- From: Artur Janc <aaj@google.com>
- Date: Wed, 16 May 2018 01:24:03 +0200
- To: WebAppSec WG <public-webappsec@w3.org>
- Message-ID: <CAPYVjqr4MgwgskKEP87vnrLWOd=OmqFX0RkidmQqOpcWXgPrCA@mail.gmail.com>
Hey WebAppSec, We've recently had interesting discussions about various mechanisms to restrict cross-origin resource loads (CORB, From-Origin, Sec-Metadata, Cross-Origin-Isolate) in the context of Spectre. One issue that these threads touched upon, but didn't go into much detail about, is the threat model in which these mechanisms exist, i.e. what vulnerabilities they hope to address. To analyze this in more detail, Mike and I put together a doc to review the major known types of cross-origin information leaks, and outline how the recent proposals fare against them: https://docs.google.com/document/d/1cbL-X0kV_tQ5rL8XJ3lXkV-j0pt_CfTu5ZSzYrncPDc/edit (opened up for public comments; I also uploaded a PDF here <https://www.arturjanc.com/cross-origin-infoleaks.pdf> in case that's easier to read) My main takeaway from putting this together is that it may be valuable to provide developers with general mechanisms that allow them to protect against the larger issue of cross-origin attacks, rather than focus on the specific threat of Spectre. I hope that the doc gives some useful context for why this is a problem worth solving, and outlines a path forward, both when it comes preventing speculative execution attacks, and addressing one of the major long-standing classes of vulnerabilities we've had on the web. This is kind of an exciting prospect, so I'd appreciate it if y'all could take a look! Cheers, -Artur
Received on Tuesday, 15 May 2018 23:24:38 UTC