📊 Model: (InformationFlow-WebRTC-violation)
🔗 Link to Original Paper/Article
View SourceOpen Example Model in Example Models Bundle
📝 Short Description
The case covers a simplified version of the WebRTC protocol.
🔤 Abbreviations
WebRTC: Web Real-Time CommunicationSTUN: Session Traversal Utilities for NATNAT: Network Address Translator
📖 Extensive Description
Alice and Bob want to communicate. They exchange ports via STUN servers (publish_port and receive_port) and exchange session data via a signaling server (dispatch_initial_session_data and dispatch_response_session_data) to initiate a session. These servers are in the Zone Attack. After that, they can send and receive media by create_media_package and unpack_media_package. The exchanged session data and media is encrypted. Encrypted data flows have a Level of Low but also a ContainedClassification which indicates the true Level of the unencrypted flow.
🏷️ Label Description
🗂️ Data Labels:
- Level: There are two types of levels:
HighandLow. - ContainedClassification: This label marks the Level of an encrypted data flow. It can be
HighorLow.
🏷️ Node Labels:
- Zone: There are two zones in this model:
AttackandTrust. A node always part of one of these zones.
⚠️ Constraints(if any)
Safety
The fundamental requirement is that system parts or actors in the attack zone must not have access to data classified High:
Safety: data Level.High neverFlows vertex Zone.Attack
🚨 Violations
The error introduced in the case is that the session data of Bob can be sent unencrypted to the signaling server. We name the violating flow bob_session_data to ease finding the flow in the flow stack.