Dark Mode
Capec-681 Detail
Exploitation of Improperly Controlled Hardware Security Identifiers
Detailed Hardware Hardware Likelihood: Medium Typical Severity: Very High
Parents: 1 180
Threats: T275 T394
An adversary takes advantage of missing or incorrectly configured security identifiers (e.g., tokens), which are used for access control within a System- on-Chip (SoC), to read/write data or execute a given action.
A System-on-Chip (SoC) often implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, these mechanisms may be exploitable due to any number of the following: The security identifiers are missing The security identifiers are incorrectly implemented or generated The security identifiers are generated with an obsolete encoding The security identifiers are generated and implemented correctly, but are improperly protected If the security identifiers leveraged by the SoC are missing or misconfigured, an adversary may be able to take advantage of this shortcoming to circumvent the intended access controls. This could result in the adversary gaining unintended access, performing a Denial of Service (DoS), escalating privileges, or spoofing actions from a trusted agent.
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-681 | capec | https://capec.mitre.org/data/definitions/681.html | |
| CWE-1259 | cwe | http://cwe.mitre.org/data/definitions/1259.html | |
| CWE-1267 | cwe | http://cwe.mitre.org/data/definitions/1267.html | |
| CWE-1270 | cwe | http://cwe.mitre.org/data/definitions/1270.html | |
| CWE-1294 | cwe | http://cwe.mitre.org/data/definitions/1294.html | |
| CWE-1302 | cwe | http://cwe.mitre.org/data/definitions/1302.html | |
| REF-694 | reference_from_CAPEC | https://www.intel.com/content/dam/www/public/us/en/documents/reference-guides/pcie-device-security-enhancements.pdf | PCIe Device Measurement Requirements, 2018--09, Intel Corporation |
| REF-695 | reference_from_CAPEC | https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf | John Butterworth, Cory Kallenberg, Xeno Kovah, BIOS Chronomancy: Fixing the Core Root of Trust for Measurement, 2013--07---31 |
Not present
- Awareness of the hardware being leveraged.
- Access to the hardware being leveraged.
Not present
| High | Medium |
|---|---|
| Intricate knowledge of the identifiers being utilized. | |
| Ability to execute actions within the SoC. |
| Integrity | Authorization | Access Control | Confidentiality |
|---|---|---|---|
| Modify Data | Gain Privileges | Gain Privileges | Read Data |
| Gain Privileges |
- A system contains a register (divided into four 32-bit registers) that is used to store a 128-bit AES key for encryption/decryption, in addition to an access-policy register. The access-policy register determines which agents may access the AES-key registers, based on a corresponding security identifier. It is assumed the system has two agents: a Main-controller and an Aux-controller, with respective security identifiers "1" and "2". The Main-controller (ID "1") is meant to have access to the AES-key registers, while the Aux-controller (ID "2") has access to the access-policy register. If a SoC incorrectly generates security identifier "1" for both agents, then both agents will have access to the AES-key registers. This could further result in a Denial-of-Service (DoS) or the execution of an action that in turn could result in privilege escalation or unintended access.