CAPEC 680 Exploitation of Improperly Controlled Registers

Description

🇬🇧 English Original 🇮🇹 Italiano AI Translated

{'xhtml:p': 'An adversary exploits missing or incorrectly configured access control within registers to read/write data that is not meant to be obtained or modified by a user.'}

AI Generated Translation

{"xhtml:p": "Un avversario sfrutta controlli di accesso mancanti o configurati in modo errato all’interno dei registri per leggere/scrivere dati che non dovrebbero essere ottenuti o modificati dall’utente."}

Mitigations

5

Design Proper Access Control Policies For Hardware Register Access From Software And Ensure These Policies Are Implemented In Accordance With The Specified Design.

Ensure Security Lock Bit Protections Are Reviewed For Design Inconsistencies And Common Weaknesses.

Ensure That Measurement Data Is Stored In Registers That Are Read-Only Or Otherwise Have Access Controls That Prevent Modification By An Untrusted Agent.

Leverage Automated Tools To Test That Values Are Not Reprogrammable And That Write-Once Fields Lock On Writing Zeros.

Test Security Lock Programming Flow In Both Pre-Silicon And Post-Silicon Environments.

Consequences

Security Scopes Affected

Confidentiality Integrity

Potential Impacts

Modify Data Read Data

Relationships

Parent CAPECs

CAPEC-1 CAPEC-180