Hi Hu,

I read the threat model and I have a question regarding a potential threat.

I’m not sure it should belong to this generic threat model or it is already included in one of those presented.

 

The scenario is the following: a NS App X uses a RoT Service that store data private to X. Another NS App Y can fool the SPE to impersonate X and retrieve its private data. For example, X save a value in the secure storage and Y retrieves this value. TF-M prevents this using non secure client identification mechanism. This is a classic confused deputy problem.  

 

Can this be considered a threat in this model or should it belong to another model/TOE?

 

Best,