CAPEC-681
Exploitation of Improperly Controlled Hardware Security Identifiers
Moyen
Draft
2021-10-21
00h00 +00:00
00h00 +00:00
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Descriptions du CAPEC
An adversary takes advantage of missing or incorrectly configured security identifiers (e.g., tokens), which are used for access control within a System-on-Chip (SoC), to read/write data or execute a given action.
Informations du CAPEC
Conditions préalables
Awareness of the hardware being leveraged.Access to the hardware being leveraged.
Compétences requises
Ability to execute actions within the SoC.Intricate knowledge of the identifiers being utilized.
Atténuations
Review generation of security identifiers for design inconsistencies and common weaknesses.Review security identifier decoders for design inconsistencies and common weaknesses.
Test security identifier definition, access, and programming flow in both pre-silicon and post-silicon environments.
Faiblesses connexes
| Nom de la faiblesse | |
|---|---|
CWE-1259 |
Improper Restriction of Security Token Assignment The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens are improperly protected. |
CWE-1267 |
Policy Uses Obsolete Encoding The product uses an obsolete encoding mechanism to implement access controls. |
CWE-1270 |
Generation of Incorrect Security Tokens The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect. |
CWE-1294 |
Insecure Security Identifier Mechanism The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented. |
CWE-1302 |
Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC) The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction is sent without a security identifier. |
Références
REF-694
PCIe Device Measurement Requirementshttps://www.intel.com/content/dam/www/public/us/en/documents/reference-guides/pcie-device-security-enhancements.pdf
REF-695
BIOS Chronomancy: Fixing the Core Root of Trust for MeasurementJohn Butterworth, Cory Kallenberg, Xeno Kovah.
https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf
Soumission
| Nom | Organisation | Date | Date de publication |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.