mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-29 22:20:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Threat model: explain dangling countermeasures

Browse Source 
Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
Janos Follath 2023-03-08 16:38:07 +00:00
parent fef82fd39b
commit ecaa293d32
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
SECURITY.md
View File

@ -110,3 +110,16 @@ analysis, radio emissions or fault injection).
Mbed TLS doesn't offer any security guarantees against physical attacks. If Mbed TLS doesn't offer any security guarantees against physical attacks. If
physical attacks are present in a use case or a user application's threat physical attacks are present in a use case or a user application's threat
model, it needs to be mitigated by physical countermeasures. model, it needs to be mitigated by physical countermeasures.
### Caveats
#### Out of scope countermeasures
Mbed TLS has evolved organically and a well defined threat model hasn't always
been present. Therefore, Mbed TLS might have countermeasures against attacks
outside the above defined threat model.
The presence of such countermeasures don't mean that Mbed TLS provides
protection against a class of attacks outside of the above described threat
model. Neither does it mean that the failure of such a countermeasure is
considered a vulnerability.