cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-10 15:50:47 -04:00
Code Issues Packages Projects Releases Wiki Activity

Threat Model: reorganise threat definitions

Browse Source 
Simplify organisation by placing threat definitions in their respective
sections.

Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
Janos Follath 2023-03-06 14:54:59 +00:00
parent e57ed98f9e
commit 5adb2c2328
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
SECURITY.md
View File

@ -23,17 +23,12 @@ Users are urged to always use the latest version of a maintained branch.
We use the following classification of attacks: We use the following classification of attacks:
- **Remote Attacks:** The attacker can observe and modify data sent over the
network. This includes observing the content and timing of individual packets,
as well as suppressing or delaying legitimate messages, and injecting messages.
- **Timing Attacks:** The attacker can gain information about the time taken
by certain sets of instructions in Mbed TLS operations.
- **Physical Attacks:** The attacker has access to physical information about
the hardware Mbed TLS is running on and/or can alter the physical state of
the hardware.
### Remote attacks ### Remote attacks
The attacker can observe and modify data sent over the network. This includes
observing the content and timing of individual packets, as well as suppressing
or delaying legitimate messages, and injecting messages.
Mbed TLS aims to fully protect against remote attacks and to enable the user Mbed TLS aims to fully protect against remote attacks and to enable the user
application in providing full protection against remote attacks. Said application in providing full protection against remote attacks. Said
protection is limited to providing security guarantees offered by the protocol protection is limited to providing security guarantees offered by the protocol
@ -42,6 +37,9 @@ arrive without delay, as the TLS protocol doesn't guarantee that either.)
### Timing attacks ### Timing attacks
The attacker can gain information about the time taken by certain sets of
instructions in Mbed TLS operations.
Mbed TLS provides limited protection against timing attacks. The cost of Mbed TLS provides limited protection against timing attacks. The cost of
protecting against timing attacks widely varies depending on the granularity of protecting against timing attacks widely varies depending on the granularity of
the measurements and the noise present. Therefore the protection in Mbed TLS is the measurements and the noise present. Therefore the protection in Mbed TLS is
@ -71,6 +69,9 @@ Guide](docs/architecture/alternative-implementations.md) for more information.
### Physical attacks ### Physical attacks
The attacker has access to physical information about the hardware Mbed TLS is
running on and/or can alter the physical state of the hardware.
Physical attacks are out of scope (eg. power analysis or radio emissions). Any Physical attacks are out of scope (eg. power analysis or radio emissions). Any
attack using information about or influencing the physical state of the attack using information about or influencing the physical state of the
hardware is considered physical, independently of the attack vector. (For hardware is considered physical, independently of the attack vector. (For