Re: ACTION-243 Propose link from note to threat trees from Johnathan Nightingale on 2007-06-27 (public-wsc-wg@w3.org from June 2007)

From: Johnathan Nightingale <johnath@mozilla.com>
Date: Wed, 27 Jun 2007 16:08:22 -0400
To: Thomas Roessler <tlr@w3.org>
Cc: W3C WSC Public <public-wsc-wg@w3.org>
Message-Id: <87465A3C-C5B9-44BE-8266-1CD2934BD66C@mozilla.com>

+1 to your duly-constrained suggestion.  Maybe people have additions/ 
subtractions from the actual list of threats but the idea, for me, is  
right.

Amending the note in this way gives rec authors something in the note  
to point to when they are answering specific (classes of) threats,  
and leaves the door open to more exhaustive/elaborate information in  
downstream publications.

Cheers,

J


On 27-Jun-07, at 12:36 PM, Thomas Roessler wrote:

>
> On 2007-06-25 09:12:42 -0400, Mary Ellen Zurko wrote:
>
>> We distinguish a number of properties in the basic use cases that we
>> address. We will be looking towards adding attack information as  
>> well,
>> potentially in the form of threat trees [ref
>> http://www.w3.org/2006/WSC/wiki/ThreatTrees].
>
> Here's an alternative proposal; note that this is not intended to
> reopen the "put in the threat trees or not" part.
>
> 	The use cases presented in this section can be organized by
> 	a number of properties.  Based on these use cases, there is
> 	work in progress to develop formal Threat Trees [REF], which
> 	is expected to be published formally along with the group's
> 	Recommendation Track deliverables.
> 	
> 	6.1 Use case properties
> 	
> 	[insert current 6.1-6.4 here as a numbered list, without
> 	second-level headings]
> 	
> 	6.2 Threat dimensions
>
> 	The following high-level threats will be considered in the
> 	Group's work.
>
> 	1. Luring Attacks - luring a user to the wrong site so that
> 	he connects to an address not owned by theparty he believes
> 	it to be owned by.
> 	
> 	2. Site Impersonation Attacks - an attack in which the
> 	attacker attempts to mimic someone else's website. Potential
> 	goals include credential theft (e.g. password theft), theft
> 	of other private information from user (bank account and
> 	routing numbers), or forging information sent to user (e.g.
> 	fake news story that will cause user to buy or sell stock).
> 	
> 	3. Cross-site request forgery - causing a user to
> 	unwittingly send, to a legitimate site, a request containing
> 	data that he/she would not otherwise intend to send (e.g. to
> 	perform an action that he/she did not intend to take).
> 	
> 	4. Network-based eavesdropping- a passive attack in which
> 	the attacker collects network traffic and reads the data
> 	sent between the client and the website. Potential goals
> 	include session hijacking (e.g. stealing a session cookie),
> 	credential theft (e.g. password theft), theft of other
> 	private information from user (bank account and routing
> 	numbers)
> 	
> 	6.3 Scenarios
> 	
> 	[current 6.5]
>
> Attentive readers will notice that this enumeration leaves out
> cross-site-scripting, per section 5.9 of the note.
>
>
> -- 
> Thomas Roessler, W3C  <tlr@w3.org>
>

---
Johnathan Nightingale
Human Shield
johnath@mozilla.com

Received on Wednesday, 27 June 2007 20:08:55 UTC