177
edits
B2G App Security Model/Threat Model: Difference between revisions
Jump to navigation
Jump to search
B2G App Security Model/Threat Model (view source)
Revision as of 00:29, 23 March 2012
, 23 March 2012→App Host Compromise
| Line 67: | Line 67: | ||
=== App Host Compromise=== | === App Host Compromise=== | ||
Similar to the vulnerable web application case – a compromised server hosting a Web App would allow the attacker to execute actions on the phone with the permission of the compromised Web App. | Similar to the vulnerable web application case – a compromised server hosting a Web App would allow the attacker to execute actions on the phone with the permission of the compromised Web App. | ||
('''NOTE: THIS IS AN ASSUMPTION. The assumption in this case is that SSL (or other host-based PKI security) is to be deployed instead of GPG/PGP (or other people-based PKI security). in people-based PKI security, SERVER COMPROMISE IS IRRELEVANT. unless the store owner has been foolish enough to disregard basic security practices regarding keeping GPG private keys off of public-facing servers''') | |||
====Potential Countermeasures==== | ====Potential Countermeasures==== | ||
* Controls are largely the same as for vulnerable web applications - see above. | * Controls are largely the same as for vulnerable web applications - see above. | ||