Software Threat Model

Device includes a microprocessor (MITRE EM3ED PID-11)

Cache Memory

• Keys: Cache Memory | Cache
• Description: Shared memory between victim and attacker

• Attack Vectors and Threats:

  • Cache State (MITRE EM3ED TID-103)

    • If the attacker and the victim have shared memory, the attacker can observe the victim’s behavior regarding this shared memory by observing the cache state. If the attacker evicts a shared value of interest from the cache, then loads the value again after the victim’s execution, based on the time taken it can determine whether the victim accessed the same value.

    • If the attacker and the victim have shared memory, the attacker can observe the victim’s behavior regarding this shared memory by observing the cache state. If the attacker flushes a shared value of interest from the cache, then loads the value again after the victim’s execution, based on the time taken it can determine whether the victim accessed the same value.

    • If the attacker and the victim have shared memory, the attacker can observe the victim’s behavior regarding this shared memory by observing the cache state. If the attacker flushes a shared value of interest from the cache, then flushes value again after the victim’s execution, based on the time taken it can determine whether the victim accessed the same value (without ever accessing the target value).

    • Even without shared memory, the attacker can observe the victim’s behavior regarding certain memory addresses by observing the cache state. If the attacker sets up the cache to a known state, then observes which values were evicted, it learns some information about the victim’s execution, depending on the cache organization and replacement policy.

Memory

• Keys: Memory | Shared Memory
• Description: Shared memory between victim and attacker

• Attack Vectors and Threats:

  • Memory (MITRE EM3ED TID-206)

    • Contention in the DRAM row buffer can leak the memory access patterns of a victim program.

Cryptographic Algorithm Implementation

• Keys: Cryptographic Algorithm Implementation | Cryptographic Operation
• Description: Cryptographic algorithm implementation emits exploitable information to the side-channel

• Attack Vectors and Threats:

  • Side-Channel Leakage (MITRE EM3ED TID-330)

    • Sensitive data extraction

Interrupt Capabilities

• Keys: Interrupt Capabilities
• Description: Attacker can utilize target interrupt capabilities

• Attack Vectors and Threats:

  • Code Execution (MITRE EM3ED TID-301)

    • The number of executed instructions and their execution time can be measured by an attacker with interrupt capabilities.

Priviledged Mode

• Keys: Priviledged Mode
• Description: Attacker can utilize target priviledged execution mode

• Attack Vectors and Threats:

  • Code Execution (MITRE EM3ED TID-301)

    • By monitoring the state of page table mappings, a privileged attacker can reconstruct the access patterns of the victim.

Hyperthreading

• Keys: Hyperthreading
• Description: Attacker and victim share the same core

• Attack Vectors and Threats:

  • Code Execution (MITRE EM3ED TID-301)

    • If the attacker can measure the execution time of code executing in parallel with the victim on the same core, they can detect changes in the timing resulting from the two programs contending for the same execution port on the core.

  • Power Consumption Analysis Side Channel (MITRE EM3ED TID-101)

  • Electromagnetic Analysis Side Channel (MITRE EM3ED TID-102)

  • Microarchitectural Side Channels (MITRE EM3ED TID-103)

  • Hardware Fault Injection – Control Flow Modification (MITRE EM3ED TID-105)

Device includes peripheral chips and integrated data buses (MITRE EM3ED PID-13)

BUS

• Keys: BUS
• Description: Shared BUS

• Attack Vectors and Threats:

  • Memory (MITRE EM3ED TID-206)

    • If the victim and the attacker (either from code or through DMA) can access memory at the same time, this might lead to contention on the memory bus, making it possible to detect the victim’s memory accesses.

  • Unverified Peripheral Firmware Loaded (MITRE EM3ED TID-113)

  • Peripheral Data Bus Interception (MITRE EM3ED TID-114)

EM3ED-only: Device includes external peripheral interconnects (e.g., USB, Serial) (MITRE EM3ED PID-14)

• Attack Vectors and Threats:

  • Untrusted External Storage (MITRE EM3ED TID-111)

  • Weak Peripheral Port Electrical Damage Protection (MITRE EM3ED TID-118)

EM3ED-only: Device includes a hardware access port (e.g., UART, JTAG) (MITRE EM3ED PID-15)

• Attack Vectors and Threats:

  • Firmware/Data Extraction via Hardware Interface (MITRE EM3ED TID-115)

  • Latent Privileged Access Port (MITRE EM3ED TID-116)

  • Latent Hardware Debug Port Allows Memory/Code Manipulation (MITRE EM3ED TID-119)

Device includes a bootloader (MITRE EM3ED PID-21)

Bootloader

• Keys: Bootloader | Bootloader Execution
• Description: Bootloader execution

• Attack Vectors and Threats:

  • FI (MITRE EM3ED TID-110)

    • Firmware verification skip

    • Buffer overflow exploitation after fault injection

  • Side-Channel Leakage (MITRE EM3ED TID-330)

    • Secure bootloader control flow analysis

  • Buffer Manipulation (MITRE EM3ED TID-327)

    • Arbitrary code execution

  • Timing Attack (MITRE EM3ED TID-330)

    • Collection of timing information

  • Inadequate Bootloader Protection and Verification (MITRE EM3ED TID-201)

EM3ED-only: Device includes a debugging capabilities (MITRE EM3ED PID-22)

• Attack Vectors and Threats:

  • Excessive Access via Software Diagnostic Features (MITRE EM3ED TID-224)

EM3ED-only: Device includes OS/kernel (MITRE EM3ED PID-23)

• Attack Vectors and Threats:

  • Exploitable System Network Stack Component (MITRE EM3ED TID-202)

  • Operating System Susceptible to Rootkit (MITRE EM3ED TID-218)

EM3ED-only: Device includes an operating system that uses drivers/modules that can be loaded (MITRE EM3ED PID-231)

• Attack Vectors and Threats:

  • Malicious OS Kernel Driver/Module Installable (MITRE EM3ED TID-203)

EM3ED-only: Device lacks an access enforcement/privilege mechanism (MITRE EM3ED PID-2321)

• Attack Vectors and Threats:

  • Untrusted Programs Can Access Privileged OS Functions (MITRE EM3ED TID-204)

EM3ED-only: Device includes and enforces OS user accounts (MITRE EM3ED PID-23221)

• Attack Vectors and Threats:

  • Existing OS Tools Maliciously Used for Device Manipulation (MITRE EM3ED TID-205)

  • OS/Kernel Privilege Escalation (MITRE EM3ED TID-219)

EM3ED-only: Device includes a memory management model, including protections of memory access (read-only/, executable, writable) (MITRE EM3ED PID-23222)

• Attack Vectors and Threats:

  • Memory Management Protections Subverted (MITRE EM3ED TID-206)

  • System Susceptible to RAM Scraping (MITRE EM3ED TID-223)

EM3ED-only: Device lacks firmware/software update support (MITRE EM3ED PID-26)

• Attack Vectors and Threats:

  • Device Vulnerabilities Unpatchable (MITRE EM3ED TID-210)

EM3ED-only: Device includes support for firmware/software updates (MITRE EM3ED PID-27)

• Attack Vectors and Threats:

EM3ED-only: Device has firmware or software that is not cryptographically checked for integrity validation (MITRE EM3ED PID-271)

• Attack Vectors and Threats:

  • Device Allows Unauthenticated Firmware Installation (MITRE EM3ED TID-211)

EM3ED-only: Device includes cryptographic firmware/software integrity protection mechanisms (MITRE EM3ED PID-272)

• Attack Vectors and Threats:

  • Secrets Extracted from Device Root of Trust (MITRE EM3ED TID-214)

  • Cryptographic Timing Side-Channel (MITRE EM3ED TID-330)

EM3ED-only: Device includes a shared key for firmware integrity validation (MITRE EM3ED PID-2721)

• Attack Vectors and Threats:

  • FW/SW Update Integrity Shared Secrets Extraction (MITRE EM3ED TID-212)

EM3ED-only: Device includes digitally signed firmware (with private key) (MITRE EM3ED PID-2722)

• Attack Vectors and Threats:

  • Faulty FW/SW Update Integrity Verification (MITRE EM3ED TID-213)

EM3ED-only: Device has unencrypted firmware updates (MITRE EM3ED PID-273)

• Attack Vectors and Threats:

  • Unencrypted SW/FW Updates (MITRE EM3ED TID-215)

EM3ED-only: Device includes user firmware/software version selection during updates (MITRE EM3ED PID-274)

• Attack Vectors and Threats:

  • Firmware Update Rollbacks Allowed (MITRE EM3ED TID-216)

EM3ED-only: Device includes remotely-initiated firmware/software updates (MITRE EM3ED PID-275)

• Attack Vectors and Threats:

  • Remotely Initiated Updates Can Cause DoS (MITRE EM3ED TID-217)

EM3ED-only: Device stores logs of system events and information (MITRE EM3ED PID-28)

• Attack Vectors and Threats:

  • Logs can be manipulated on the device (MITRE EM3ED TID-225)

  • Device leaks security information in logs (MITRE EM3ED TID-226)

EM3ED-only: Application-level software is present and running on the device (MITRE EM3ED PID-31)

• Attack Vectors and Threats:

  • Applications Binaries Modified (MITRE EM3ED TID-301)