Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: adding a threat model diagram for Ubuntu Frame #3484

Merged
merged 1 commit into from
Jul 29, 2024
Merged

docs: adding a threat model diagram for Ubuntu Frame #3484

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions doc/sphinx/explanation/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ These pages provide additional detail about a number of aspects related to using
- [Architecture](architecture): an overview of Mir's architecture for contributors
- [Libraries](libraries): an overview of Mir's libraries and how they depend on one another
- [Graphics support](mir-graphics-support): what's required to run Mir compositors
- [Threat Model](threat-model): defining a security threat model for Mir
- [What is Wayland anyway?](ok-so-what-is-this-wayland-thing-anyway): so what is it?
- [Windowing paradigms](window-positions-under-wayland): how are windows managed?
- [Component reports](component_reports): information on Mir's debug and performance reporting infrastructure
Expand All @@ -14,6 +15,7 @@ These pages provide additional detail about a number of aspects related to using
architecture
libraries
mir-graphics-support
threat-model
ok-so-what-is-this-wayland-thing-anyway
window-positions-under-wayland
component_reports
Expand Down
13 changes: 13 additions & 0 deletions doc/sphinx/explanation/threat-model.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# Threat Model
Mir is a C++ library for building compositors, not a product itself. As such,
when discussing the threat model for Mir, it is useful to discuss it in terms
of an actual product that is built on Mir. With this in mind, we will define
the threat model of **Ubuntu Frame** in this document.

## Ubuntu Frame Threat Model Diagram
Ubuntu Frame is published as a snap. As such, the threat model for frame assumes
that the snap is secure, and proceeds to outline the frame snap's interactions
with the outside world.

```{mermaid} ubuntu_frame_threat_model.mmd
```
32 changes: 32 additions & 0 deletions doc/sphinx/explanation/ubuntu_frame_threat_model.mmd
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
%%{ init: { 'flowchart': { 'curve': 'monotoneY' } } }%%
flowchart
shell((Mir-based Shell))
vnc_server(VNC Server)
vnc_client(VNC Client)
osk(On-screen Keyboard)
snapd(Snapd)
operator_app(Operator App)
user(User)
display(Display)
app(App)

subgraph snap [Snap]
vnc_server--input-->shell
shell--screen content-->vnc_server

osk--content/input-->shell
shell--input-->osk
end

shell--contents/configuration--->display
snapd--configuration-->shell
display--visuals-->user
operator_app--help message-->shell
user--input events-->shell
display--properties-->shell
vnc_server<--vnc-->vnc_client
app--window contents-->shell
shell--input/window management-->app

classDef boundary fill:none,stroke-dasharray: 5 5
snap:::boundary
Loading