionals who may modify both software and hardware

  * device is a foreseeable target of theft and tampering by untrusted 3rd parties

  * is frequently connected to untrusted networks

  * hardware likely contains tamper-evident indicators and secure elements for cryptographic storage

* **UC-PS-1** Personal server

### 4.7.13 **UC-PS-1** Personal server

   * one or a small number of trusted users

   * installed in a fixed location at home or in a cohosting facility

   * connected to a public network with a firewall

   * semi-professional semi-automated management by one or a few people

   * always stationary, access to hardware interfaces unlikely

* **UC-SE-1** Enterprise server in a datacenter with no user accounts

### 4.7.14 **UC-SE-1** Enterprise server in a datacenter with no user accounts

  * installed in a monitored and secured facility

  * serviced by trained professionals who may modify both software and hardware

  * connected to a public network with external mitigations, such as enterprise-grade firewalls

  * connects to trusted local networks

  * hardware likely contains tamper-evident indicators and secure elements for cryptographic storage

* **UC-SE-2** Enterprise server in a datacenter with only trusted user accounts

### 4.7.15 **UC-SE-2** Enterprise server in a datacenter with only trusted user accounts

  * Same as UC-SE-2 but with trusted users

* **UC-SE-3** Enterprise server in a datacenter hosting many untrusted user accounts

### 4.7.16 **UC-SE-3** Enterprise server in a datacenter hosting many untrusted user accounts

  * Same as UC-SE-2 but with untrusted users

> TODO: Manufacturers contribute more use cases, such as: embedded, BMCs, network interfaces, graphics cards, real-time applications, special purpose ooperating systems.

# 5 Requirements specifications

## 5.1 Notes on the structure of the Requirements