CAPEC-672

Malicious Code Implanted During Chip Programming
Bas
Haute
Draft
2021-06-24
00h00 +00:00
2022-09-29
00h00 +00:00
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

During the programming step of chip manufacture, an adversary with access and necessary technical skills maliciously alters a chip’s intended program logic to produce an effect intended by the adversary when the fully manufactured chip is deployed and in operational use. Intended effects can include the ability of the adversary to remotely control a host system to carry out malicious acts.

Informations du CAPEC

Conditions préalables

An adversary would need to have access to a foundry’s or chip maker’s development/production environment where programs for specific chips are developed, managed and uploaded into targeted chips prior to distribution or sale.

Compétences requises

An adversary needs to be skilled in microprogramming, manipulation of configuration management systems, and in the operation of tools used for the uploading of programs into chips during manufacture. Uploading can be for individual chips or performed on a large scale basis.

Atténuations

Utilize DMEA’s (Defense Microelectronics Activity) Trusted Foundry Program members for acquisition of microelectronic components.
Ensure that each supplier performing hardware development implements comprehensive, security-focused configuration management of microcode and microcode generating tools and software.
Require that provenance of COTS microelectronic components be known whenever procured.
Conduct detailed vendor assessment before acquiring COTS hardware.

Références

REF-662

Assuring Microelectronics Innovation for National Security & Economic Competitiveness (MINSEC)
Jeremy Muldavin.

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Related_Attack_Patterns, Taxonomy_Mappings