From 123d0ff07a1c7d20eeb9c036534da37d9ccad8ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?=
 <tomasagustin.gonzalezorlando@arm.com>
Date: Tue, 21 May 2024 13:37:39 +0100
Subject: [PATCH] threat_model: Update service and client assumptions for
 unsafe calls
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
---
 .../rust_client_threat_model/threat_model.md               | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/parsec_security/rust_client_threat_model/threat_model.md b/src/parsec_security/rust_client_threat_model/threat_model.md
index 1084b4d..b6b70bc 100644
--- a/src/parsec_security/rust_client_threat_model/threat_model.md
+++ b/src/parsec_security/rust_client_threat_model/threat_model.md
@@ -24,6 +24,8 @@ by Parsec cannot be guaranteed.
    application.
 3. The client application obtains or generates a persistent name that it uses consistently for
    accessing its service-side assets.
+4. Invoking third party libraries using unsafe calls relies on their respective threat models and
+   assurances, and is outside of the scope of the parsec client.
 
 ## Assets
 
@@ -122,8 +124,9 @@ sensitive information.
 | ID | Justification                                                                                                                                                | Consequences                                                                                                                                     |
 |----|--------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------|
 | 0  | Client library dependencies are not checked for Security Vulnerabilities.                                                                                    | A vulnerability in one of the Parsec client dependencies will also impact the client application and the data it shares with the Parsec library. |
-| 1  | Authenticity of responses is not ensured through a MAC or asymmetric signature – it relies on trust in the platform administrator.                           | Any response from the service could have been spoofed or altered by any entity with sufficient capabilities.                                     |
-| 2  | Parsec does not currently clear sensitive data in memory after use. [This is looked at here](https://github.com/parallaxsecond/parsec-client-rust/issues/9). | Any data that passes through the client library could be read after the memory is released.                                                      |
+| 1  | Provider libraries using unsafe calls are not checked by Parsec                                                                                              | Provider libraries using unsafe calls rely on their respective threat models and assurances, and is outside of the scope of the parsec service.  |
+| 2  | Authenticity of responses is not ensured through a MAC or asymmetric signature – it relies on trust in the platform administrator.                           | Any response from the service could have been spoofed or altered by any entity with sufficient capabilities.                                     |
+| 3  | Parsec does not currently clear sensitive data in memory after use. [This is looked at here](https://github.com/parallaxsecond/parsec-client-rust/issues/9). | Any data that passes through the client library could be read after the memory is released.                                                      |
 
 ## Mitigations