Re: [compute-pressure] Specify what kind of attacks are considered and addressed (#204) from Anssi Kostiainen via GitHub on 2023-05-19 (public-device-apis-log@w3.org from May 2023)

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Fri, 19 May 2023 11:30:53 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-1554437969-1684495851-sysbot+gh@w3.org>

@pes10k thanks for the proposal. I'm supportive of adding an informative section to document known attacks/threats followed by mitigations section that maps to the threats. This would be content that informatively summarizes the attacks/threats and their mitigations and complements the normative spec algorithms that incorporate these mitigations.

To get an idea how to structure this, we could section this similarly to what was done for sensors: [types of privacy and security threats](https://www.w3.org/TR/generic-sensor/#main-privacy-security-threats) followed by [mitigation strategies](https://www.w3.org/TR/generic-sensor/#mitigation-strategies). (Another example from a slightly different area is the [register of risks and mitigations](https://www.w3.org/TR/webmachinelearning-ethics/#register-of-risks-and-mitigations) we started as part of the Ethical Principles for Web Machine Learning effort.)

Re preciseness, let me come up with a hand-wavy proposal to get your feedback on the appropriate level of detail. Let's call this one "pressure-monitoring attack":

>Pressure-monitoring attack is a theoretical side-channel attack that makes use of the uniqueness of the pressure state pattern (e.g. "serious" → "critical" → "nominal") that can be formed when a specific workload is executed on a specific system. In this theoretical attack, two co-operating websites A and B execute the same workload and attempt to correlate the two state patterns formed to identify whether the same system is used to visit both the websites. This attack requires the website A and B to be able to exchange messages, for example, by means of cross-document messaging. The attack also requires an environment void of disturbances that do not alter the pressure state during the execution of the specific workload.

If this format resonates I can start a PR to reorganize the security and privacy considerations accordingly and the editors can them start to fill in the blanks if any.

-- 
GitHub Notification of comment by anssiko
Please view or discuss this issue at https://github.com/w3c/compute-pressure/issues/204#issuecomment-1554437969 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 19 May 2023 11:30:55 UTC