177
edits
B2G App Security Model/Threat Model: Difference between revisions
B2G App Security Model/Threat Model (view source)
Revision as of 00:39, 23 March 2012
, 23 March 2012→Potential Countermeasures
| Line 95: | Line 95: | ||
** Prevent loading of remote scripts for critical apps | ** Prevent loading of remote scripts for critical apps | ||
** Prevent loading of remote content | ** Prevent loading of remote content | ||
** I.e. enforce a CSP policy on critical Web Apps | ** I.e. enforce a CSP policy on critical Web Apps | ||
* Subdivision of applications using UNIX "spawn" techniques (fork followed by exec) | |||
** "spawn" is the only safe way to completely isolate applications from compromise | |||
** fork alone is '''NOT''' sufficient. '''any application which uses fork must consider the entire process tree to be vulnerable to compromise'''. | |||
** SE/Linux works most effectively on top of "spawing". | |||
** Inter-process Communication between exec'd applications can reunite them seamlessly at an appropriate API level, using COM (marshalling/unmarshalling of serialised data sent over inter-process sockets to reconstruct function parameters and return results), JSONRPC or other RPC mechanism. | |||
===Malicious Web App=== | ===Malicious Web App=== | ||
A user installs an application that turns to be malicious. The are many different ways this could occur: | A user installs an application that turns to be malicious. The are many different ways this could occur: | ||