TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 9ec195c984ba6978443086a5a7e924068210ee4d^! / .
commit9ec195c984ba6978443086a5a7e924068210ee4d[log] [tgz]
authorJanos Follath <janos.follath@arm.com>Mon Mar 06 14:54:59 2023 +0000
committerJanos Follath <janos.follath@arm.com>Mon Mar 06 14:54:59 2023 +0000
treed07363f749a789f9663868e5ef9d195a6eb152cf
parent144dd7d2fa1c2dc655064ef28de91f7042a36881 [diff]
Threat Model: reorganise threat definitions

Simplify organisation by placing threat definitions in their respective
sections.

Signed-off-by: Janos Follath <janos.follath@arm.com>

diff --git a/SECURITY.md b/SECURITY.md
index 4ed9d38..7981a44 100644
--- a/SECURITY.md
+++ b/SECURITY.md

@@ -23,17 +23,12 @@
 
 We use the following classification of attacks:
 
-- **Remote Attacks:** The attacker can observe and modify data sent over the
-  network. This includes observing the content and timing of individual packets,
-  as well as suppressing or delaying legitimate messages, and injecting messages.
-- **Timing Attacks:** The attacker can gain information about the time taken
-  by certain sets of instructions in Mbed TLS operations.
-- **Physical Attacks:** The attacker has access to physical information about
-  the hardware Mbed TLS is running on and/or can alter the physical state of
-  the hardware.
-
 ### Remote attacks
 
+The attacker can observe and modify data sent over the network. This includes
+observing the content and timing of individual packets, as well as suppressing
+or delaying legitimate messages, and injecting messages.
+
 Mbed TLS aims to fully protect against remote attacks and to enable the user
 application in providing full protection against remote attacks. Said
 protection is limited to providing security guarantees offered by the protocol
@@ -42,6 +37,9 @@
 
 ### Timing attacks
 
+The attacker can gain information about the time taken by certain sets of
+instructions in Mbed TLS operations.
+
 Mbed TLS provides limited protection against timing attacks. The cost of
 protecting against timing attacks widely varies depending on the granularity of
 the measurements and the noise present. Therefore the protection in Mbed TLS is
@@ -71,6 +69,9 @@
 
 ### Physical attacks
 
+The attacker has access to physical information about the hardware Mbed TLS is
+running on and/or can alter the physical state of the hardware.
+
 Physical attacks are out of scope (eg. power analysis or radio emissions). Any
 attack using information about or influencing the physical state of the
 hardware is considered physical, independently of the attack vector. (For