SecurityEngineering/MeetingNotes/03-22-12

From MozillaWiki
Jump to: navigation, search

Updates

Lucas:

  • B2G - Security threat model discussion full of lots and lots of different points being brought up because participants all come from different backgrounds.
    • Threat: Memory Safety issues may lead to B2G apps basically leading to owning the whole device (Depending on the actual implementation, but yeah, it could happen.) Different from other mobile platforms, and those are the standards to which we'll be upheld.
    • Want to break this massive, general discussion into multiple sub-discussions and use an approach to focus multiple discussions and tie them together.
      • This will result in defining requirements and limits (explicit/implicit privs) for each of the categories of apps.
      • Involves looking at each of the web apis and bucketing them since there will be different buckets of "threatness". (e.g., implicit phone dialers vs user-initiated or authorized dialing -- different threats). And then identifying characteristics and required mitigations for apps that use these permissions.
      • Next, must look at the application lifecycle so we can identify and minimize threats during the lifecycle of app development/deployment/use.
      • Also need to look at threat model for the OS itself.
    • Once we iterate through this threat model and come up with a plan, we write up a proposal and compare to other systems. This will involve re-calibration at many points, of course, but little tweaks instead of massive respinning of the threat modeling exercise.
  • SSL efforts will get combined onto the roadmap.

Camilo:

  • Organized Tor (and other add-on) support roadmap (https://wiki.mozilla.org/Privacy/Roadmap/Tor) and are hitting all the P1s now.
  • Have been racking brain trying to get "Hide Screen Size" to work well without leaking window or actual screen sizes to webapps.
    • End up picking a few "sets" of standard screen sizes and dumping you into the most relevant one.
  • Was at GEC (GENI workshop) to help promote foundation work on smart network apps (Ignite program: http://www.mozillaignite.org/)
  • Also working on PKI work
    • Solution must allow sites to keep working if CA dies or misbehaves
    • Must have no single point of failure
    • Also Mozilla must have more than "on/off" switch for CAs and trusted parties who are partially untrustworthy.
  • Spent lots of this week at a Honeynet workshop, will follow up with summary.
  • Sid feels like a Slacker. Yeah, I said it.
  • Camilo keeping CA pinning project on his todo list for now.

Ian:

  • Wrote a bunch of iframe sandbox tests!!!! Then refactored them ie wrote them all over again as separate sets of tests. All done except for two allow-top-navigation ones I need to finish.
    • Investigating web workers and sandboxing - the spec doesn't mention workers and there's some discussion about how they should behave - need to research what IE and Webkit have implemented
    • Debate about how sandbox attribute should be implemented (string v. dom settable token list). Need to post to WHATWG discussing what we plan to do here when finished researching what IE and Webkit have implemented.
    • Almost ready to submit iframe sandbox for review/feedback
  • Picked at CSP bug 650386, trying to get this landed and finally finished !
  • Gonna look at low-rights Fx soon. Probably lots of research to get started, then testing, playing around, and maybe standing up a demo. Addons seem like they will be a problem here, even non-binary ones.

Sid:

  • HTTPS search for Google landed - got some press, positive response
    • being localized in Japanese, Korean and one of our Chinese locales
    • uses SPDY since it's HTTPS
  • CABF - meetings



Roadmaps review

Review currently active (P1) features against their established milestones, identify any blockers - https://wiki.mozilla.org/Security/Roadmap + https://wiki.mozilla.org/Privacy/Roadmap

Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities

Suggest additions or changes to roadmaps

Detailed discussion of features or outstanding issues as time permits

  • P1 = "doing it", P2 = "do this if you have time", P3 = "meh, would be nice"

Open items, blockers

none today.

Goals discussion

  • Get them done.
  • Raise coordination of stuff (B2G threat modeling)
  • Low-rights Fx
  • Click-to Play
  • Someone else should have Click to play as a goal, perhaps
  • DNT spec compliance
  • Stretch: per-site third party cookies