[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-rx] i029 - threat models
s/thread/threat/ (I need either more or less caffeine) > -----Original Message----- > From: Gilbert Pilz > Sent: Wednesday, August 24, 2005 12:28 PM > To: ws-rx@lists.oasis-open.org > Subject: [ws-rx] i029 - thread models > > What is the threat model around the current mechanism for > protecting the integrity of the sequence? I've tried to > reverse engineer a threat model; is the following accepted as > one of the threats against the integrity of the sequence? > > Threat: Attacker inserts messages into a sequence created by > another user. > > Attacker: Trusted co-user of system with target user. > > Motivation: Depends upon use case. Varies from a simple > denial of service to unauthorized insertion of specific data > into an application. > > Description: > > Alice and Bob have created sequences with a common service. > Bob has the ability to either accurately guess the ID and > current message number of Alice's sequence or Bob has the > ability to snoop Alice's messages and observe the ID and > current message number of Alice's sequence. Bob then proceeds > to manufacture messages that contain a sequence header with > Alice's sequence ID and the appropriate message number in > that sequence. > Since Bob is a trusted user of the system, these messages are > permitted by whatever security mechanisms are in place to > protect the service. > Once these messages arrive at the RMD, it processes them as > if they belonged to Alice's sequence. > > - g >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]