CWE-1189: Improper Isolation of Shared Resources on System-on-a-Chip (SoC)

Description

The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.

Submission Date :

Oct. 15, 2019, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

Intel Corporation

Extended Description

A System-On-a-Chip (SoC) has a lot of functionality, but it may have a limited number of pins or pads. A pin can only perform one function at a time. However, it can be configured to perform multiple different functions. This technique is called pin multiplexing. Similarly, several resources on the chip may be shared to multiplex and support different features or functions. When such resources are shared between trusted and untrusted agents, untrusted agents may be able to access the assets intended to be accessed only by the trusted agents.

Example Vulnerable Codes

Example - 1

Consider the following SoCdesign. The Hardware Root of Trust (HRoT) local SRAM is memory mapped in the core{0-N}address space. The HRoT allows or disallows access to private memory ranges, thusallowing the sram to function as a mailbox for communication between untrusted andtrusted HRoT partitions.

We assume that the threat is from malicious software inthe untrusted domain. We assume this software has accessto the core{0-N} memory map and can be running at anyprivilege level on the untrusted cores. The capabilityof this threat in this example is communication to andfrom the mailbox region of SRAM modulated by thehrot_iface. To address this threat, information must notenter or exit the shared region of SRAM throughhrot_iface when in secure or privileged mode.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

Visit http://cwe.mitre.org/ for more details.