Software MITRE EMB3D and ADF Mapping

Device includes a bootloader (MITRE EM3ED PID-21)

Bootloader

• Keys: Bootloader | Bootloader Execution
• Description: Bootloader execution

• Attack Vectors and Threats:

  • FI (MITRE EM3ED TID-110)

    • Firmware verification skip

    • Buffer overflow exploitation after fault injection

  • Side-Channel Leakage (MITRE EM3ED TID-330)

    • Secure bootloader control flow analysis

  • Buffer Manipulation (MITRE EM3ED TID-327)

    • Arbitrary code execution

  • Timing Attack (MITRE EM3ED TID-330)

    • Collection of timing information

  • Inadequate Bootloader Protection and Verification (MITRE EM3ED TID-201)

Device includes peripheral chips and integrated data buses (MITRE EM3ED PID-13)

BUS

• Keys: BUS
• Description: Shared BUS

• Attack Vectors and Threats:

  • Memory (MITRE EM3ED TID-206)

    • If the victim and the attacker (either from code or through DMA) can access memory at the same time, this might lead to contention on the memory bus, making it possible to detect the victim’s memory accesses.

  • Unverified Peripheral Firmware Loaded (MITRE EM3ED TID-113)

  • Peripheral Data Bus Interception (MITRE EM3ED TID-114)

Device includes support for manual memory management programming languages (e.g. C, C++) (MITRE EM3ED PID-3122)

Non-Volatile Memory

• Keys: Non-Volatile Memory | Memory Management
• Description: Memory management issues

• Attack Vectors and Threats:

  • Buffer Manipulation (MITRE EM3ED TID-327)

    • Arbitrary code execution

  • Malicious Firmware (MITRE EM3ED TID-203)

    • Key material extraction from SE through malicious firmware

  • Out of Bounds Memory Access (MITRE EM3ED TID-327)

Device includes a microprocessor (MITRE EM3ED PID-11)

Cache Memory

• Keys: Cache Memory | Cache
• Description: Shared memory between victim and attacker

• Attack Vectors and Threats:

  • Cache State (MITRE EM3ED TID-103)

    • If the attacker and the victim have shared memory, the attacker can observe the victim’s behavior regarding this shared memory by observing the cache state. If the attacker evicts a shared value of interest from the cache, then loads the value again after the victim’s execution, based on the time taken it can determine whether the victim accessed the same value.

    • If the attacker and the victim have shared memory, the attacker can observe the victim’s behavior regarding this shared memory by observing the cache state. If the attacker flushes a shared value of interest from the cache, then loads the value again after the victim’s execution, based on the time taken it can determine whether the victim accessed the same value.

    • If the attacker and the victim have shared memory, the attacker can observe the victim’s behavior regarding this shared memory by observing the cache state. If the attacker flushes a shared value of interest from the cache, then flushes value again after the victim’s execution, based on the time taken it can determine whether the victim accessed the same value (without ever accessing the target value).

    • Even without shared memory, the attacker can observe the victim’s behavior regarding certain memory addresses by observing the cache state. If the attacker sets up the cache to a known state, then observes which values were evicted, it learns some information about the victim’s execution, depending on the cache organization and replacement policy.

Memory

• Keys: Memory | Shared Memory
• Description: Shared memory between victim and attacker

• Attack Vectors and Threats:

  • Memory (MITRE EM3ED TID-206)

    • Contention in the DRAM row buffer can leak the memory access patterns of a victim program.

Cryptographic Algorithm Implementation

• Keys: Cryptographic Algorithm Implementation | Cryptographic Operation
• Description: Cryptographic algorithm implementation emits exploitable information to the side-channel

• Attack Vectors and Threats:

  • Side-Channel Leakage (MITRE EM3ED TID-330)

    • Sensitive data extraction

Interrupt Capabilities

• Keys: Interrupt Capabilities
• Description: Attacker can utilize target interrupt capabilities

• Attack Vectors and Threats:

  • Code Execution (MITRE EM3ED TID-301)

    • The number of executed instructions and their execution time can be measured by an attacker with interrupt capabilities.

Priviledged Mode

• Keys: Priviledged Mode
• Description: Attacker can utilize target priviledged execution mode

• Attack Vectors and Threats:

  • Code Execution (MITRE EM3ED TID-301)

    • By monitoring the state of page table mappings, a privileged attacker can reconstruct the access patterns of the victim.

Hyperthreading

• Keys: Hyperthreading
• Description: Attacker and victim share the same core

• Attack Vectors and Threats:

  • Code Execution (MITRE EM3ED TID-301)

    • If the attacker can measure the execution time of code executing in parallel with the victim on the same core, they can detect changes in the timing resulting from the two programs contending for the same execution port on the core.

  • Power Consumption Analysis Side Channel (MITRE EM3ED TID-101)

  • Electromagnetic Analysis Side Channel (MITRE EM3ED TID-102)

  • Microarchitectural Side Channels (MITRE EM3ED TID-103)

  • Hardware Fault Injection – Control Flow Modification (MITRE EM3ED TID-105)

Device includes software/hardware root of trust (MITRE EM3ED PID-25)

Firmware RoT

• Keys: Firmware RoT | Firmware RoT
• Description: Device includes software root of trust

• Attack Vectors and Threats:

  • Malicious Firmware (MITRE EM3ED TID-203)

    • Key material extraction from SE through malicious firmware

Device includes a hardware access port (e.g., UART, JTAG) (MITRE EM3ED PID-15)

Debug Interface

• Keys: Debug Interface
• Description: Debug Interface provides acces to internal units

• Attack Vectors and Threats:

  • FI (MITRE EM3ED TID-110)

    • Buffer overflow exploitation after fault injection

  • Firmware/Data Extraction via Hardware Interface (MITRE EM3ED TID-115)

  • Latent Privileged Access Port (MITRE EM3ED TID-116)

  • Latent Hardware Debug Port Allows Memory/Code Manipulation (MITRE EM3ED TID-119)