In this guide and related guides, we use the following terms:
- An underlying bug or weakness in a system
- A specific attack that exploits a vulnerability
- Also called an adversary, someone trying to compromise an asset
- A combination of an attacker, an exploit, and one or more assets that are being attacked
Types of attack
We classify attacks into three broad categories:
- Software attacks
A software attack is an attack that does not require physical access to the device. A software attack could include, for example, a malicious download from an app store or an email with a malicious attachment.
Software attacks can target large numbers of devices anywhere in the world. For example, because the cost of sending an email is very low, an attacker can send an email with a malicious attachment to millions of recipients. Even if only a small percentage of those attacks succeed, the attack is worthwhile.
Software attacks are either unprivileged attacks or privileged attacks. The malicious email that we described in our example is an unprivileged attack. An unprivileged attack is launched from user space and tries to exploit a vulnerability in the operating system to access assets that it should not be able to access.
In a privileged attack, a privileged entity attacks another entity with similar privilege. For example, software in a system that is running as privileged on one processor can try to compromise another part of the system.
- Basic hardware attacks
A basic hardware attack requires physical access to the device, sometimes only temporarily. This type of attack is called basic because it requires tools, for example, JTAG probes or logic analyzers, that are easy to acquire. A basic hardware attack can involve software elements. The important difference between a software attack and a basic hardware attack is that a basic hardware attack requires physical access to a device. If physical access, or proximity, to a device is required, the number of potential target devices is greatly reduced. Reducing the number of targets significantly changes the threat profile.
Note: This type of attack was sometimes referred to as a shack attack. The name suggests that, for this type of attack, you only need tools that you can buy at a RadioShack store, rather than specialist tools.
An example of a basic hardware attack is an evil maid attack. Imagine that you have left your laptop in a hotel room. Someone posing as a member of the hotel housekeeping staff could use the opportunity of access to your room to plug in a USB device.
- Advanced hardware attacks
Like a basic hardware attack, an attacker in an advanced hardware attack requires physical access to the device that is being attacked. The difference between a basic hardware attack and an advanced hardware attack is the level of equipment, knowledge, and time that is necessary to carry out the attack.
Examples of advanced hardware attacks include placing a device under an electron microscope, or side-channel analysis. Side-channel analysis includes techniques like using the precise timing or power consumption of an operation to infer something about what the device is doing.
Advanced hardware attacks are costly, in terms of money and time. This means that advanced hardware attacks need to be more focused than other types of attacks, and an attacker cannot normally target as many devices. These categories are useful for discussions about attacks, but are not fixed categories. Attackers use a combination of attack types, or an attack might include elements from more than one category.
In addition to assets and attacks, we should think about who is attacking the system.
It is easy to imagine an attacker as someone in a dark room tapping at the keyboard of a laptop. But like we did with assets and attacks, we can categorize attackers.
Some attackers will be third parties. One example is the malicious email attachment example that we mentioned in Software attacks.
At other times, we protect the system from the user. For example, the purpose of Digital Rights Management (DRM) is to protect media from the owner of the device that includes the protected media.
Threat models and putting it all together
Threat models are a way of putting together all the ideas that we have discussed so far:
- What are the assets and what about them do we wish to protect?
- Who are the attackers and how can they attack the system?
Our threat model should also consider the different combinations of attack and attacker. This analysis is critical because it drives decisions on what defense we might employ.