|
|
|
|
| CAPEC-672: Malicious Code Implanted During Chip Programming |
 Description During the programming step of chip manufacture, an adversary with access and necessary technical skills maliciously alters a chip’s intended program logic to produce an effect intended by the adversary when the fully manufactured chip is deployed and in operational use. Intended effects can include the ability of the adversary to remotely control a host system to carry out malicious acts. Likelihood Of Attack Typical Severity Prerequisites
| An adversary would need to have access to a foundry’s or chip maker’s development/production environment where programs for specific chips are developed, managed and uploaded into targeted chips prior to distribution or sale. |
Skills Required
[Level: Medium] An adversary needs to be skilled in microprogramming, manipulation of configuration management systems, and in the operation of tools used for the uploading of programs into chips during manufacture. Uploading can be for individual chips or performed on a large scale basis. |
Consequences  This table specifies different individual consequences associated with the attack pattern. The Scope identifies the security property that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in their attack. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a pattern will be used to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.| Scope | Impact | Likelihood |
|---|
Integrity | Alter Execution Logic | |
Mitigations
| Utilize DMEA’s (Defense Microelectronics Activity) Trusted Foundry Program members for acquisition of microelectronic components. |
| Ensure that each supplier performing hardware development implements comprehensive, security-focused configuration management of microcode and microcode generating tools and software. |
| Require that provenance of COTS microelectronic components be known whenever procured. |
| Conduct detailed vendor assessment before acquiring COTS hardware. |
Example Instances
Following a chip’s production process steps of test and verification and validation of chip circuitry, an adversary involved in the generation of microcode defining the chip’s function(s) inserts a malicious instruction that will become part of the chip’s program. When integrated into a system, the chip will produce an effect intended by the adversary. |
Taxonomy Mappings CAPEC mappings to ATT&CK techniques leverage an inheritance model to streamline and minimize direct CAPEC/ATT&CK mappings. Inheritance of a mapping is indicated by text stating that the parent CAPEC has relevant ATT&CK mappings. Note that the ATT&CK Enterprise Framework does not use an inheritance model as part of the mapping to CAPEC.Relevant to the ATT&CK taxonomy mapping | Entry ID | Entry Name |
|---|
| 1195.003 | Supply Chain Compromise: Compromise Hardware Supply Chain |
References
[REF-662] Jeremy Muldavin. "Assuring Microelectronics Innovation for National Security & Economic Competitiveness (MINSEC)". Office of the Deputy Assistant Secretary of Defense for Systems Engineering. 2017-11.
|
 Content History | Submissions |
|---|
| Submission Date | Submitter | Organization |
|---|
| 2021-06-24 (Version 3.5) | CAPEC Content Team | The MITRE Corporation | | | Modifications |
|---|
| Modification Date | Modifier | Organization |
|---|
| 2022-09-29 (Version 3.8) | CAPEC Content Team | The MITRE Corporation | | Updated Related_Attack_Patterns, Taxonomy_Mappings |
More information is available — Please select a different filter.
|