Threat Model: improve wording Signed-off-by: Janos Follath <janos.follath@arm.com>

commit: d5a09400ae23c949bfcc935dcd317eefe134d163 [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Wed Mar 08 19:58:29 2023 +0000
committer: Janos Follath <janos.follath@arm.com> Wed Mar 08 19:58:29 2023 +0000
tree: 03014ce1b582124e0839bce5c0e767d30b5ede0f
parent: 3d377605f3afa0499af1720a39c951362f1b573d [diff] [blame]
diff --git a/SECURITY.md b/SECURITY.md
index 677e685..d0281ac 100644
--- a/SECURITY.md
+++ b/SECURITY.md

@@ -42,14 +42,14 @@
 
 ### Local attacks
 
-The attacker is capable of running code on the same hardware as Mbed TLS, but
-there is still a security boundary between them (ie. the attacker can't for
-example read secrets from Mbed TLS' memory directly).
+The attacker can run software on the same machine. The attacker has
+insufficient privileges to directly access Mbed TLS assets such as memory and
+files.
 
 #### Timing attacks
 
-The attacker can gain information about the time taken by certain sets of
-instructions in Mbed TLS operations. (See for example the [Flush+Reload
+The attacker is able to observe the timing of instructions executed by Mbed
+TLS.(See for example the [Flush+Reload
 paper](https://eprint.iacr.org/2013/448.pdf).)
 
 (Technically, timing information can be observed over the network or through
commit	d5a09400ae23c949bfcc935dcd317eefe134d163	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Wed Mar 08 19:58:29 2023 +0000
committer	Janos Follath <janos.follath@arm.com>	Wed Mar 08 19:58:29 2023 +0000
tree	03014ce1b582124e0839bce5c0e767d30b5ede0f
parent	3d377605f3afa0499af1720a39c951362f1b573d [diff] [blame]