Re: WebAPI Security Discussion: Sensor API

Mon, 04 Jun 2012 05:16:58 -0700

My main concern was side-channel attacks - there have been several papers released on sniffing passwords based on accelerometer information. Limiting access to the foreground only would be a elegant security solution to that specific threat. However on reflection, I think the permission depends on the type of sensor (or combination of sensors) being made available. Or is the point of this API that all sensors must be designed to be safe for untrusted web content? 




On 6/4/12 7:22 PM, Jonas Sicking wrote:

Why do we require explicit permission from uninstalled content?
Currently the orientation and acceleration sensors is available to all
uninstalled web pages in several browsers.

We even currently make these sensors available when content isn't
focused, though that's something I think we should fix.

/ Jonas

On Thu, May 31, 2012 at 4:06 AM, [email protected]
<[email protected]>  wrote:

"Final" proposal. Please reply-to [email protected] with any major 
issues.

On Wednesday, 9 May 2012 04:41:46 UTC+10, Lucas Adamski  wrote:

Please reply-to [email protected]

Name of API: Sensor API
Reference:
https://bugzilla.mozilla.org/show_bug.cgi?id=697361
http://dvcs.w3.org/hg/dap/raw-file/tip/sensor-api/

Brief purpose of API: Let apps access environmental sensor data gathered by 
devices.
General Use Cases: None

Inherent threats:Privacy

Threat severity: Moderate

== Regular web content (unauthenticated) ==
Use  cases for unauthenticated code: Monitor environmental sensor data like 
temperature, barometer,  magnetic field,
Authorization model for normal content: Explicit
Authorization model for installed content: Implicit
Potential mitigations: Only available to top-level content while focused

== Trusted (authenticated by publisher) ==
Use cases for authenticated code: Same
Use cases for trusted code: Implicit
Potential mitigations:

== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code:
Backlight Dimming based on ambient light
Screen-off based on proximity
Authorization model: Implicit
Potential mitigations:

Note: Many device sensor and motion use cases already covered by 
DeviceOrientation / DeviceMotion API 
(http://dev.w3.org/geo/api/spec-source-orientation.html)

_______________________________________________
dev-webapps mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-webapps

_______________________________________________
dev-webapps mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-webapps






















					Reply via email to