CAPEC-672
Malicious Code Implanted During Chip Programming
Low
High
Draft
2021-06-24
00h00 +00:00
00h00 +00:00
2022-09-29
00h00 +00:00
00h00 +00:00
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Informations CAPEC
Prerequisites
An adversary would need to have access to a foundry’s or chip maker’s development/production environment where programs for specific chips are developed, managed and uploaded into targeted chips prior to distribution or sale.Skills Required
An adversary needs to be skilled in microprogramming, manipulation of configuration management systems, and in the operation of tools used for the uploading of programs into chips during manufacture. Uploading can be for individual chips or performed on a large scale basis.Mitigations
Utilize DMEA’s (Defense Microelectronics Activity) Trusted Foundry Program members for acquisition of microelectronic components.Ensure that each supplier performing hardware development implements comprehensive, security-focused configuration management of microcode and microcode generating tools and software.
Require that provenance of COTS microelectronic components be known whenever procured.
Conduct detailed vendor assessment before acquiring COTS hardware.
References
REF-662
Assuring Microelectronics Innovation for National Security & Economic Competitiveness (MINSEC)Jeremy Muldavin.
Submission
| Name | Organization | Date | Date release |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns, Taxonomy_Mappings |
