Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)

Incomplete Base

Structure: Simple

Description

This vulnerability occurs when a System-On-Chip (SoC) component sends a transaction without its required security identifier. The destination hardware cannot properly verify permissions, leading to unintended access or system failure.

Extended Description

In a System-On-Chip, hardware agents like processors or accelerators constantly send transactions to access resources or trigger actions. Each transaction should carry a security identifier (like a digital keycard) that tells the receiving agent the sender's privilege level. Without this identifier, the receiving agent has no way to correctly enforce security policies for that specific request. This missing identifier forces the destination into a guesswork scenario. It may either reject the transaction entirely—causing a functional denial-of-service—or default to allowing it, which can lead to privilege escalation or unauthorized access to protected assets. The core issue is inconsistent tagging of transactions at their source, undermining the chip's entire internal security model.

Common Consequences 1

Scope: ConfidentialityIntegrityAvailabilityAccess Control

Impact: Modify MemoryRead MemoryDoS: Crash, Exit, or RestartBypass Protection MechanismExecute Unauthorized Code or Commands

Potential Mitigations 2

Phase: Architecture and Design

Transaction details must be reviewed for design inconsistency and common weaknesses.

Phase: Implementation

Security identifier definition and programming flow must be tested in pre-silicon and post-silicon testing.

Demonstrative Examples 1

Consider a system with a register for storing AES key for encryption or decryption. The key is of 128 bits implemented as a set of four 32-bit registers. The key registers are assets, and the register AES_KEY_ACCESS_POLICY is defined to provide the necessary access controls. The access-policy register defines which agents with a security identifier in the transaction can access the AES-key registers. Each bit in this 32-bit register defines a security identifier. There could be a maximum of 32 security identifiers that are allowed accesses to the AES-key registers. The number of the bit when set (i.e., "1") allows for a respective action from an agent whose identity matches the number of the bit; if set to "0" (i.e., Clear), it disallows the respective action to that corresponding agent.

Code Example:Bad
RegisterField description
AES_ENC_DEC_KEY_0AES key [0:31] for encryption or decryption, Default 0x00000000
AES_ENC_DEC_KEY_1AES key [32:63] for encryption or decryption, Default 0x00000000
AES_ENC_DEC_KEY_2AES key [64:95] for encryption or decryption, Default 0x00000000
AES_ENC_DEC_KEY_4AES key [96:127] for encryption or decryption, Default 0x00000000
AES_KEY_ACCESS_POLICY[31:0] Default 0x00000004 - agent with Security Identifier "2" has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers

Register	Field description
AES_ENC_DEC_KEY_0	AES key [0:31] for encryption or decryption, Default 0x00000000
AES_ENC_DEC_KEY_1	AES key [32:63] for encryption or decryption, Default 0x00000000
AES_ENC_DEC_KEY_2	AES key [64:95] for encryption or decryption, Default 0x00000000
AES_ENC_DEC_KEY_4	AES key [96:127] for encryption or decryption, Default 0x00000000
AES_KEY_ACCESS_POLICY	[31:0] Default 0x00000004 - agent with Security Identifier "2" has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers

The originator sends a transaction with no security identifier, i.e., meaning the value is "0" or NULL. The AES-Key-access register does not allow the necessary action and drops the transaction because the originator failed to include the required security identifier.

Code Example:Good
RegisterField description
AES_ENC_DEC_KEY_0AES key [0:31] for encryption or decryption, Default 0x00000000
AES_ENC_DEC_KEY_1AES key [32:63] for encryption or decryption, Default 0x00000000
AES_ENC_DEC_KEY_2AES key [64:95] for encryption or decryption, Default 0x00000000
AES_ENC_DEC_KEY_4AES key [96:127] for encryption or decryption, Default 0x00000000
AES_KEY_ACCESS_POLICY[31:0] Default 0x00000002 - agent with security identifier "2" has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers

Register	Field description
AES_ENC_DEC_KEY_0	AES key [0:31] for encryption or decryption, Default 0x00000000
AES_ENC_DEC_KEY_1	AES key [32:63] for encryption or decryption, Default 0x00000000
AES_ENC_DEC_KEY_2	AES key [64:95] for encryption or decryption, Default 0x00000000
AES_ENC_DEC_KEY_4	AES key [96:127] for encryption or decryption, Default 0x00000000
AES_KEY_ACCESS_POLICY	[31:0] Default 0x00000002 - agent with security identifier "2" has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers

The originator should send a transaction with Security Identifier "2" which will allow access to the AES-Key-access register and allow encryption and decryption operations.

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Technologies:

Not Technology-Specific : Undetermined

Modes of Introduction

Architecture and Design

Implementation

Related Attack Patterns

Related Weaknesses

ChildOf:

Insecure Security Identifier Mechanism (CWE-1294)