Threat Model: clarify attack vectors
Timing attacks can be launched by any of the main 3 attackers. Clarify
exactly how these are covered.
Signed-off-by: Janos Follath <janos.follath@arm.com>
diff --git a/SECURITY.md b/SECURITY.md
index d0281ac..387221e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -52,17 +52,16 @@
TLS.(See for example the [Flush+Reload
paper](https://eprint.iacr.org/2013/448.pdf).)
-(Technically, timing information can be observed over the network or through
-physical side channels as well. Network timing attacks are less powerful than
-local and countermeasures protecting against local attacks prevent network
-attacks as well. If the timing information is gained through physical side
-channels, we consider them physical attacks and as such they are out of scope.)
-
Mbed TLS provides limited protection against timing attacks. The cost of
protecting against timing attacks widely varies depending on the granularity of
the measurements and the noise present. Therefore the protection in Mbed TLS is
limited. We are only aiming to provide protection against **publicly
-documented** attacks, and this protection is not currently complete.
+documented** attacks.
+
+**Remark:** Timing information can be observed over the network or through
+physical side channels as well. Remote and physical timing attacks are covered
+in the [Remote attacks](remote-attacks) and [Physical
+attacks](physical-attacks) sections respectively.
**Warning!** Block ciphers do not yet achieve full protection. For
details and workarounds see the [Block Ciphers](#block-ciphers) section.