Re: ACTION-243 Propose link from note to threat trees from Thomas Roessler on 2007-06-27 (public-wsc-wg@w3.org from June 2007)

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 27 Jun 2007 09:36:30 -0700
To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Cc: public-wsc-wg@w3.org
Message-ID: <20070627163630.GT3529@raktajino.does-not-exist.org>

On 2007-06-25 09:12:42 -0400, Mary Ellen Zurko wrote:

> We distinguish a number of properties in the basic use cases that we 
> address. We will be looking towards adding attack information as well, 
> potentially in the form of threat trees [ref 
> http://www.w3.org/2006/WSC/wiki/ThreatTrees]. 

Here's an alternative proposal; note that this is not intended to
reopen the "put in the threat trees or not" part.

	The use cases presented in this section can be organized by
	a number of properties.  Based on these use cases, there is
	work in progress to develop formal Threat Trees [REF], which
	is expected to be published formally along with the group's
	Recommendation Track deliverables.
	
	6.1 Use case properties
	
	[insert current 6.1-6.4 here as a numbered list, without
	second-level headings]
	
	6.2 Threat dimensions

	The following high-level threats will be considered in the
	Group's work.

	1. Luring Attacks - luring a user to the wrong site so that
	he connects to an address not owned by theparty he believes
	it to be owned by.
	
	2. Site Impersonation Attacks - an attack in which the
	attacker attempts to mimic someone else's website. Potential
	goals include credential theft (e.g. password theft), theft
	of other private information from user (bank account and
	routing numbers), or forging information sent to user (e.g.
	fake news story that will cause user to buy or sell stock).
	
	3. Cross-site request forgery - causing a user to
	unwittingly send, to a legitimate site, a request containing
	data that he/she would not otherwise intend to send (e.g. to
	perform an action that he/she did not intend to take).
	
	4. Network-based eavesdropping- a passive attack in which
	the attacker collects network traffic and reads the data
	sent between the client and the website. Potential goals
	include session hijacking (e.g. stealing a session cookie),
	credential theft (e.g. password theft), theft of other
	private information from user (bank account and routing
	numbers)
	
	6.3 Scenarios
	
	[current 6.5]

Attentive readers will notice that this enumeration leaves out
cross-site-scripting, per section 5.9 of the note.


-- 
Thomas Roessler, W3C  <tlr@w3.org>

Received on Wednesday, 27 June 2007 16:36:35 UTC