Skip to content

Commit

Permalink
Threat model: explain dangling countermeasures
Browse files Browse the repository at this point in the history 
Signed-off-by: Janos Follath <[email protected]>
  • Loading branch information
@yanesca
yanesca committed Mar 15, 2023
1 parent adc8a0b commit 389cdf4
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,3 +110,16 @@ analysis, radio emissions or fault injection).
Mbed TLS doesn't offer any security guarantees against physical attacks. If
physical attacks are present in a use case or a user application's threat
model, it needs to be mitigated by physical countermeasures.

### Caveats

#### Out of scope countermeasures

Mbed TLS has evolved organically and a well defined threat model hasn't always
been present. Therefore, Mbed TLS might have countermeasures against attacks
outside the above defined threat model.

The presence of such countermeasures don't mean that Mbed TLS provides
protection against a class of attacks outside of the above described threat
model. Neither does it mean that the failure of such a countermeasure is
considered a vulnerability.

0 comments on commit 389cdf4

Please sign in to comment.