System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers

The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components.


A System-on-Chip (SoC) comprises several components (IP) with varied trust requirements. It is required that each IP is identified uniquely and should distinguish itself from other entities in the SoC without any ambiguity. The unique secured identity is required for various purposes. Most of the time the identity is used to route a transaction or perform certain actions, including resetting, retrieving a sensitive information, and acting upon or on behalf of something else.

There are several variants of this weakness:

A "missing" identifier is when the SoC does not define any mechanism to uniquely identify the IP.

An "insufficient" identifier might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended.

A "misconfigured" mechanism occurs when a mechanism is available but not implemented correctly.

An "ignored" identifier occurs when the SoC/IP has not applied any policies or does not act upon the identifier securely.

See Also

Privilege Separation and Access Control Issues

Weaknesses in this category are related to features and mechanisms providing hardware-based isolation and access control (e.g., identity, policy, locking control) of s...

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Weaknesses without Software Fault Patterns

CWE identifiers in this view are weaknesses that do not have associated Software Fault Patterns (SFPs), as covered by the CWE-888 view. As such, they represent gaps in...

Weaknesses Introduced During Implementation

This view (slice) lists weaknesses that can be introduced during implementation.

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.