Overview of the new MITRE EMB3D framework and an assessment of how it helps with threat modeling for embedded devices.
Comparison with the ATT&CK framework
Similar to the ATT&CK framework (Adversarial Tactics, Techniques, and Common Knowledge), EMB3D provides a central knowledge base for threats, but with a specific focus on embedded devices. While ATT&CK focuses on cyber threats in general, EMB3D addresses the specific threats and vulnerabilities that occur in embedded devices.
Overview of the EMB3D framework
The EMB3D framework consists of three main components: device properties, threats, and mitigations.
- Device properties: These describe the hardware and software components of a device, including physical hardware, network services and protocols, and firmware. By mapping these properties, users can identify associated threats.
- Threats: EMB3D describes how attackers can achieve specific goals or impacts on a system or device. Each threat contains information about the targeted technical properties, the actions required by the attacker, and the vulnerabilities that enable the threat.
- Mitigations: These strategies and techniques help device manufacturers prevent or reduce threats. The mitigations define mechanisms or technologies intended to protect against the threat.
Personal assessment
The EMB3D framework is an important tool for manufacturers of embedded systems. It provides a valuable resource for improving device security by offering a central knowledge base of known threats and corresponding mitigations. I hope this framework is well adopted by manufacturers and look forward to future updates that will include additional mitigations. The framework is an important step in the right direction toward more secure and robust software.