docs: extend generic tf-a threat model
Adding a new threat which is about leaving
sensitive information in internal buffers
which could be stolen by an attacker.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I737e802c0adc9b00c89a0e21779745c51afb4b17
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst
index 38e5c87..99bbb3a 100644
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/threat_model.rst
@@ -170,7 +170,7 @@
For each threat identified, a risk rating that ranges
from *informational* to *critical* is given based on the likelihood of the
-threat occuring if a mitigation is not in place, and the impact of the
+threat occurring if a mitigation is not in place, and the impact of the
threat (i.e. how severe the consequences could be). Table 4 explains each
rating in terms of score, impact and likelihood.
@@ -778,8 +778,9 @@
+========================+====================================================+
| Threat | | **Misconfiguration of the Memory Management Unit |
| | (MMU) may allow a normal world software to |
-| | access sensitive data or execute arbitrary |
-| | code** |
+| | access sensitive data, execute arbitrary |
+| | code or access otherwise restricted HW |
+| | interface** |
| | |
| | | A misconfiguration of the MMU could |
| | lead to an open door for software running in the |
@@ -853,6 +854,8 @@
+------------------------+-----------------------------------------------------+
| Threat Type | Information Disclosure |
+------------------------+-------------------+----------------+----------------+
+| Application | Server | IoT | Mobile |
++------------------------+-------------------+----------------+----------------+
| Impact | Medium (3) | Medium (3) | Medium (3) |
+------------------------+-------------------+----------------+----------------+
| Likelihood | Low (2) | Low (2) | Low (2) |
@@ -880,6 +883,41 @@
| | mitigated. |
+------------------------+-----------------------------------------------------+
++------------------------+-----------------------------------------------------+
+| ID | 13 |
++========================+=====================================================+
+| Threat | | **Leaving sensitive information in the memory, |
+| | can allow an attacker to retrieve them.** |
+| | |
+| | | Accidentally leaving not-needed sensitive data in |
+| | internal buffers can leak them if an attacker |
+| | gains access to memory due to a vulnerability. |
++------------------------+-----------------------------------------------------+
+| Diagram Elements | DF4, DF5 |
++------------------------+-----------------------------------------------------+
+| Affected TF-A | BL1, BL2, BL31 |
+| Components | |
++------------------------+-----------------------------------------------------+
+| Assets | Sensitive Data |
++------------------------+-----------------------------------------------------+
+| Threat Agent | NSCode, SecCode |
++------------------------+-----------------------------------------------------+
+| Threat Type | Information Disclosure |
++------------------------+-------------------+----------------+----------------+
+| Application | Server | IoT | Mobile |
++------------------------+-------------------+----------------+----------------+
+| Impact | Critical (5) | Critical (5) | Critical (5) |
++------------------------+-------------------+----------------+----------------+
+| Likelihood | Medium (3) | Medium (3) | Medium (3) |
++------------------------+-------------------+----------------+----------------+
+| Total Risk Rating | High (15) | High (15) | High (15) |
++------------------------+-------------------+----------------+----------------+
+| Mitigations | Clear the sensitive data from internal buffers as |
+| | soon as they are not needed anymore. |
++------------------------+-----------------------------------------------------+
+| Mitigations | | Yes / Platform specific |
++------------------------+-----------------------------------------------------+
+
--------------
*Copyright (c) 2021-2022, Arm Limited. All rights reserved.*