Threat Model: reorganise threat definitions

Simplify organisation by placing threat definitions in their respective
sections.

Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
Janos Follath 2023-03-06 14:54:59 +00:00
parent 144dd7d2fa
commit 9ec195c984

View file

@ -23,17 +23,12 @@ Users are urged to always use the latest version of a maintained branch.
We use the following classification of attacks:
- **Remote Attacks:** The attacker can observe and modify data sent over the
network. This includes observing the content and timing of individual packets,
as well as suppressing or delaying legitimate messages, and injecting messages.
- **Timing Attacks:** The attacker can gain information about the time taken
by certain sets of instructions in Mbed TLS operations.
- **Physical Attacks:** The attacker has access to physical information about
the hardware Mbed TLS is running on and/or can alter the physical state of
the hardware.
### Remote attacks
The attacker can observe and modify data sent over the network. This includes
observing the content and timing of individual packets, as well as suppressing
or delaying legitimate messages, and injecting messages.
Mbed TLS aims to fully protect against remote attacks and to enable the user
application in providing full protection against remote attacks. Said
protection is limited to providing security guarantees offered by the protocol
@ -42,6 +37,9 @@ arrive without delay, as the TLS protocol doesn't guarantee that either.)
### Timing attacks
The attacker can gain information about the time taken by certain sets of
instructions in Mbed TLS operations.
Mbed TLS provides limited protection against timing attacks. The cost of
protecting against timing attacks widely varies depending on the granularity of
the measurements and the noise present. Therefore the protection in Mbed TLS is
@ -71,6 +69,9 @@ Guide](docs/architecture/alternative-implementations.md) for more information.
### Physical attacks
The attacker has access to physical information about the hardware Mbed TLS is
running on and/or can alter the physical state of the hardware.
Physical attacks are out of scope (eg. power analysis or radio emissions). Any
attack using information about or influencing the physical state of the
hardware is considered physical, independently of the attack vector. (For