All security models call for a threat model; it is one of the key inputs or factors in the construction of the security model. Secure browsing - SSL / HTTPS - lacked this critical analysis, and recent work over on the Mozilla Browser Project is calling for the rectification of this. Here's my attempt at a threat mode for secure browsing, in draft.
Comments welcome. One thing - I've not found any doco on how a threat model is written out, so I'm in the dark a bit. But, ignorance is no excuse for not trying...
Posted by iang at February 26, 2004 09:23 PM | TrackBackIan,
I suggest you remove Ponzi's from your threat model. Fraud involves a misrepresentation made to motivate the victim to voluntarily hand over his goods under false expectations. This is not a browser-specific threat. There is nothing in the design of a browser than can protect someone from fraud. So it doesn't really belong in your list of threats for that paper...
Ken
Posted by: Ken Griffith at February 27, 2004 11:17 AMThanks.... it's in the Internet general threat section, rather than the specific browser section, but you may be right regardless, as it looks out of place. I'll think about that...
Posted by: Ian Grigg at February 27, 2004 11:18 AM