CWE-1192: Improper Identifier for IP Block used in System-On-Chip (SOC)
A System-on-Chip (SoC) comprises several components (IP) with varied trust requirements. It is required that each IP is identified uniquely and should distinguish itself from other entities in the SoC without any ambiguity. The unique secured identity is required for various purposes. Most of the time the identity is used to route a transaction or perform certain actions, including resetting, retrieving a sensitive information, and acting upon or on behalf of something else.
There are several variants of this weakness:
- A "missing" identifier is when the SoC does not define any mechanism to uniquely identify the IP.
- An "insufficient" identifier might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended.
- A "misconfigured" mechanism occurs when a mechanism is available but not implemented correctly.
- An "ignored" identifier occurs when the SoC/IP has not applied any policies or does not act upon the identifier securely.
Modes of Introduction
Phase | Note |
---|---|
Architecture and Design | |
Implementation | |
Operation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Not Language-Specific | ||
Technology | System on Chip |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org