canmove, Confirmed users
1,220
edits
B2G App Security Model/Threat Model: Difference between revisions
Jump to navigation
Jump to search
B2G App Security Model/Threat Model (view source)
Revision as of 23:46, 19 March 2012
, 19 March 2012→Scope of this Document
Ptheriault (talk | contribs) |
Ptheriault (talk | contribs) |
||
| Line 10: | Line 10: | ||
== Scope of this Document == | == Scope of this Document == | ||
The goal of this document is to discuss the threats that the [[B2G]] Web App platform may face. | |||
The | The current proposal for B2G is that all "apps", will be [[Open Web Apps|Apps]], and this document seeks to list and discuss the threats which this model will need to address. At a high level, this model is: | ||
* All apps are websites, that are marked as trusted by the user through an install process | |||
* Installing will request permissions for an App, based on a trusted app store model | |||
* These permissions will allow the web page to access device functionality | |||
The key risks considered in this document are: | |||
*What scenarios might result in the compromise of sensitive phone functions? | |||
*How might untrusted code end up being trusted? | |||
*How might benign code be changed to be malicious? | |||
==Threats Summary== | ==Threats Summary== | ||