CWE-1192
Alerte pour un CWE
Improper Identifier for IP Block used in System-On-Chip (SOC)
Extended Description
A System-on-Chip (SoC) comprises several components (IP) with varied trust requirements. It is required that each IP is identified uniquely and should distinguish itself from other entities in the SoC without any ambiguity. The unique secured identity is required for various purposes. Most of the time the identity is used to route a transaction or perform certain actions, including resetting, retrieving a sensitive information, and acting upon or on behalf of something else.
There are several variants of this weakness:
- A "missing" identifier is when the SoC does not define any mechanism to uniquely identify the IP.
- An "insufficient" identifier might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended.
- A "misconfigured" mechanism occurs when a mechanism is available but not implemented correctly.
- An "ignored" identifier occurs when the SoC/IP has not applied any policies or does not act upon the identifier securely.
Informations
Modes Of Introduction
Architecture and DesignImplementation
Operation
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)Technologies
Class: System on Chip (Undetermined)Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Access Control | Bypass Protection Mechanism | High |
Potential Mitigations
Phases : Architecture and DesignEvery identity generated in the SoC should be unique and immutable in hardware. The actions that an IP is trusted or not trusted should be clearly defined, implemented, configured, and tested. If the definition is implemented via a policy, then the policy should be immutable or protected with clear authentication and authorization.
Vulnerability Mapping Notes
Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Related Attack Patterns
| CAPEC-ID | Attack Pattern Name |
|---|---|
| CAPEC-113 | Interface Manipulation An adversary manipulates the use or processing of an interface (e.g. Application Programming Interface (API) or System-on-Chip (SoC)) resulting in an adverse impact upon the security of the system implementing the interface. This can allow the adversary to bypass access control and/or execute functionality not intended by the interface implementation, possibly compromising the system which integrates the interface. Interface manipulation can take on a number of forms including forcing the unexpected use of an interface or the use of an interface in an unintended way. |
Submission
| Name | Organization | Date | Date Release | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi | Intel Corporation | 4.0 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Name |
