search

HCD-iTC / HCD-IT

MIT License
2 stars 0 forks source link

APE_SPD.1-2 requirements are not met for Threats defined in Section I.3 #12

Open networklayer opened 1 year ago

networklayer commented 1 year ago

As per APE evaluation of the CL and responses from the Canadian Scheme, below observation require HIT's attention:

HDcPP Section I.3 does not define the following threats in terms of an asset (as defined in I.2) in the threat definition. CEM v3.1r5 APE_SPD.1.2C - "All threats shall be described in terms of a threat agent, an asset, and an adverse action."

T.TSF_FAILURE. T.UNAUTHORIZED_UPDATE.
T.WEAK_CRYPTO.

ansukert commented 1 year ago

Should be assigned to Cory Clark and Debbie White of the Canadian Scheme

ClarkCP commented 1 year ago

Howdy folks,

Reworded the threat statements using the assets defined in I.2. We tried to stay with the conventions used for the other threat statements in I.3. Throw darts

T.TSF_FAILURE

[Original]
A malfunction of the TSF may cause loss of security if the TOE is permitted to operate. [Suggested] A malfunction of the TSF may compromise the device security status if the TOE is permitted to operate.

Breakdown (just showing work, not to be included in PP) Agent: malfunction of the TSF Adverse action: TOE is permitted to operate Asset: TSF Data (Device security status)

T.UNAUTHORIZED_UPDATE

[Original]
An attacker may cause the installation of unauthorized firmware/software on the TOE. [Suggested] An attacker may install unauthorized firmware/software on the TOE to modify the Device security status.

Breakdown (just showing work, not to be included in PP) Agent: Attacker Adverse Action: Installation of unauthorized firmware/software Asset : TSF Data (Device security status)

T.WEAK_CRYPTO

[Original]
An attacker may exploit poorly chosen cryptographic algorithms, random bit generators, ciphers or key sizes. [Suggested] An attacker may exploit poorly chosen cryptographic algorithms, random bit generators, ciphers or key sizes to access (read, modify, or delete) TSF and User data.

Breakdown (just showing work, not to be included in PP) Agent: Attacker Adverse action: exploit poorly chosen cryptographic algorithms, random bit generators, ciphers or key sizes Asset: User and TSF data

brianatricoh commented 7 months ago

Resolved in errata, line 6115, 6118, 6124

gcolunga commented 7 months ago

This issue is addressed by the following TD:

The TD above is located at the following location: