Improper Access Control in Fabric Bridge
CWE-1317
Short description
Extended description
In hardware designs, different IP blocks are connected through interconnect-bus fabrics (e.g. AHB and OCP). Within a System on Chip (SoC), the IP block subsystems could be using different bus protocols. In such a case, the IP blocks are then linked to the central bus (and to other IP blocks) through a fabric bridge. Bridges are used as bus-interconnect-routing modules that link different protocols or separate, different segments of the overall SoC interconnect.
For overall system security, it is important that the access-control privileges associated with any fabric transaction are consistently maintained and applied, even when they are routed or translated by a fabric bridge. A bridge that is connected to a fabric without security features forwards transactions to the slave without checking the privilege level of the master and results in a weakness in SoC access-control security. The same weakness occurs if a bridge does not check the hardware identity of the transaction received from the slave interface of the bridge.
Best practices to prevent this CWE
Phase: Architecture and Design
Ensure that the design includes provisions for access-control checks in the bridge for both upstream and downstream transactions.
Phase: Implementation
Implement access-control checks in the bridge for both upstream and downstream transactions.