CAPEC-680: Exploitation of Improperly Controlled Registers
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
前提条件
- Awareness of the hardware being leveraged.
- Access to the hardware being leveraged.
所需技能
后果影响
影响范围: Integrity
技术影响: Modify Data
影响范围: Confidentiality
技术影响: Read Data
缓解措施
Design proper access control policies for hardware register access from software and ensure these policies are implemented in accordance with the specified design.
Ensure security lock bit protections are reviewed for design inconsistencies and common weaknesses.
Test security lock programming flow in both pre-silicon and post-silicon environments.
Leverage automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros.
Ensure that measurement data is stored in registers that are read-only or otherwise have access controls that prevent modification by an untrusted agent.