W3C home > Mailing lists > Public > public-sysapps@w3.org > August 2013

[Runtime and Security Model for Web Applications]: Privileged applications and API Access Permissions

From: 联通集团技术部 <sunx5@chinaunicom.cn>
Date: Fri, 23 Aug 2013 16:05:01 +0800
To: "'mounir@lamouri.fr'" <mounir@lamouri.fr>, "'public-sysapps@w3.org'" <public-sysapps@w3.org>
Message-ID: <3B545D03776B7B48AAE24A15AE243CDE2F40EB8ADF@HQMBX01.hq.cnc.intra>
Hi All,

We have some ideas about API Access Permissions in Runtime spec.

As description in chapter 10.4 of “Runtime and Security Model for Web Applications”[1], a malicious application could misuse SMS API to send unwanted premium-rate messages and costing user’s money.

It seems to lack an effective solution of preventing the arbitrary message sending since current method is basically based on black or white list mechanism. According to the specification description, an application is said to be a privileged application if the origin installing the application is trusted by the UA and the origin installing the application considers the application to be trustworthy. Moreover, it is a hard and time-consuming work to review the code of an application before it gets the trustworthy of installation origin, not to mention the possibility of frequent software updating.

We’d like to propose two methods and expect more feedback about the feasibility of adding these functions, to improve the security when invoking some economic related APIs such as SMS.

1.                Notification would be provided while top-level applications want to send messages by calling the SMS API. Users may authorize the application to send a single message or deal the permission in batch processing mode, which means that the user has the right to define how many messages could be send out at most each time. The OS then generates only the exact or less number of messages for the application instance as constraint before.

2.                A more complex solution is to cooperate with the SMS gateway device. Actually, this is a post-detection way to estimate whether the application has the malicious behavior of SMS API abusing. After message sending each time, the API would immediately make a request to fetch the actual message number has been sent from network gateway. Warning should be made if the SMS gateway transmitted much more messages than user expectation.


[1] Runtime and Security Model for Web Applications (W3C Editor's Draft 09 May 2013) http://www.w3.org/2012/sysapps/runtime/


Best Regards,
-------
Xin Sun
China United Network Communications Group Company Limited
Email: sunx5@chinaunicom.cn<mailto:sunx5@chinaunicom.cn>

Received on Sunday, 25 August 2013 18:01:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:36:14 UTC