:pauljt's question about certified app debugging made me wonder if we
have any formal-ish descriptions of the threat/attack models for Firefox
OS. I particularly am interested because it seems like discussions
about complicated issues like this frequently end up going in circles
because people are trying to cobble mental models together from email
responses. (ex: I think the "Add-on File Registration PRD" discussion
at
https://groups.google.com/d/msg/mozilla.dev.planning/zLwLNyWm7es/n85wjv5DJ1QJ
would have gone much better with a representation of the attack-defense
tree and indication of which choices were discarded because the attacker
already has a valid counter-attack.)
And in some cases I think visually expressing the key assumptions that
underlie a lot of our protections can be helpful. For example, in the
recent dev-gaia thread on "App badges via notifications", it seemed to
be proposed to let apps dynamically change their icon
(https://groups.google.com/d/msg/mozilla.dev.gaia/sHFTy6m8va8/g7-V19YusgEJ).
But it's my understanding that much of our defense against rogue apps is
that they are unable to change their name or icon. Being able to easily
see at a glance that defeating a morphing impersonation attack is or is
not critical to us would be handy. (And a hyperlink to a wiki from the
graph node that discusses the trade-offs would be super handy!)
I've just tried to bring myself up to speed on this a little bit, and it
seems like the http://satoss.uni.lu/projects/atrees/index.php project's
research and papers on Attack Trees are particularly interesting[1].
Most important, this library of trees has graphical examples in .pdf
form: http://satoss.uni.lu/projects/atrees/library.php
I suggest starting with a look at
http://satoss.uni.lu/projects/atrees/trees/confidentiality.pdf since it
has a defense node as a root and I like it.
There's a recent survey paper on attack/defense modeling that seems to
cover the very large field:
http://satoss.uni.lu/members/barbara/papers/survey.pdf
The paper on Attack-Defense trees:
http://satoss.uni.lu/members/barbara/papers/ADT12.pdf
Slides for those who experience academic paper-blindness or just like
bullet points: http://satoss.uni.lu/members/barbara/papers/slides.pdf
There's also a GPL3 tool implemented in Java at
http://satoss.uni.lu/members/piotr/adtool/, although unless one cares
about the math aspects it seems like one could probably accomplish the
diagram goals without involving Java
Thanks!
Andrew
1: Note that the specific funded effort seems to have ceased and for
more recent papers you'll need to see what the authors like
http://satoss.uni.lu/members/barbara/publications.php are up to.
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
