diff --git a/SECURITY.md b/SECURITY.md index 8d0f682b57..4dcdca3db0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -12,4 +12,20 @@ Using any code prior to 0.10.1 is strongly discouraged due to a [known security | < 0.12 | :x: | ## Reporting a Vulnerability + Please follow [this information to report a vulnerability](https://openquantumsafe.org/liboqs/security.html#reporting-security-bugs). + +## Threat Model + +Some timing-based side-channel attacks are within the scope of our threat model. OQS tests for secret-dependent branches and memory accesses on Linux on x86\_64. All test failures are documented as either "passes," which we have assessed to be false positives, or "issues," which may constitute non–constant-time behaviour. The [algorithm datasheets](https://github.com/open-quantum-safe/liboqs/tree/main/docs/algorithms) indicate whether or not an implementation passes our constant-time tests, as well as whether or not it is expected to pass. Details about passes and issues are available in the [tests/constant_time directory](https://github.com/open-quantum-safe/liboqs/tree/main/tests/constant_time). These tests do not encompass all classes of non–constant-time behaviour; for example, they do not detect possible variable-time instructions, such as `DIV`. Reports of non–constant-time behaviour that fall outside this scope will be considered on a case-by-case basis, with a priority on [Tier 1 platforms](https://github.com/open-quantum-safe/liboqs/blob/main/PLATFORMS.md#tier-1). + +The following types of attacks are outside the scope of our threat model: + +- same physical system side channel +- CPU / hardware flaws +- physical fault injection attacks (including Rowhammer-style attacks) +- physical observation side channels (such as power consumption, electromagnetic emissions) + +Mitigations for security issues outside the stated threat model may still be applied depending on the nature of the issue and the mitigation. + +(Based in part on https://openssl-library.org/policies/general/security-policy/index.html)