Commit graph

19 commits

Author SHA1 Message Date
Janos Follath
4d43f2ed0e Add Everest to threat model
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-09-01 16:22:25 +01:00
Janos Follath
04fa1a4054 Threat Model: fix copy paste
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-16 15:04:21 +00:00
Janos Follath
9118bf5791 Threat Model: adjust modality
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-14 15:43:24 +00:00
Janos Follath
ba75955cd8 Threat Model: remove references
Remove references to scientific papers as they are too specific and
might be misleading.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-14 14:54:44 +00:00
Janos Follath
4317a9ef1f Threat Model: clarify stance on timing attacks
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-14 14:53:03 +00:00
Janos Follath
c51a413c47 Threat Model: improve wording and grammar
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-14 12:47:27 +00:00
Janos Follath
042e433eda Threat Model: clarify attack vectors
Timing attacks can be launched by any of the main 3 attackers. Clarify
exactly how these are covered.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-08 20:07:59 +00:00
Janos Follath
d5a09400ae Threat Model: improve wording
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-08 19:58:29 +00:00
Janos Follath
3d377605f3 Threat Model: move the block cipher section
The block cipher exception affects both remote and local timing attacks.
Move them to the Caveats section and reference it from both the local
and the remote attack section.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-08 16:58:01 +00:00
Janos Follath
ecaa293d32 Threat model: explain dangling countermeasures
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-08 16:38:07 +00:00
Janos Follath
fef82fd39b Threat Model: increase classification detail
Originally for the sake of simplicity there was a single category for
software based attacks, namely timing side channel attacks.

Be more precise and categorise attacks as software based whether or not
they rely on physical information.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-08 16:10:39 +00:00
Janos Follath
9ec195c984 Threat Model: reorganise threat definitions
Simplify organisation by placing threat definitions in their respective
sections.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-06 14:54:59 +00:00
Janos Follath
144dd7d2fa Threat Model: Miscellaneous clarifications
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-03 14:56:38 +00:00
Janos Follath
24792d0a33
Threat Model: Improve wording
Signed-off-by: Janos Follath <janos.follath@arm.com>

Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-03 14:16:12 +00:00
Janos Follath
18d417340f Add Threat Model Summary
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-02-24 16:00:21 +00:00
Tom Cosgrove
0b86ac1957 Fix typographical errors in .md files found by cspell
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-29 13:44:01 +01:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Gilles Peskine
a23df13e52 Minor presentation improvements
Minor wording improvement and cosmetic formatting improvements.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-16 12:04:44 +01:00
Manuel Pégourié-Gonnard
a21abf249c Add SECURITY.md
There was no mention of our security email address, nor of our security
process, in the repo, which made them hard to discover for contributors.

Also, this filename is recognized by github:
https://docs.github.com/en/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-02-25 12:50:42 +01:00