From 18ffba6100c8a12380debe128b24ccb649482495 Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Wed, 8 Mar 2023 19:58:29 +0000
Subject: [PATCH] Threat Model: improve wording

Signed-off-by: Janos Follath <janos.follath@arm.com>
---
 SECURITY.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 677e68555d2e..d0281ace9336 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -42,14 +42,14 @@ Ciphers](#block-ciphers) section.
 
 ### Local attacks
 
-The attacker is capable of running code on the same hardware as Mbed TLS, but
-there is still a security boundary between them (ie. the attacker can't for
-example read secrets from Mbed TLS' memory directly).
+The attacker can run software on the same machine. The attacker has
+insufficient privileges to directly access Mbed TLS assets such as memory and
+files.
 
 #### Timing attacks
 
-The attacker can gain information about the time taken by certain sets of
-instructions in Mbed TLS operations. (See for example the [Flush+Reload
+The attacker is able to observe the timing of instructions executed by Mbed
+TLS.(See for example the [Flush+Reload
 paper](https://eprint.iacr.org/2013/448.pdf).)
 
 (Technically, timing information can be observed over the network or through