Additional Stencils and Threats for Medical Device Template#38
Open
jpschaaf wants to merge 2 commits intomicrosoft:masterfrom
Open
Additional Stencils and Threats for Medical Device Template#38jpschaaf wants to merge 2 commits intomicrosoft:masterfrom
jpschaaf wants to merge 2 commits intomicrosoft:masterfrom
Conversation
Re-merge upstream
Merged changes from Microsoft repository relating to unix-style newlines.
4.1.0.419
Added 'Evaluation Notes' free text field to Threat Properties. 'Evaluation Notes' can be used to document discussion notes associated with the threat. The information entered in this field isn't imported or available in the SRA; it is available only in the threat model
4.1.0.418
Added the 'Medical Device UI' stencil under 'Generic Process'
Added the 'Smart Battery', 'Non Invasive Blood Pressure device NIBP', 'Fetal Monitoring Sensor', 'ECG Sensor', 'Oxygen Saturation Sensor', 'Patient Monitor' stencils under 'Generic Physical Medical Component'
Added the 'Mobile Device Client', 'Printer', 'Barcode Reader' stencils under 'Generic External Interactor'
Added the 'TPM', 'HSM' stencils under 'Generic Data Store'
Added the 'SMBus', 'USB Mass Storage Device', 'Remote Mobile Device Debug Bridge', 'Microprocessor Config Interface', 'USB DFU', 'RS232', 'SPI', 'Microprocessor EEPROM Programming Interface', 'I2C', 'JTAG' stencils under 'Generic Data Flow'
Added threats 'Smart Battery - Abuse', 'Elevation of privilege using Medical Device UI', 'Smart Battery Denial of Service', 'Printer Information Disclosure', 'Removable Storage Information Disclosure', 'Sensitive Information Disclosure via UI', 'Remote Mobile Device Debug Bridge Information Disclosure', 'Microprocessor EEPROM Programming Interface Information Disclosure', 'Microprocessor Config Interface Information Disclosure', 'JTAG Information Disclosure', 'Physical possession of HSM by threat actor', 'TPM/HSM Data Flow Sniffing', 'Medical Device UI Repudiation', 'Smart Battery safety aspects', 'Tampering using Medical Device UI', 'Code execution from removable storage device', 'Smart Battery Tampering', 'SMBus Tampering', 'RS232 Tampering', 'Microprocessor EEPROM Programming Interface Tampering', 'Microprocessor Config Interface Tampering', 'Remote Mobile Device Debug Bridge Tampering', 'USB DFU Tampering', 'JTAG Tampering', 'Bluetooth Sensor - Spoofing', 'NIBP Device - Spoofing'.
Updated threats 'Sensor - Abuse', 'Physical theft of component communicating via {flow.Name}', 'Sensor Safety Aspects'.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request includes additions/changes to the Medical Device Template including the following new stencils: