This change set includes editorial fixes from review and several threats and security requirements that are necessary to justify the requirement for an End-to-End security model in SUIT.
The new threats listed are:
THREAT.NET.MITM
THREAT.KEY.EXPOSURE
THREAT.MFST.MODIFICATION
These were omitted from the previous Information Model drafts because they do not directly inform the fields present in the manifest, so they were not directly relevant to the SUIT manifest. However, references to End-to-End security imply some system architecture which requires a firm justification. These threats have been added to explain why an End-to-End security model is needed.
The new security requirements are:
REQ.SEC.REPORTING
REQ.SEC.KEY.PROTECTION
REQ.SEC.MFST.CHECK
REQ.SEC.MFST.TRUSTED
These requirements address the Author side of the End-to-End security model
This change set includes editorial fixes from review and several threats and security requirements that are necessary to justify the requirement for an End-to-End security model in SUIT.
The new threats listed are:
These were omitted from the previous Information Model drafts because they do not directly inform the fields present in the manifest, so they were not directly relevant to the SUIT manifest. However, references to End-to-End security imply some system architecture which requires a firm justification. These threats have been added to explain why an End-to-End security model is needed.
The new security requirements are:
These requirements address the Author side of the End-to-End security model