From b24f2512f0ed965cf174aed0729833b285ee3576 Mon Sep 17 00:00:00 2001 From: Douglas Stebila Date: Fri, 3 Jan 2025 14:52:06 -0500 Subject: [PATCH] Add threat model Signed-off-by: Douglas Stebila --- SECURITY.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 8d0f682b57..c6f569e12a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -12,4 +12,23 @@ Using any code prior to 0.10.1 is strongly discouraged due to a [known security | < 0.12 | :x: | ## Reporting a Vulnerability + Please follow [this information to report a vulnerability](https://openquantumsafe.org/liboqs/security.html#reporting-security-bugs). + +## Threat Model + +For certain algorithms and platforms, liboqs aims for "constant-time code" in the sense of no branching or memory accesses based on secret data. + +- Algorithms: The [algorithm datasheets](https://github.com/open-quantum-safe/liboqs/blob/main/docs/algorithms/) indicate whether each algorithm and implementation aims for constant-time behaviour. These should be read in conjunction with the [issues/passes files for each algorithm's constant-time tests](https://github.com/open-quantum-safe/liboqs/tree/main/tests/constant_time). +- Platforms: We aim for constant-time behaviour on our [Tier 1 platforms](https://github.com/open-quantum-safe/liboqs/blob/main/PLATFORMS.md). + +The following types of attacks are outside the scope of our threat model: + +- same physical system side channel +- CPU / hardware flaws +- physical fault injection attacks (including Rowhammer-style attacks) +- physical observation side channels (such as power consumption, electromagnetic emissions) + +Mitigations for security issues outside the stated threat model may still be applied depending on the nature of the issue and the mitigation. + +(Based in part on https://openssl-library.org/policies/general/security-policy/index.html)