Threat Model: adjust modality
Signed-off-by: Janos Follath <janos.follath@arm.com>
diff --git a/SECURITY.md b/SECURITY.md
index 8d23371..8d3678a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -25,9 +25,10 @@
### Remote attacks
-The attacker can observe and modify data sent over the network. This includes
-observing the content and timing of individual packets, as well as suppressing
-or delaying legitimate messages, and injecting messages.
+In this section, we consider an attacker who can observe and modify data sent
+over the network. This includes observing the content and timing of individual
+packets, as well as suppressing or delaying legitimate messages, and injecting
+messages.
Mbed TLS aims to fully protect against remote attacks and to enable the user
application in providing full protection against remote attacks. Said
@@ -42,9 +43,9 @@
### Local attacks
-The attacker can run software on the same machine. The attacker has
-insufficient privileges to directly access Mbed TLS assets such as memory and
-files.
+In this section, we consider an attacker who can run software on the same
+machine. The attacker has insufficient privileges to directly access Mbed TLS
+assets such as memory and files.
#### Timing attacks
@@ -93,9 +94,10 @@
### Physical attacks
-The attacker has access to physical information about the hardware Mbed TLS is
-running on and/or can alter the physical state of the hardware (e.g. power
-analysis, radio emissions or fault injection).
+In this section, we consider an attacker who can attacker has access to
+physical information about the hardware Mbed TLS is running on and/or can alter
+the physical state of the hardware (e.g. power analysis, radio emissions or
+fault injection).
Mbed TLS doesn't make any security guarantees against physical attacks. If
physical attacks are present in a use case or a user application's threat