Confirmed users
717
edits
Security/ProcessIsolation/ThreatModel: Difference between revisions
Security/ProcessIsolation/ThreatModel (view source)
Revision as of 05:42, 23 September 2009
, 23 September 2009→Cross-domain Compromise
| (2 intermediate revisions by the same user not shown) | |||
| Line 36: | Line 36: | ||
*theft of local and network files via file:// and related schemes | *theft of local and network files via file:// and related schemes | ||
*theft of local data via direct access to database or database files | *theft of local data via direct access to database or database files | ||
==== Assets at Risk ==== | |||
* local files, registry entries, etc. | |||
* network files (NFS, SMB) | |||
* intranet servers / services | |||
==Cross-domain Compromise== | ==Cross-domain Compromise== | ||
| Line 47: | Line 52: | ||
*A compromised process could persist after navigating to a different FQDN | *A compromised process could persist after navigating to a different FQDN | ||
*Overwrite cached content | *Overwrite cached content | ||
====Assets at Risk==== | |||
*Cookies and other session tokens | |||
*Saved passwords | |||
*Web content and data | |||
*Cache | |||
==Cross-domain Data Theft== | ==Cross-domain Data Theft== | ||
| Line 113: | Line 124: | ||
Plugins are not planned to be sandboxed yet, since they require their own broker architecture, mostly due to challenges around: | Plugins are not planned to be sandboxed yet, since they require their own broker architecture, mostly due to challenges around: | ||
* filesystem access (file uploads, downloads, media playback) | |||
* auto-update | |||
* potentially registry and network access (binary sockets, etc) - or allow them unlimited access | |||
==General pitfalls== | ==General pitfalls== | ||