Re: [securityig] Work Item: Threat Modeling Guide (TMG) (#17) from Simone Onofri via GitHub on 2025-06-02 (public-security@w3.org from June 2025)

From: Simone Onofri via GitHub <noreply@w3.org>
Date: Mon, 02 Jun 2025 10:53:22 +0000
To: public-security@w3.org
Message-ID: <issue_comment.created-2930029367-1748861601-noreply@w3.org>

Hi @TomCJones, in the context of the Threat Modeling Guide, we are drawing inspiration from [RFC 3552](https://datatracker.ietf.org/doc/html/rfc3552) - already linked in the [Security and Privacy Questionnaire](https://www.w3.org/TR/security-privacy-questionnaire/#considerations) - which in section 3 has a small Threat Model (Threats) for the Internet.

And  we are designing a Threat Model for the Web, also to provide a boilerplate for spec developers so that a Web API can be easily added and its threats assessed.

@jandrieu and I are considering whether to have more boilerplates that serve slightly different purposes, considering that “all models are wrong, some are useful” from statistician George Box (1976), quoted by Shostack (2014)

### Web APIs

For example, an intermediate-level [Threat Model for the Web like this one](https://github.com/simoneonofri/threat-model-web/blob/main/index.md), a simpler one, and a more in-depth one to study various issues (e.g.,: what happens if a Web API is loaded within an `iframe`, or if you try to access it in a certain way).

### File formats

Having also carried out a Security Review of Verifiable Credentials Data Model, in this case we are talking about a file format, which may also be displayed in a browser, and which potentially has a Threat Model (Threats) for the File Format, currently structured as follows:
Threat Model for the file format:
- **PLS**: Parsing/Loading/Serializing
- **CD**: Compression/Decompression
- **EEC**: Embed Executable Code (e.g., scripts)
- **LER**: Links and external resources
- **MM**: Metadata manipulation
- **DI**: Data Integrity

Another good example of file formats is [ePub](https://www.w3.org/TR/epub-33/#epub-threat-model).

### Protocols

In relation to protocols, a good starting point is definitely [RFC 3552 - Section 3](https://datatracker.ietf.org/doc/html/rfc3552#section-3).

### Cryptography

Other elements include cryptography, on which Patrick has developed several interesting points.

-- 
GitHub Notification of comment by simoneonofri
Please view or discuss this issue at https://github.com/w3c/securityig/issues/17#issuecomment-2930029367 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 2 June 2025 10:53:23 UTC