Lines Matching full:are

14 documents are created, this document is a top-level overview and entry
23 In subsequent sections, the individual parts of the process are treated
24 in detail. As depicted in Figure 1, these main steps are:
32    relevant sub-modules is created, threats are identified, and
34    validity of the threat models are checked by code reviews.
40    how these assets are protected. Certification claims shall be
60 "OPTIONAL" are to be interpreted as described in [RFC2119]_.
62 These words are used to define absolute requirements (or prohibitions),
64 noted in RFC-2119, "These terms are frequently used to specify behavior
77 changes are identified, they will be added to this document through the
93 and code quality assurance, although additional security features are
96 The three major security measures currently implemented are:
117 These topics are discussed in more detail in the following subsections.
125 The cryptographic features are provided through PSA Crypto, with
133 are planned, including secure key storage in the form of secure access
138 Zephyr kernel and all applications are compiled into a single static
139 binary. System calls are implemented as function calls without requiring
143 Additional protection features are available in later releases.  Stack
144 protection mechanisms are provided to protect against stack overruns.
150 thread execution level, and memory protection constraints are enforced
160 Code reviews are documented and enforced using a voting system before
162 maintainer. The main goals of the code review are:
181 Static code analyses are run on the Zephyr code tree on a regular basis,
190 they are closed as non-issues (at least another person educated in
211    their own memory resources. As threads are scheduled, only memory
214    are currently not in scope.
235 Some of these categories are interconnected and rely on multiple pieces
275 adhering to a defined set of design standards. These standards are
278 accepted principles for protection mechanisms are defined to prevent
320 -  **Psychological acceptability** requires that security features are
324 In addition to these general principles, the following points are
329    approach, parts of the threat mitigation are performed by the
330    underlying platform. In case such mechanisms are not provided by
331    the platform, or are not trusted, a defense in depth [MS12]_
336    shall not be enabled by default if they are only rarely used (a
343    APIs are enabled but not used by the application.
355 into the Zephyr development process. Further details on this are given
366    the code review. These coding conventions are enforced by
378    developers on a functional level and are to be distinguished from
406    adherence are a mandatory part of the precommit checks. To
526 mitigate existing weaknesses. Newly developed sub-modules that are
545 these assets are protected by the system and which threats against them
546 are present. After a threat has been identified, a corresponding threat
552 and appropriate countermeasures are defined to mitigate the threat or
571 updated whenever new vulnerabilities or exploits are discovered. During
584 vulnerability analyses (VA) shall be performed. Of special interest are
618 scope and scheme are yet to be decided. However, many certifications such
620 claims are indeed fulfilled, so a general certification process is
629 (compare [MICR16]_) are:
632    Potential candidates are confidential information such as
649 4. Providing **proof** that the claims are fulfilled. This includes
653 These steps are partially covered in previous sections as well. In
668    these assumptions are met by the hardware and the application, a
677    assumptions on the application. If these are met, the final
690 hardware and/or software are required for certifications. These can