Copyright © 2007 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark and document use rules apply.
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.
This document is published as a companion document to [WSC-USECASES], to make some of the group's analysis available to a larger public.
This document was developed by the Web Security Context Working Group.
The content of this document is mostly analytic. This document is published as a snapshot, and may be updated and changed as needed when the Working Group's analysis develops further.
Please send comments about this document to public-usable-authentication@w3.org (with public archive).
Publication as a Working Group Note does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.
This document includes a high-level analysis of threats faced in common Web usage scenarios.
In the analysis, high-level threats are decomposed into the vulnerabilities that can be used by an attacker to realize that threat. These vulnerabilities can be met by countermeasures, which can in turn have vulnerabilities of their own, and so on.
For example, to lure a user to a site that is controlled by an attacker, the attacker might use DNS spoofing (or similar techniques) to divert the user to a site of the attacker's choice. As a countermeasure, TLS could be deployed. If that countermeasure is in place, an attacker can try to obtain a certification authority to issue a certificate that can be used as part of an attack.
For a more extensive introduction of the process, see chapter 4, Threat Modeling, of [SECURECODE].
The material in this note was created by Tyler Close, Rachna Dhamija, Johnathan Nightingale, and Stuart Schechter.