diff --git a/process/folder_templates/platform/docs/security_mgt/index.rst b/process/folder_templates/platform/docs/security_mgt/index.rst index 1b38c1ed0c..b6d661491a 100644 --- a/process/folder_templates/platform/docs/security_mgt/index.rst +++ b/process/folder_templates/platform/docs/security_mgt/index.rst @@ -19,6 +19,7 @@ Security Management :titlesonly: platform_security_manual.rst + platform_security_analysis.rst platform_security_analysis_fdr.rst platform_security_package_fdr.rst platform_security_plan.rst diff --git a/process/folder_templates/platform/docs/security_mgt/platform_security_analysis.rst b/process/folder_templates/platform/docs/security_mgt/platform_security_analysis.rst new file mode 100644 index 0000000000..031fb6a990 --- /dev/null +++ b/process/folder_templates/platform/docs/security_mgt/platform_security_analysis.rst @@ -0,0 +1,104 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + + +Platform Security Analysis +========================== + +.. document:: Platform Security Analysis + :id: doc__platform_security_analysis + :status: draft + :safety: ASIL_B + :security: YES + :realizes: wp__platform_security_analysis + :tags: template + + +.. .. attention:: +.. The above directive must be updated according to your Platform. + +.. - Modify ``Your Platform Name`` to be your Platform Name +.. - Modify ``id`` to be your Platform Name in lower snake case preceded by ``doc__`` and followed by ``_security_analysis_fdr`` +.. - Adjust ``status`` to be ``valid`` +.. - Adjust ``safety``, ``security`` and ``tags`` according to your needs + + +Purpose +------------------ +The purpose of this Security Analysis is to document the results of the platform security analysis. + + + +Platform Security Analysis +-------------------------- +The following deliverables are the outcome of a security analysis on the platform. + +#. Identification of threats and mitigations +#. Stakeholder security requirements definition +#. Security assumptions definition + +Threat and Risk Identification +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.. .. attention:: +.. Add the actual threats and mitigations as examples from the platform security analysis of the middleware. + +.. list-table:: Threat and Risk Identification + :header-rows: 1 + + * - Id + - Identified Threat + - Corresponding mitigation + - Comment/Remark + + * - 1 + - Eg: A backend attacker performs MiTM between the OEM cloud and the platform component. + - Eg: End to end TLS between the platform component and the OEM cloud service mitigates the MiTM attacks. + - + + * - 2 + - Eg: Unauthorized access to the onboard diagnostic stack from external interfaces. + - Eg: Authentication and authorization mechanisms such as usage of tokens prevents such unauthorized access. + - + + * - 3 + - Eg: Static configuration files are manipulated by an inside attacker. + - Eg: OS specific access control mechanisms and least privilege principle prevents such unauthorized manipulation. + - + + + +Stakeholder Security Requirements +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.. list-table:: Stakeholder Security Requirements + :header-rows: 1 + + * - Id + - Security Requirement + - Comment/Remark + + * - 1 + - Eg: The platform shall use end to end mutual TLS and 2 factor authentication for communication between components and OEM cloud services. + - + + * - 2 + - Eg: Tokens shall be used for authorizing access to the onboard diagnostic APIs. + - + + * - 3 + - Eg: OS specific DAC (discretionary access control) and MAC (mandatory access control) shall be used for restricting access to assets such as configuration files. + - + +Security Assumptions +~~~~~~~~~~~~~~~~~~~~ +The assumptions of use shall be documented under :need:`wp__platform_security_manual`. diff --git a/process/process_areas/security_analysis/guidance/security_analysis_guideline.rst b/process/process_areas/security_analysis/guidance/security_analysis_guideline.rst index ba8554f935..f80274bbee 100644 --- a/process/process_areas/security_analysis/guidance/security_analysis_guideline.rst +++ b/process/process_areas/security_analysis/guidance/security_analysis_guideline.rst @@ -75,7 +75,7 @@ The attributes of the template are described in :ref:`process_requirements_secur Step-by-Step-approach Security Analysis Platform: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The analysis is done by using the template :ref:`security_analysis_templates` on the +The analysis is done by using the template :need:`doc__platform_security_analysis` on the platform diagrams using a list of threat scenarios <:need:`gd_guidl__sec_ana_threat_scenarios`>. Use the content of the document :need:`gd_temp__plat_threat_scenario`, :need:`gd_temp__feat_sec_ana_threat` or :need:`gd_temp__comp_sec_ana_threat` to describe