Reviewed and Updated the Threat Modeling #70
Conversation
|
|
…me used in the table
| # Threat Model | ||
|
|
||
| ## Assets | ||
| ## Assets and Desired Security Properties |
There was a problem hiding this comment.
I thought it would be better to organize this as table so that we could have assets listed in the first column.
| - Integrity and authenticity of OpenPRoT policies | ||
| | Asset | Security Property | Description | | ||
| |----------------------------------------|---------------------------|-------------| | ||
| | OpenPRoT Firmware | Integrity, Authenticity, Non-Repudiation | Ensure firmware is unmodified, from a trusted source, and the origin cannot de denied.| |
There was a problem hiding this comment.
Why non-repudiation?
I think we have to consider the supply chain security where a trusted source on top of signing has to provide a proof that it has done its security due diligence on their side which could be a signed audit trail.
| |----------------------------------------|---------------------------|-------------| | ||
| | OpenPRoT Firmware | Integrity, Authenticity, Non-Repudiation | Ensure firmware is unmodified, from a trusted source, and the origin cannot de denied.| | ||
| | Cryptographic Operations | Integrity, Authorization | Ensure operations are performed as intended, only by authorized entities. | | ||
| | Cryptographic Configuration | Integrity, Authorization, Auditability | Ensure cryptographic configurations (key size, algorithms, key lifetime, POST) are secure, unaltered, auditable, and only modifiable by authorized entities. | |
There was a problem hiding this comment.
Cryptographic Configuration is a critical security parameter as it dictates the key size, algorithm choice, and mode of operation. Plus, it dictates the crypto agility of the firmware and hardware.
| | Anti-Rollback Counters | Integrity | Prevent manipulation of monotonic counter to protect against rollback/replay attacks. | | ||
| | Symmetric Keys managed by OpenPRoT | Integrity, Confidentiality| Protect key material from unauthorized modification or disclosure. | | ||
| | Private Asymmetric Keys | Integrity, Confidentiality| Prevent unauthorized modification or exposure to unauthorized parties. | | ||
| | Keys Lifecycle | Integrity, Availability | Ensure that authorized users and processes can perform generation, storage, distribution/provisioning, rotation, and destruction. | |
There was a problem hiding this comment.
Another CSP is the key lifecycle management process or service.
| class JTAGP,JTAG,OTP dev; | ||
| ``` | ||
|
|
||
| #### Example Threat Modeling Table as Per this Specification |
There was a problem hiding this comment.
This is not a complete list but an illustration. Which debug port or IO is used for programming depends from vendor to vendor.
|
@cfrantz @moidx @attzonko @timothytrippel I would love to get your thoughts on this proposal. |
1 participant
Summary of changes