IoT-Security-Verification-Standard-ISVS icon indicating copy to clipboard operation
IoT-Security-Verification-Standard-ISVS copied to clipboard

Published 20 hours ago verified publisher icon OWASP

3.2.9 RAM scrambling?

Open attilaszia opened this issue 3 years ago • 1 comments

Hi,

3.2.9 on OS configuration says that one should: Verify the embedded OS provides protection against unauthorized access to RAM (e.g. RAM scrambling).

I'm somewhat confused about this as I thought RAM scrambling was a transparent hardware security measure. Could u please list some examples on OS's where you can effectively configure RAM scrambling or similar measures? Is there anything in Linux for that?

Thanks, Attila

attilaszia avatar Jan 24 '22 17:01 attilaszia

Thanks for flagging @attilaszia. Im unable to locate resources to achieve this requirement outside of ASLR (3.2.7), hardware chips like MPUs/MMUs (covered 3.2.8 and in V5) and DDR3 cold boot material related to RAM scrambling which might not be applicable to embedded.

Perhaps @cbassem has feedback on this.

scriptingxss avatar Feb 20 '22 23:02 scriptingxss