177
edits
B2G App Security Model/Threat Model: Difference between revisions
B2G App Security Model/Threat Model (view source)
Revision as of 00:25, 23 March 2012
, 23 March 2012→Potential Countermeasures
| Line 60: | Line 60: | ||
** Security of web application and server could be under direct control of the store (e.g. a Telco which hosts its own apps) | ** Security of web application and server could be under direct control of the store (e.g. a Telco which hosts its own apps) | ||
** Contractual controls with third parties | ** Contractual controls with third parties | ||
* In the case of people-based (GPG-based) security, the concept of a compromised server (a mirror) does not actually exist: it is merely an inconvenience (waste of bandwidth to users) until such time as the compromised mirror is taken offline. In people-base (GPG-based) security, the individual user's devices must themselves be compromised, and the GPG public key(s) entirely replaced or added to: only then may the application be replaced with a rogue one. | |||
** This assumes that the underlying OS itself (Linux Kernel etc.) has not been compromised such that the entire permissions system can be subverted | |||
* As described in [[Apps/Security#The_Problem_With_Using_SSL]], a CSP policy instantly makes any application vulnerable to take-down notices or network outage. | |||
=== App Host Compromise=== | === App Host Compromise=== | ||
Similar to the vulnerable web application case – a compromised server hosting a Web App would allow the attacker to execute actions on the phone with the permission of the compromised Web App. | Similar to the vulnerable web application case – a compromised server hosting a Web App would allow the attacker to execute actions on the phone with the permission of the compromised Web App. | ||