Zelalem | 05fed52 | 2021-02-24 19:20:09 -0600 | [diff] [blame] | 1 | Threat Model |
Olivier Deprez | 86d1ffd | 2021-06-01 15:37:16 +0200 | [diff] [blame] | 2 | ============ |
| 3 | |
| 4 | Threat modeling is an important part of Secure Development Lifecycle (SDL) |
| 5 | that helps us identify potential threats and mitigations affecting a system. |
| 6 | |
Sandrine Bailleux | 5981b1a | 2023-04-04 16:02:42 +0200 | [diff] [blame] | 7 | As the TF-A codebase is highly configurable to allow tailoring it best for each |
| 8 | platform's needs, providing a holistic threat model covering all of its features |
| 9 | is not necessarily the best approach. Instead, we provide a collection of |
| 10 | documents which, together, form the project's threat model. These are |
| 11 | articulated around a core document, called the :ref:`Generic Threat Model`, |
| 12 | which focuses on the most common configuration we expect to see. The other |
| 13 | documents typically focus on specific features not covered in the core document. |
| 14 | |
| 15 | As the TF-A codebase evolves and new features get added, these threat model |
| 16 | documents will be updated and extended in parallel to reflect at best the |
| 17 | current status of the code from a security standpoint. |
| 18 | |
| 19 | .. note:: |
| 20 | |
| 21 | Although our aim is eventually to provide threat model material for all |
| 22 | features within the project, we have not reached that point yet. We expect |
| 23 | to gradually fill these gaps over time. |
| 24 | |
| 25 | Each of these documents give a description of the target of evaluation using a |
| 26 | data flow diagram, as well as a list of threats we have identified using the |
| 27 | `STRIDE threat modeling technique`_ and corresponding mitigations. |
Zelalem | 05fed52 | 2021-02-24 19:20:09 -0600 | [diff] [blame] | 28 | |
| 29 | .. toctree:: |
| 30 | :maxdepth: 1 |
| 31 | :caption: Contents |
Zelalem | 05fed52 | 2021-02-24 19:20:09 -0600 | [diff] [blame] | 32 | |
| 33 | threat_model |
Shruti Gupta | 795af71 | 2022-09-27 14:21:13 +0100 | [diff] [blame] | 34 | threat_model_el3_spm |
Gary Morrison | d4d951a | 2021-11-10 14:40:15 -0600 | [diff] [blame] | 35 | threat_model_fvp_r |
Tamas Ban | ef589bf | 2022-11-30 17:09:43 +0100 | [diff] [blame] | 36 | threat_model_rss_interface |
Sandrine Bailleux | 545f4b6 | 2023-09-06 16:11:12 +0200 | [diff] [blame] | 37 | threat_model_arm_cca |
Zelalem | 05fed52 | 2021-02-24 19:20:09 -0600 | [diff] [blame] | 38 | |
| 39 | -------------- |
| 40 | |
Sandrine Bailleux | 5981b1a | 2023-04-04 16:02:42 +0200 | [diff] [blame] | 41 | *Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.* |
| 42 | |
| 43 | .. _STRIDE threat modeling technique: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model |