search

w3c / wot-security

a repo exclusively for security to better manage issues and security considerations for WoT
https://w3c.github.io/wot-security/
18 stars 22 forks source link

Security scenarios section update #108

Closed ereshetova closed 6 years ago

ereshetova commented 6 years ago

Addresses issues: https://github.com/w3c/wot-security/issues/20 and https://github.com/w3c/wot-security/issues/21

mmccool commented 6 years ago

Looks good. Some minor stylistic issues (eg. I would avoid overuse of "etc") but worth merging and building on. I can merge when it's ready, but defer final style edits until we are closer to a final version of the document.

ereshetova commented 6 years ago

I have updated PR according to our discussion, but there is this one question I forgot to ask during the call. For the business/corporate environment, do we even have this threat:

WoT Communication Threat - TD Confidentiality and Privacy

Do we have this threat in this scenario? If we assume that all Things and their TDs are standard to the building, all info in them is public (since they relate to System provider and not system users)?
mmccool commented 6 years ago

Regarding TDs: I think there might be two sources of TDs: those from devices owned by the building, and those owned by the tenant. I assume tenants will want to build systems that integrate both kinds of devices. As an example, a tenant may own their own photocopiers, and might want to tie them into the security system of the building (so that, for example, unexpected use of a photocopier in the middle of the night when no one is in the building (according to access records) could possibly trigger at least a security warning).

There could also be a third category: BYOD devices and TDs. As an example, wearables, which I might want to tie into the corporate infrastructure (for example, I might want to find a certain employee, or send a notification to them... or provide various IoT controls).

Regarding privacy and confidentiality: yeah, I don't think it applies to the devices provided by the landlord. ACCESS to the devices should be protected, but not the TDs. However, corporate-owned devices may (as a group) indicate the type of business the company does and may be considered sensitive (this would be more of an issue of companies doing R&D vs. just straight offices, IMO, though). Certainly BYOD devices would have privacy implications.

So... regarding your original definition, if the set of devices are owned by the building, then I would say no. Other cases are fuzzier. But even if owned by the building... there might be cases when the information is only supplied to tenants, and it covered by some kind of confidentiality contract. But in my opinion keeping such information "secret" by legal means is pretty hopeless anyhow.

mmccool commented 6 years ago

PS regarding the issue with landlord-owned, tenant-owned, and BYOD devices, I will add a note to this effect in a new PR (as part of an overall editing pass) and we can discuss next time. Basically I will comment that it is a low risk for landlord-owned items but increases in risk if the system integrates TDs for corporate-owned and BYOD items.