Lines Matching +full:off +full:- +full:on +full:- +full:delay +full:- +full:us

6 Traditionally, microcontroller-based systems have not placed much
7 emphasis on security.
11 this.  Now, code running on small microcontrollers often has access to
35 a section on `Secure development knowledge`_, which
36 gives basic requirements that a developer working on the project will
46 documentation about how security-sensitive issues are handled by the
60 - **Open design** as a design guideline incorporates the maxim that
61   protection mechanisms cannot be kept secret on any system in
62   widespread use. Instead of relying on secret, custom-tailored
66 - **Economy of mechanism** specifies that the underlying design of a
71 - **Complete mediation** requires that each access to every object and
75 - **Fail-safe defaults** defines that access is restricted by default
82 - **Separation of privilege** is the principle that two conditions or
86 - **Least privilege** describes an access model in which each user,
92 - **Least common mechanism** specifies that mechanisms common to more
98 - **Psychological acceptability** requires that security features are
105 - **Complementary Security/Defense in Depth**: do not rely on a single
112 - **Less commonly used services off by default**: to reduce the
120   shall be notified if low-level options and APIs are enabled but not
123 - **Change management**: to guarantee a traceability of changes to the
143 - economy of mechanism (keep the design as simple and small as
146 - fail-safe defaults (access decisions shall deny by default, and
149 - complete mediation (every access that might be limited must be
150   checked for authority and be non-bypassable)
156 - open design (security mechanisms should not depend on attacker
157   ignorance of its design, but instead on more easily protected and
160 - separation of privilege (ideally, access to important objects should
161   depend on more than one condition, so that defeating one protection
162   system won't enable complete access. For example, multi-factor
164   token, is stronger than single-factor authentication)
166 - least privilege (processes should operate with the least privilege
169 - least common mechanism (the design should minimize the mechanisms
170   common to more than one user and depended on by all users, e.g.,
173 - psychological acceptability (the human interface must be designed
174   for ease of use - designing for "least astonishment" can help)
176 - limited attack surface (the set of the
179 - input validation with whitelists (inputs should typically be checked
181   validation should use whitelists (which only accept known-good
182   values), not blacklists (which attempt to list known-bad values)).
194 years ago), have the option of receiving information on a private
196 on behalf of the project, or perform final releases of the project
204 Examples (depending on the type of software) include SQL
205 injection, OS injection, classic buffer overflow, cross-site
211 mitigate linear stack/heap buffer overflows, non-linear out of bound writes,
212 integer overflows, and other integer issues. The follow-on class, `OST2_1002`_,
213 covers uninitialized data access, race conditions, use-after-free, type confusion,
217    mistakes.  Perhaps an example of things static analysis tool has sent us.
221 .. _OWASP Top 10: https://owasp.org/www-project-top-ten/
243 system (based on their general understanding of security), and if so,
266 duration, with a default being a project-decided value.  However,
272 Zephyr Security Subcommittee.  This review should focus on
274 notified or involved, and determining when to lift the embargo on the
276 the review team should avoid unnecessary delay in lifting issues that
288 .. _attack: http://www.theverge.com/2016/10/21/13362354/dyn-dns-ddos-attack-cause-outage-status-exp…