Initial SysApps Security Model Brainstorming
Comments
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
$
%
123
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
|
 
Still loading...
ABCDEFGHIJKLMNOPQ
1
RequirementDescriptionSourceImplications
2
Alarm APIApplications can create alarms, notifying usersSysApps Charter
3
Contacts APIApps can add, remove and edit contactsSysApps Charter
4
Messaging API Apps can send, receive and view SMSSysApps Charter
5
Telephony APIApps can access the telephony capabilities of the underlyling platform: dial a number, pick up a call, route to voicemail, access the call logSysApps Charter
6
Raw Sockets APIApps can create, manipulate and listen for low-level TCP and UDP connectionsSysApps Charter
7
HTML5Applications consist of HTML, CSS and JavaScript
8
LocationApplications have access to geolocation data
9
Communicate with other applicationsApplications can communicate with other applicationsSome kind of messaging will be supported
10
Communicate with pre-defined endpointsApplications can communicate with pre-defined web addressesAccess remote domains will be possible
11
Valid across multiple platformsApplications can run on any conformant platform, potentially including any device form factorCompatibility of application packages
12
Access control logAllow access control decisions can be logged.webinos
13
API access rationaleApplications shall be able to explain why access to data or APIs is being requested.webinos
14
Application capability restrictionApplications shall access only its specified device features, extensions and content.webinos
15
Application intentApplications shall specify its required functionality at install time or during updates.webinos
16
Application isolationApplications shall be isolated from each other.webinos
17
Application policy approvalChanges to existing application intentions and permissions shall be approved by the end user.webinos
18
Authenticity checkBefore being installed or updated, origin authenticity and integrity checks shall be performed by the runtimewebinos
19
Certifier listThe list of authorities that certified an application shall be viewable by end-users.webinos
20
Confidential credentials storageThe webinos runtime shall support the confidential storage of user credentials.webinos
21
Credentials access restrictionAccess to credentials storage shall be limited to a specific user, a specific device and a set of applications.webinos
22
Data management rationaleapplications shall be able to explain how collected sensitive data will be managed.webinos
23
Default policyA default security and privacy policy shall exist an be enforced on each conformant runtimewebinos
24
Device-identity bindingPersonal devices shall be bound to their owner's identities.webinos
25
Device-identity binding revokationThe binding between personal devices and owner's identity shall be revokable.webinos
26
Hierarchical policy enforcementRuntimes can enforce multiple access control rules written by multiple stakeholders in a hierarchy.webinos
27
Secure cacheData cached by a runtime shall be securely stored to prevent disclosure and tampering by unauthorised entitites.webinos
28
Secure storageApplication data shall be securely stored to prevent disclosure and tampering by unauthorised entities.webinos
29
Trusted application sourceWhen installing or using an application for the first time, the runtime shall establish that the user trusts the source of the application.webinosApps must have provenance data attached to them
30
App stores can revoke applicationsAn app store needs to be able to approve an application, implying they can verify the permissions, integrity and authenticity of the app
B2G - https://wiki.mozilla.org/B2G_App_Security_ModelApp permissions can be changed remotely
31
External trusted party can set app default permissionsB2G: "App store must be able to set the default permissions for an app".Extrapolated from B2G - https://wiki.mozilla.org/B2G_App_Security_ModelThe user is not the only source of access control decisions. this also suggests a need for conflict resolution.
32
InstallationApplications must be installed before executedB2G, webinos
33
Owner overrideThe device owner must be able to override app settings and permissions (this may not be the user, but a corporate, for example)B2G (user), webinos (user)Access control settings must be changeable
34
App privilege visibilityApps should be able to discover their privileges and degrade gracefully in a limited privilege environmentB2G - https://wiki.mozilla.org/B2G_App_Security_ModelThere must be a standard way for applications to identify the permissions they have and lack
35
Permission usabilityApps should be able to discover their privileges and degrade gracefully in a limited privilege environmentB2G - https://wiki.mozilla.org/B2G_App_Security_Model
36
Immunity to browser-based threatsApps should not be vulnerable to common web vulnerabilities when granted significant privilegesB2G - https://wiki.mozilla.org/B2G_App_Security_ModelNon-browser security context: may be additional restrictions on HTML/JavaScript
37
Pre-installed app permissionsAbility to grant trust for certain highly sensitive privileges (such as phone dialing) may be restricted at the OS level to specific trusted partiesB2G - https://wiki.mozilla.org/B2G_App_Security_ModelDifferent 'levels' apply to SysApps - possibly 'roles'
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
 
 
 
Requirements
Consolidated threats
User Expectations
Assets
Stakeholders
External: threat, vulnerability and risk data
External: webinos requirement data