secure-coding.rst - OpenGrok cross reference for /Zephyr-latest/doc/security/secure-coding.rst

Lines Matching +full:split +full:- +full:security
6 Traditionally, microcontroller-based systems have not placed much
7 emphasis on security.
17 security is addressed within the Zephyr project.  All code submitted
26 security perspective.  Many of the ideas contained herein are captured
37 need to have.  This section gives references to other security
46 documentation about how security-sensitive issues are handled by the
58 help prevent security violations and limit their impact:
60 - **Open design** as a design guideline incorporates the maxim that
62   widespread use. Instead of relying on secret, custom-tailored
63   security measures, publicly accepted cryptographic algorithms and
66 - **Economy of mechanism** specifies that the underlying design of a
71 - **Complete mediation** requires that each access to every object and
75 - **Fail-safe defaults** defines that access is restricted by default
79   to provide maximum security.  This corresponds to the "Secure by
82 - **Separation of privilege** is the principle that two conditions or
84   of the Zephyr project, this could encompass split keys [PAUL09]_.
86 - **Least privilege** describes an access model in which each user,
89   positive security model aims to minimize the attack surface of the
92 - **Least common mechanism** specifies that mechanisms common to more
98 - **Psychological acceptability** requires that security features are
105 - **Complementary Security/Defense in Depth**: do not rely on a single
106   threat mitigation approach. In case of the complementary security
112 - **Less commonly used services off by default**: to reduce the
120   shall be notified if low-level options and APIs are enabled but not
123 - **Change management**: to guarantee a traceability of changes to the
143 - economy of mechanism (keep the design as simple and small as
146 - fail-safe defaults (access decisions shall deny by default, and
149 - complete mediation (every access that might be limited must be
150   checked for authority and be non-bypassable)
156 - open design (security mechanisms should not depend on attacker
160 - separation of privilege (ideally, access to important objects should
162   system won't enable complete access. For example, multi-factor
164   token, is stronger than single-factor authentication)
166 - least privilege (processes should operate with the least privilege
169 - least common mechanism (the design should minimize the mechanisms
173 - psychological acceptability (the human interface must be designed
174   for ease of use - designing for "least astonishment" can help)
176 - limited attack surface (the set of the
179 - input validation with whitelists (inputs should typically be checked
181   validation should use whitelists (which only accept known-good
182   values), not blacklists (which attempt to list known-bad values)).
205 injection, OS injection, classic buffer overflow, cross-site
211 mitigate linear stack/heap buffer overflows, non-linear out of bound writes,
212 integer overflows, and other integer issues. The follow-on class, `OST2_1002`_,
213 covers uninitialized data access, race conditions, use-after-free, type confusion,
221 .. _OWASP Top 10: https://owasp.org/www-project-top-ten/
227 Zephyr Security Subcommittee
230 There shall be a "Zephyr Security Subcommittee", responsible for
242 developer shall determine if this change affects the security of the
243 system (based on their general understanding of security), and if so,
247 mainline code until the security issues have been addressed.
258 Because security issues are often sensitive, this issue tracking
259 system shall have a field to indicate a security issue.  Setting this
260 field shall result in the issue only being visible to the Zephyr Security
262 field to allow the Zephyr Security Subcommittee to add additional users that will
266 duration, with a default being a project-decided value.  However,
267 because security considerations are often external to the Zephyr
272 Zephyr Security Subcommittee.  This review should focus on
282 Changes to this document shall be reviewed by the Zephyr Security Subcommittee,
288 .. _attack: http://www.theverge.com/2016/10/21/13362354/dyn-dns-ddos-attack-cause-outage-status-exp…