diff options
| author | Janos Follath <janos.follath@arm.com> | 2023-03-14 15:43:24 +0000 |
|---|---|---|
| committer | Janos Follath <janos.follath@arm.com> | 2023-03-14 15:43:24 +0000 |
| commit | 9118bf5791306398f4a8d5be79b303de62b3d0f6 (patch) | |
| tree | 11b81357507e89e511c6cc4e6489b7d1206f57c9 /SECURITY.md | |
| parent | ba75955cd80d57314ad6ad16922dec35515cab74 (diff) | |
| download | mbedtls-9118bf5791306398f4a8d5be79b303de62b3d0f6.zip mbedtls-9118bf5791306398f4a8d5be79b303de62b3d0f6.tar.gz mbedtls-9118bf5791306398f4a8d5be79b303de62b3d0f6.tar.bz2 | |
Threat Model: adjust modality
Signed-off-by: Janos Follath <janos.follath@arm.com>
Diffstat (limited to 'SECURITY.md')
| -rw-r--r-- | SECURITY.md | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/SECURITY.md b/SECURITY.md index 8d23371..8d3678a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -25,9 +25,10 @@ We classify attacks based on the capabilities of the attacker. ### Remote attacks -The attacker can observe and modify data sent over the network. This includes -observing the content and timing of individual packets, as well as suppressing -or delaying legitimate messages, and injecting messages. +In this section, we consider an attacker who can observe and modify data sent +over the network. This includes observing the content and timing of individual +packets, as well as suppressing or delaying legitimate messages, and injecting +messages. Mbed TLS aims to fully protect against remote attacks and to enable the user application in providing full protection against remote attacks. Said @@ -42,9 +43,9 @@ and workarounds see the [Block Ciphers](#block-ciphers) section. ### Local attacks -The attacker can run software on the same machine. The attacker has -insufficient privileges to directly access Mbed TLS assets such as memory and -files. +In this section, we consider an attacker who can run software on the same +machine. The attacker has insufficient privileges to directly access Mbed TLS +assets such as memory and files. #### Timing attacks @@ -93,9 +94,10 @@ application's threat model, they need to be mitigated by the platform. ### Physical attacks -The attacker has access to physical information about the hardware Mbed TLS is -running on and/or can alter the physical state of the hardware (e.g. power -analysis, radio emissions or fault injection). +In this section, we consider an attacker who can attacker has access to +physical information about the hardware Mbed TLS is running on and/or can alter +the physical state of the hardware (e.g. power analysis, radio emissions or +fault injection). Mbed TLS doesn't make any security guarantees against physical attacks. If physical attacks are present in a use case or a user application's threat |