Skip to content

Security Risk Assessment (SRA) for Attestation API #132

New issue
New issue
Open
Open
Security Risk Assessment (SRA) for Attestation API#132
Labels
Attestation APIIssue or PR related to the Attestation APIclarificationSomething is confusing or missing in the documentation
Milestone
Attestation API 2.0.0
@athoelke

Description

@athoelke
athoelke
opened on Dec 14, 2023

Aligning with the other APIs, the Attestation API needs an SRA.

In this case, there is little to be said about the API itself, other than requiring implementations to be isolated, to sanitize input parameters, and consider limiting access to authorized callers.

Most of the threats to the Attestation process are transferred to the implementation (isolation & protection of cryptographic and claim assets), and/or the report format (covered by PSA Attestation Token and its dependencies) - so a detailed analysis of those threats is not required in this SRA.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Attestation APIIssue or PR related to the Attestation APIclarificationSomething is confusing or missing in the documentation

    Type

    No type

    Projects

    PSA Certified API development

    Status

    Todo

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions