February 26, 2004
Browser Threat Model
All security models call for a threat model; it is one of the key inputs or factors in the construction of the security model. Secure browsing - SSL / HTTPS - lacked this critical analysis, and recent work over on the Mozilla Browser Project is calling for the rectification of this. Here's my attempt at a threat mode for secure browsing, in draft.
Comments welcome. One thing - I've not found any doco on how a threat model is written out, so I'm in the dark a bit. But, ignorance is no excuse for not trying...
Posted by iang at February 26, 2004 09:23 PM
I suggest you remove Ponzi's from your threat model. Fraud involves a misrepresentation made to motivate the victim to voluntarily hand over his goods under false expectations. This is not a browser-specific threat. There is nothing in the design of a browser than can protect someone from fraud. So it doesn't really belong in your list of threats for that paper...
Thanks.... it's in the Internet general threat section, rather than the specific browser section, but you may be right regardless, as it looks out of place. I'll think about that...