OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-rx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: i029 - thread models


What is the threat model around the current mechanism for protecting the
integrity of the sequence?  I've tried to reverse engineer a threat
model; is the following accepted as one of the threats against the
integrity of the sequence?

Threat: Attacker inserts messages into a sequence created by another
user.

Attacker: Trusted co-user of system with target user.

Motivation: Depends upon use case. Varies from a simple denial of
service to unauthorized insertion of specific data into an application.

Description:

Alice and Bob have created sequences with a common service. Bob has the
ability to either accurately guess the ID and current message number of
Alice's sequence or Bob has the ability to snoop Alice's messages and
observe the ID and current message number of Alice's sequence. Bob then
proceeds to manufacture messages that contain a sequence header with
Alice's sequence ID and the appropriate message number in that sequence.
Since Bob is a trusted user of the system, these messages are permitted
by whatever security mechanisms are in place to protect the service.
Once these messages arrive at the RMD, it processes them as if they
belonged to Alice's sequence.

- g


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]