EMB3D™ Background
The EMB3D Threat Model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with security mechanisms to mitigate them.
Leveraging established models to strengthen embedded device security
EMB3D aligns with and expands on several existing models like Common Weakness Enumeration, MITRE ATT&CK®, and Common Vulnerabilities and Exposures, specifically focusing on embedded devices. EMB3D provides a cultivated knowledge base of cyber threats to devices, including those observed in the field environment or demonstrated through proofs-of-concept and theoretic research. Mapping these threats to device properties helps users develop and tailor accurate threat models for specific embedded devices. For each threat, suggested mitigations are provided for technical mechanisms that device vendors should implement to mitigate the given threat by building security into the device. EMB3D is a comprehensive framework for the entire security ecosystem — device vendors, asset owners and operators, security researchers, and testing organizations.
A framework for a dynamic threat landscape
EMB3D is a living framework that will be updated with new threats and mitigations as security researchers discover new vulnerabilities, threats, and security defenses. EMB3D is a public, community resource where all information is openly available, and the security community can submit additions and revisions.