Here is a work in progress Mindmap on all threats to the secure browsing process. It purports to be an attack tree, which is a technique to include and categorise all possible threats to a process. It is one possible aid to constructing a threat model, which latter is a required step to constructing a security model. The mindmap supports another work in progress on threat modelling for secure browsing.
This work was inspired by the Mozilla project's new policy on new CAs, coordinated by Frank Hecker. Unpublished as yet, it forms part of the controversial security debate surrounding the CA model.
( To recap: the secure browsing security model uses SSL as a protocol and the Certificate Authority model as the public key authentication regime, all wrapped up in HTTPS within the browser. Technically, the protocol and key regime are separate, but in practice they are joined at the hip, so any security modelling needs to consider them both together. SSL - the protocol part - has been widely scrutinised and has evolved to what is considered a secure form. In contrast the CA model has been widely criticised, and has not really evolved since its inception. It remains the weak link in security.
As part of a debate on how to address the security issues in secure browsing and other applications that use SSL/CA such as S/MIME, the threat model is required before we can improve the security model. Unfortunately, the original one is not much use, as it was a theoretical prediction of the MITM that did not come to pass. )
Posted by iang at May 16, 2004 10:10 AM | TrackBackSo MTM did not happen as far as anyone knows but Phishing did and that is the model to rework to. The fact that you are leveraging the the protocol in place should make it easier.
Perhaps the Phishing is not what you are working against?
Posted by: Jim at May 16, 2004 10:47 AMLOL ... yes, in a sense we are not working against Phishing, but the combined lethargy of the security community, which dogmatically asserts that the old ways were the right ways. It's only with the advent of phishing that the cracks in the old model are starting to be unavoidable. Phishing grew by 5 times in the last 5 months!
Posted by: Iang at May 16, 2004 10:59 AM