Commit 3e350c5e authored by Dietrich Ayala's avatar Dietrich Ayala
Browse files

Merge branch 'isolation' into 'main_publish' 

Draft isolation requirements based on notes from the drafting meeting

See merge request cyber/stan4cr2/en-304-617!46
parents 76d559a7 56561254

EN-304-617.md

+18 −0
Original line number Diff line number Diff line
@@ -490,6 +490,12 @@ This clause addresses the requirements in the CRA [\[i.1\]](#_ref_i.1) Annex 1 P 


**[REQ-EXT-AP-1]**: The product shall make the best effort to prevent the ability of an extension to make the product unavailable.



**[REQ-ISO-AP-1]**: The product shall take steps to reduce the risk that errors or crashes in one website running in one tab cause other, unrelated tabs to crash.



**[REQ-ISO-AP-2]**: The product shall take steps, on a best-effort basis, to save the state of running websites such that they can be restored later following an incident.



<mark>Editor's note: Need conclusion wrt this being about page state such as scroll position, form data or storage or unspecific or more specific.</mark>



## 5.10 Impact Minimisation



Proposed ESR code: IM
@@ -502,6 +508,10 @@ This clause addresses the requirements in the CRA [\[i.1\]](#_ref_i.1) Annex 1 P 


**[REQ-EXT-IM-3]**: The product shall permit extensions to communicate with system webservers when the localhost origin is declared in the extension manifest.



**[REQ-ISO-IM-1]**: The product's technical documentation shall describe all public network protocols implemented by the product, or include references to such protocols. These protocols shall be described in publicly available specifications, or be described with sufficient technical detail to permit an independent implementation.



<mark>Editor's note: Discussion around this was not concluded. HAS did not like asking for technical docs. Sam raised asking for user docs instead. Andrew suggested that in some circumstances it's not needed at all, eg explicit cooperation between client and server. Daniel E had concerns about lowering the bar even in cooperation contexts.</mark>



## 5.11 Minimisation of Attack Surfaces



Proposed ESR code: MAS
@@ -518,6 +528,8 @@ Applicability: Enterprise browsers (UC-INST) 


Example: Extensions may bundle assets in their packages, and browsers may allow them provide web pages with access to static assets, such as images, scripts and styles. Extensions declare these assets in their manifest, and browsers restrict access to only the declared assets.



**[REQ-ISO-MAS-1]**: The product's technical documentation shall describe all web-exposed interfaces, or include references to such descriptions. These interfaces shall be described in publicly available specifications, or be described with sufficient technical detail to permit an independent implementation.



## 5.12 Exploitation Mitigation Mechanisms



Proposed ESR code: EMM
@@ -528,6 +540,12 @@ This clause addresses the requirements in the CRA [\[i.1\]](#_ref_i.1) Annex 1 P 


**[REQ-EXT-EMM-2]**: The product shall validate an extension's manifest before installation and update, reject malformed manifests, and ignore unexpected manifest content.



**[REQ-ISO-EMM-1]**: The product shall separate certain product components from each other to reduce the scope of exploits, using process isolation or similar industry standard mitigations.



**[REQ-ISO-EMM-2]**: The product shall isolate different sites from each other, including from side-channel attacks.



**[REQ-ISO-EMM-3]**: The product shall reduce the privileges of its various components with respect to the operating system to the level required to perform their tasks.



## 5.13 Logging and Monitoring

Proposed ESR code: LOG