6.2 Secure Environments security levels

According to oneM2M TS-0003 [1], an SE can be implemented in different ways that can be associated with different security levels, according to the type of attacks they have been designed to provide protection against. For example, an SE can be implemented as an independent security engine, as an exclusive CPU/Memory mode on a general purpose chip, or as an enclave providing memory encryption and code/data execution isolation. Within the scope of the present document the following security levels and associated categories of implementation are distinguished:

• Security Level 3 (highest), able to provide tamper resistance against attackers that have physical access to the supporting hardware, e.g. having the ability to dismantle a device and implement sophisticated attacks such as playing with out-of-boundary operating conditions or perpetrating power analysis. This security level shall rely on a tamper resistant hardware SE implementation dedicated to security storage and processing (e.g. a GlobalPlatform eSE) and should be associated with application specific security assessment or certification process.
• Security Level 2 (medium), intended to provide strong protection against all kind of remote attacks but not targeting protection against attacks requiring physical control of the hardware. This security level shall rely at least on a hardware isolated SE implementation which may be integrated within the general purpose processing environment running the device software (e.g. a GlobalPlatform TEE [4]).
• Security Level 1 (low) which can be supported by pure software based SE implementations, providing confidence that the software design process followed best practice cybersecurity recommendations to provide reasonable resistance against software based attacks such as trojans or viruses.

When none of the above security levels can reasonably be claimed, Security Level 0 (no particular security attention) shall be indicated.