CWE-1297

Unprotected Confidential Information on Device is Accessible by OSAT Vendors
AI Translation Available

The product does not adequately protect confidential information on the device from being accessed by Outsourced Semiconductor Assembly and Test (OSAT) vendors.

Status
incomplete
Abstraction
base
Not Language-Specific Verilog VHDL Processor Hardware Not Technology-Specific

In contrast to complete vertical integration of architecting, designing, manufacturing, assembling, and testing chips all within a single organization, an organization can choose to simply architect and design a chip before outsourcing the rest of the process to OSAT entities (e.g., external foundries and test houses). In the latter example, the device enters an OSAT facility in a much more vulnerable pre-production stage where many debug and test modes are accessible. Therefore, the chipmaker must place a certain level of trust with the OSAT. To counter this, the chipmaker often requires the OSAT partner to enter into restrictive non-disclosure agreements (NDAs). Nonetheless, OSAT vendors likely have many customers, which increases the risk of accidental sharing of information. There may also be a security vulnerability in the information technology (IT) system of the OSAT facility. Alternatively, a malicious insider at the OSAT facility may carry out an insider attack. Considering these factors, it behooves the chipmaker to minimize any confidential information in the device that may be accessible to the OSAT vendor.

Logic errors during design or synthesis could misconfigure the interconnection of the debug components, which could provide improper authorization to sensitive information.

Common Consequences

confidentiality integrity access control authentication authorization availability accountability non-repudiation
Impacts
gain privileges or assume identity bypass protection mechanism execute unauthorized code or commands modify memory modify files or directories

Detection Methods

architecture or design review dynamic analysis with manual results interpretation

Potential Mitigations

Phases:
architecture and design
Descriptions:
• - Ensure that when an OSAT vendor is allowed to access test interfaces necessary for preproduction and returned parts, the vendor only pulls the minimal information necessary. Also, architect the product in such a way that, when an "unlock device" request comes, it only unlocks that specific part and not all the parts for that product line. - Ensure that the product's non-volatile memory (NVM) is scrubbed of all confidential information and secrets before handing it over to an OSAT. - Arrange to secure all communication between an OSAT facility and the chipmaker.