WebAPI/Security/WebUSB: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Name of API: WebUSB API Reference:<br> https://wiki.mozilla.org/WebAPI/WebUSB<br> https://bugzilla.mozilla.org/show_bug.cgi?id=674718 Brief purpose of API: Allow core (certifie...") |
|||
| Line 24: | Line 24: | ||
== Trusted (authenticated by publisher) == | == Trusted (authenticated by publisher) == | ||
Same as for installed | Same as for installed unauthenticated app | ||
== Certified (vouched for by trusted 3rd party) == | == Certified (vouched for by trusted 3rd party) == | ||
Revision as of 13:10, 25 June 2012
Name of API: WebUSB API
Reference:
https://wiki.mozilla.org/WebAPI/WebUSB
https://bugzilla.mozilla.org/show_bug.cgi?id=674718
Brief purpose of API: Allow core (certified) apps to interact directly with USB devices General Use Cases:
Inherent threats:
- Theft of sensitive data
- Device compromise (mounting of device USB filesystem)
Threat severity: Critical
Regular web content (unauthenticated)
Use cases for unauthenticated code: None
Authorization model for normal content: None
Authorization model for installed content: None
Potential mitigations: N/A
Trusted (authenticated by publisher)
Same as for installed unauthenticated app
Certified (vouched for by trusted 3rd party)
Use cases for certified code: Configure, enable/disable USB devices. Interact with USB devices.
Authorization model for normal content: Implicit