Skip to content

Impacts

Jump to bottom
aagbsn edited this page Oct 12, 2013 · 3 revisions

OONIThreat-ModelRolesUse-CasesThreatsImpactsDisclosure

Contents

Impacts

This table shows concisely which Roles are affected by which Threats. If the impact is not obvious, the footnotes below spell out special cases.

Threat Analyst oonib Operator Bystander Core Developer Directory Service Operator Net-Test Developer ooniprobe Operator Publisher Reader
Accidentally False Report Data B
Accidentally Bug-Elided Report Data B
Accidentally Operationally-Elided Report Data B
Ill-Specified Report Data R R
Maliciously Bug-Falsified Report Data B
Threat Analyst oonib Operator Bystander Core Developer Directory Service Operator Net-Test Developer ooniprobe Operator Publisher Reader
Maliciously Bug-Elided Report Data B
Maliciously Operationally-Falsified Report Data B
Maliciously Operationally-Elided Report Data B
Maliciously Network-Falsified Report Data J T
Maliciously Network-Elided Report Data J T
Threat Analyst oonib Operator Bystander Core Developer Directory Service Operator Net-Test Developer ooniprobe Operator Publisher Reader
Maliciously ooniprobe-Falsified Reports T
Maliciously ooniprobe Elided Reports T
Maliciously Collector-Falsified Reports T
Maliciously Collector-Elided Reports T
Maliciously Publisher-Falsified Reports
Threat Analyst oonib Operator Bystander Core Developer Directory Service Operator Net-Test Developer ooniprobe Operator Publisher Reader
Maliciously Publisher-Elided Reports
Maliciously Analyst-Falsified Reports T
Maliciously Analyst-Elided Reports T
ooniprobe Operator Usage Exposure C C
ooniprobe Operator Personal Exposure C C
Threat Analyst oonib Operator Bystander Core Developer Directory Service Operator Net-Test Developer ooniprobe Operator Publisher Reader
oonib Operator Usage Exposure C C
oonib Operator Personal Exposure C C
Bystander Personal Exposure C C
Private Infrastructure Exposure A G K
Illegal Data G S
Threat Analyst oonib Operator Bystander Core Developer Directory Service Operator Net-Test Developer ooniprobe Operator Publisher Reader
Injection-Attack Data
ooniprobe Operator Usage Exposure From Traffic Q
ooniprobe Operator Usage Exposure From Local Forensics O
ooniprobe Operator Personal Exposure From Traffic Q
oonib Operator Usage Exposure From Traffic P
Threat Analyst oonib Operator Bystander Core Developer Directory Service Operator Net-Test Developer ooniprobe Operator Publisher Reader
oonib Operator Personal Exposure From Traffic P
Bystander Personal Exposure From Traffic E
Private Infrastructure Exposure From Traffic Q
Injection Attacks Through Traffic Data
ooniprobe Operator Usage Exposure From Correlation G K
Threat Analyst oonib Operator Bystander Core Developer Directory Service Operator Net-Test Developer ooniprobe Operator Publisher Reader
ooniprobe Operator Personal Exposure From Correlation D G Q
oonib Operator Usage Exposure From Correlation K
oonib Operator Personal Exposure From Correlation K
Bystander Personal Exposure From Correlation D Q
Private Infrastructure Exposure From Correlation Q
Threat Analyst oonib Operator Bystander Core Developer Directory Service Operator Net-Test Developer ooniprobe Operator Publisher Reader
ooniprobe Compromise via Net-Test
ooniprobe Compromise via Collector
oonib Compromise via Test Helper
oonib Compromise via Collector
Directory Service Compromise via client L
Threat Analyst oonib Operator Bystander Core Developer Directory Service Operator Net-Test Developer ooniprobe Operator Publisher Reader
ooniprobe DOS
Test Helper DOS
Collector DOS
Publisher DOS
Directory Service DOS L
Threat Analyst oonib Operator Bystander Core Developer Directory Service Operator Net-Test Developer ooniprobe Operator Publisher Reader
ooniprobe localhost Leveraged Attack
ooniprobe Extra-Host Leveraged Attack I
oonib localhost Leveraged Attack
oonib Shared Hardware Leveraged Attack L
oonib Extra-Host Leveraged Attack I M
Threat Analyst oonib Operator Bystander Core Developer Directory Service Operator Net-Test Developer ooniprobe Operator Publisher Reader
Directory Service localhost Leveraged Attack L
Directory Service Extra-Host Leveraged Attack L
Unintentional DOS H M N Q F

Footnotes

These are potential exceptions or edgecases in the impacts above.

  • ☠. The given role is operated by a malicious inside attacker in these cases.
  • A. The Analyst is affected if liable for exposing ooniprobe network infrastructure.
  • B. The Analyst or Publisher is affected if held liable for inaccurate data.
  • C. Analyst or Publisher is affected if held liable for exposing personal information
  • D. The Analyst may be affected if data synthesis causes personal information to be more exposed.
  • E. The ooniprobe Operator may be liable for selecting inputs which expose bystander personal details.
  • F. The ooniprobe Operator is affected if liable for initiating traffic seen as malicious or negligent.
  • G. The oonib Operator is affected if they are liable for improperly sanitizing data.
  • H. The oonib Operator is affected if liable for initiating traffic seen as malicious or negligent.
  • I. The oonib Operator or the Bystander may be affected if the target of network abuse.
  • J. The Bystander is affected if the different behaviour is not limited to the ooniprobe.
  • K. The Bystander is affected if a censor misidentifies them as a ooniprobe Operator.
  • L. In the particular case of MLab deployment, Bystanders may include other MLab experiments.
  • M. The Bystander may be affected if using a DOS'd service.
  • N. The Bystander may be affected if operating a DOS'd service.
  • O. The Core Developer is affected if ooniprobe Operators misunderstand forensics risks.
  • P. The Core Developer is affected if liable for improperly documenting test helper risks.
  • Q. The Net-Test Developer is affected if liable for improperly documenting test risks.
  • R. This case suggests Net-Test Developers or Publishers need clearer public explanations of net tests.
  • S. The Publisher or Analyst may be affected if report findings contain "illegal data" in various jurisdictions.
  • T. The Publisher is affected if held liable for maliciously false data.
  • U. The Publisher is affected if held liable for maliciously incomplete data.
Clone this wiki locally