I don't disagree with anything you say, though keep in mind we have been working on apps for over a year now. So much design and discussion has been happening (mozilla.dev.webapps), and at this point my goal is to corral all that thinking into a cohesive security model. Lucas.
On Mar 23, 2012, at 6:51 AM, ianG wrote: > On 23/03/12 17:45 PM, Lucas Adamski wrote: >> Thank you all for participating in the B2G security discussion so far. >> While the "uber-thread" has resulted in some very useful and creative >> discussion, it is clearly difficult to analyze such a complex model >> thoroughly without putting some more structure in place. As such, we should >> break up this conversation to focus on each layer of the security model at >> at time, coming to a specific proposal before moving onto the next layer to >> ensure we establish a solid foundation for discussion. >> >> As such after talking to Jonas and Andreas, I propose we talk through the >> following layers of the security model in order: >> >> 1) Get agreement on different "types" of applications > > > Yes please. In the security world we might call this "the business" or "the > context." Without some solid ground here, we're liable to spin off into > space. > > Then, out of the business, we extract requirements. The security design must > meet these requirements. > > >> (roughly corresponding to groupings of privileges organized by risk) > > (point of order - privileges assumes a design, and risk assumes a risk > analysis.) > >> 2) Talk through risks of each WebAPI and determine which of the above >> type(s) it belongs to (and whether access to it would be implicit or >> explicit) >> 3) Determine security implications and mitigations for each application type >> (CSP, HSTS++, CA pinning, signing, whatever) >> 4) Discuss the app lifecycle: >> a) publish >> b) install >> c) update >> d) revoke >> 5) OS security risks and mitigations >> 6) Review security model and compare against threat model > > ...against requirements. > > >> The goal is to do a full pass through this conversation in 2 weeks. >> Obviously if new data emerges we might revisit previous decisions, but it'll >> be more productive if we can stake down some positions throughout the >> process and build upon them. > > It generally takes me 1 - 3 months to lay out all the requirements. And 1-3 > weeks to do the solution, which is the easy part :) Oh, and the coding, same. > > >> I'm sending out the first phase (application types) after this email. > > thanks > > iang > _______________________________________________ > dev-security mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
