W3C

Web User Interaction: Threat Trees

Editor's Draft 1 November 2007

$Revision: 1.20 $ $Date: 2008/07/10 15:15:07 $

This version:
http://www.w3.org/TR/2007/NOTE-wsc-threats-20071101/
Latest version:
http://www.w3.org/TR/wsc-threats/
Editor:
Thomas Roessler, W3C

Abstract

This Note includes threat trees used to analyze the threats that the [WSC-XIT] responds to. It is a companion document to [WSC-USECASES].

Status of this Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.

This document is published as a companion document to [WSC-USECASES], to make some of the group's analysis available to a larger public.

This document was developed by the Web Security Context Working Group.

The content of this document is mostly analytic. This document is published as a snapshot, and may be updated and changed as needed when the Working Group's analysis develops further.

Please send comments about this document to public-usable-authentication@w3.org (with public archive).

Publication as a Working Group Note does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

Table of Contents

1 Overview
2 Acknowledgements
3 References


1 Overview

This document includes a high-level analysis of threats faced in common Web usage scenarios.

In the analysis, high-level threats are decomposed into the vulnerabilities that can be used by an attacker to realize that threat. These vulnerabilities can be met by countermeasures, which can in turn have vulnerabilities of their own, and so on.

For example, to lure a user to a site that is controlled by an attacker, the attacker might use DNS spoofing (or similar techniques) to divert the user to a site of the attacker's choice. As a countermeasure, TLS could be deployed. If that countermeasure is in place, an attacker can try to obtain a certification authority to issue a certificate that can be used as part of an attack.

For a more extensive introduction of the process, see chapter 4, Threat Modeling, of [SECURECODE].

<xi:include></xi:include>

2 Acknowledgements

The material in this note was created by Tyler Close, Rachna Dhamija, Johnathan Nightingale, and Stuart Schechter.

3 References

CSRF
Cross-Site Request Forgery, Wikipedia entry, retrieved on 15 October 2007. Available at http://en.wikipedia.org/wiki/Cross-site_request_forgery.
MSPWORM
Technical explanation of the MySpace Worm, anonymous, retrieved on 15 October 2007. Available at http://namb.la/popular/tech.html .
SECURECODE
Writing Secure Code, M. Howard, D. LeBlanc. 2nd edition, Microsoft Press 2003.
WSC-USECASES
Web Security Experience, Indicators and Trust: Scope and Use Cases, T. Close, Editor, (work in progress), 06 March 2008. This version is http://www.w3.org/TR/2007/WD-wsc-usecases-20080306/. The latest version is available at http://www.w3.org/TR/wsc-usecases/ .
WSC-XIT
Web Security Context: Experience, Indicators, and Trust, T. Roessler, A. Saldhana, Editors, Editor's Draft (work in progress), 3 April 2008. This version is http://www.w3.org/TR/2008/WD-wsc-xit-20080403/. The latest version is available at http://www.w3.org/TR/wsc-xit/ .
XSS
Cross Site Scripting, Wikipedia entry, retrieved on 15 October 2007. Available at http://en.wikipedia.org/wiki/Cross_site_scripting.