Janos Follath
4d43f2ed0e
Add Everest to threat model
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-09-01 16:22:25 +01:00
Janos Follath
04fa1a4054
Threat Model: fix copy paste
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-16 15:04:21 +00:00
Janos Follath
9118bf5791
Threat Model: adjust modality
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-14 15:43:24 +00:00
Janos Follath
ba75955cd8
Threat Model: remove references
...
Remove references to scientific papers as they are too specific and
might be misleading.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-14 14:54:44 +00:00
Janos Follath
4317a9ef1f
Threat Model: clarify stance on timing attacks
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-14 14:53:03 +00:00
Janos Follath
c51a413c47
Threat Model: improve wording and grammar
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-14 12:47:27 +00:00
Janos Follath
042e433eda
Threat Model: clarify attack vectors
...
Timing attacks can be launched by any of the main 3 attackers. Clarify
exactly how these are covered.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-08 20:07:59 +00:00
Janos Follath
d5a09400ae
Threat Model: improve wording
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-08 19:58:29 +00:00
Janos Follath
3d377605f3
Threat Model: move the block cipher section
...
The block cipher exception affects both remote and local timing attacks.
Move them to the Caveats section and reference it from both the local
and the remote attack section.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-08 16:58:01 +00:00
Janos Follath
ecaa293d32
Threat model: explain dangling countermeasures
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-08 16:38:07 +00:00
Janos Follath
fef82fd39b
Threat Model: increase classification detail
...
Originally for the sake of simplicity there was a single category for
software based attacks, namely timing side channel attacks.
Be more precise and categorise attacks as software based whether or not
they rely on physical information.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-08 16:10:39 +00:00
Janos Follath
9ec195c984
Threat Model: reorganise threat definitions
...
Simplify organisation by placing threat definitions in their respective
sections.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-06 14:54:59 +00:00
Janos Follath
144dd7d2fa
Threat Model: Miscellaneous clarifications
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-03 14:56:38 +00:00
Janos Follath
24792d0a33
Threat Model: Improve wording
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-03 14:16:12 +00:00
Janos Follath
18d417340f
Add Threat Model Summary
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-02-24 16:00:21 +00:00
Tom Cosgrove
0b86ac1957
Fix typographical errors in .md files found by cspell
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-29 13:44:01 +01:00
Shaun Case
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Gilles Peskine
a23df13e52
Minor presentation improvements
...
Minor wording improvement and cosmetic formatting improvements.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-16 12:04:44 +01:00
Manuel Pégourié-Gonnard
a21abf249c
Add SECURITY.md
...
There was no mention of our security email address, nor of our security
process, in the repo, which made them hard to discover for contributors.
Also, this filename is recognized by github:
https://docs.github.com/en/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-02-25 12:50:42 +01:00