Table 3. Assets To Be Protected - ST STM32C0 Series Application Note

What must be protected
Security cannot be limited to a certain target or asset. It is difficult to protect data if the code binary is exposed.
Both the attacks and the protection mechanisms often do not make difference. However it is still useful to
summarize the assets and risks.
The table below presents a non-exhaustive list of assets targeted by attackers.
Target
Data
Control of device (bootloader,
malicious application)
User code
Vulnerability, threat, and attack
Protection mechanisms have to deal with different threats. The objective is to remove vulnerabilities that could be
exploited in an attack. An overview of main attack types are presented in
ones to the most advanced ones.
The following specific wording is used around security:
• asset: what needs to be protected
• threat: what the device/user need to be protected against
• vulnerability: weakness or gap in a protection mechanism
In summary, an attack is the realization of a threat that exploits a system vulnerability in order to access an asset.
AN5156 - Rev 8
Table 3. Assets to be protected
Assets
Sensor data (such as healthcare data or log of positions)
User data (such as ID, PIN, password or accounts)
Transactions logs
Cryptographic keys
Device correct functionality
Device/user identity
Device hardware architecture/design
Software patent/architecture
Technology patents
Security purpose
Risks
Unauthorized sale of personal data
Usurpation
Spying
Blackmail
Denial of service
Attacks on service providers
Fraudulent access to service (cloud)
Device counterfeit
Software counterfeit
Software modification
Access to secure areas
Section 3 Attack types, from the basic
AN5156
page 6/56