RE: ACTION 215: Revisit threat trees from Doyle, Bill on 2007-06-12 (public-wsc-wg@w3.org from June 2007)

From: Doyle, Bill <wdoyle@mitre.org>
Date: Tue, 12 Jun 2007 14:40:02 -0400
To: "Rachna Dhamija" <rachna.public@gmail.com>, <public-wsc-wg@w3.org>
Message-ID: <518C60F36D5DBC489E91563736BA4B5801814AD8@IMCSRV5.MITRE.ORG>

Sorry for the delay.
 
M2C is that threats due to a flaws in code, OS, network or application
design should be separated from vulnerabilities due to limitations of
the environment itself. Threats due to flaws in code and in use by OS,
network, User Agent, GUI are often fixed or due to be fixed by a patch.
Since many of the vulnerabilities are out of scope, maybe the WSC WG
could decide on a subset of test that are important and priority of the
tests to run. It could be interesting to see if a specific
recommendation enables a user to retain a secure posture in the event
of DNS poisoning, but is this the first test that should be run?
 
Bill D.
 
 
 
 



________________________________

	From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Rachna Dhamija
	Sent: Monday, June 04, 2007 7:55 PM
	To: public-wsc-wg@w3.org
	Subject: ACTION 215: Revisit threat trees
	
	
	It would be helpful if people could look over the threat trees
before or during the next call:
	http://www.w3.org/2006/WSC/wiki/ThreatTrees
	
	I modified the tree to add some attacks that are in scope but
were not reflected.  One source of confusion was that the section
previously labeled "site-impersonation attacks" only listed techniques
to lure users to the wrong website ( e.g., sending a link in email),
rather than site-impersonation attacks themselves (e.g. chrome
spoofing).   Luring and site-impersonation attacks are now in separate
sections.  If you disagree with anything here, please edit the wiki!  
	
	As we discussed at the F2F, we still need to: 
	- determine how to integrate threats with the use cases (Rachna
and Johnathan think that use cases and threats are independent and
don't need to be integrated. Tlr may disagree). 
	- add references to evidence of actual attacks and
vulnerability databases (as suggested by Stephen F and seconded by
Rachna)
	- add any missing attacks (so far, only Yngve has reviewed and
added attacks)
	- make the terminology more formal and distinguish
vulnerabilities, risks, threats and exploits (as suggested by PHB) 
	- decide what to do with out of scope attacks (include them or
not)
	
	I am closing out this action, though I expect that related
actions will be assigned during the next call.
	
	Rachna

Received on Tuesday, 12 June 2007 18:40:21 UTC