Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

threat_model: Update service and client assumptions for unsafe calls #168

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

threat_model: Update service and client assumptions for unsafe calls #168

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions src/parsec_security/rust_client_threat_model/threat_model.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ by Parsec cannot be guaranteed.
application.
3. The client application obtains or generates a persistent name that it uses consistently for
accessing its service-side assets.
4. Invoking third party libraries using unsafe calls relies on their respective threat models and
assurances, and is outside of the scope of the parsec client.

## Assets

Expand Down Expand Up @@ -122,8 +124,9 @@ sensitive information.
| ID | Justification | Consequences |
|----|--------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------|
| 0 | Client library dependencies are not checked for Security Vulnerabilities. | A vulnerability in one of the Parsec client dependencies will also impact the client application and the data it shares with the Parsec library. |
| 1 | Authenticity of responses is not ensured through a MAC or asymmetric signature – it relies on trust in the platform administrator. | Any response from the service could have been spoofed or altered by any entity with sufficient capabilities. |
| 2 | Parsec does not currently clear sensitive data in memory after use. [This is looked at here](https://github.com/parallaxsecond/parsec-client-rust/issues/9). | Any data that passes through the client library could be read after the memory is released. |
| 1 | Provider libraries using unsafe calls are not checked by Parsec | Provider libraries using unsafe calls rely on their respective threat models and assurances, and is outside of the scope of the parsec service. |
| 2 | Authenticity of responses is not ensured through a MAC or asymmetric signature – it relies on trust in the platform administrator. | Any response from the service could have been spoofed or altered by any entity with sufficient capabilities. |
| 3 | Parsec does not currently clear sensitive data in memory after use. [This is looked at here](https://github.com/parallaxsecond/parsec-client-rust/issues/9). | Any data that passes through the client library could be read after the memory is released. |

## Mitigations

Expand Down
Loading