Skip to content

Latest commit

 

History

History
35 lines (28 loc) · 4.1 KB

threat-modeling.md

File metadata and controls

35 lines (28 loc) · 4.1 KB

Threat Model Analysis for realm/realm-swift

Threat: Unencrypted Realm Database Access

  • Description: An attacker gains physical access to a device or exploits OS vulnerabilities to access the unencrypted Realm database file stored on the device's file system. They can then use Realm Studio or similar tools to read and extract sensitive data directly from the database file.
  • Impact: High. Complete compromise of data confidentiality. Sensitive user data, application secrets, or business-critical information stored in Realm can be exposed. Potential for identity theft, financial loss, privacy violations, and reputational damage.
  • Realm-Swift Component Affected: Core Realm Database File Storage, Encryption Module (or lack thereof).
  • Risk Severity: Critical if sensitive data is stored and encryption is not enabled.
  • Mitigation Strategies:
    • Enable Realm Database Encryption: Use Realm's encryption feature by providing an encryption key during Realm configuration.
    • Secure Key Management: Store the encryption key securely, ideally using the device's secure enclave or keychain. Avoid hardcoding the key in the application code.

Threat: Realm Database File Corruption Leading to Unavailability

  • Description: Severe corruption of the Realm database file (due to hardware failures, file system errors during Realm operations, or unhandled software bugs within Realm or interacting with Realm) renders the database unusable. This can lead to application crashes, data loss, and complete application unavailability.
  • Impact: High. Application unavailability and potential data loss. Impact depends on the criticality of the application and the ability to recover from data loss.
  • Realm-Swift Component Affected: Core Realm Database File, File System Interaction, Realm Transactions, Write Operations.
  • Risk Severity: High when corruption leads to significant data loss or prolonged application downtime.
  • Mitigation Strategies:
    • Robust Error Handling and Recovery: Implement error handling specifically for Realm database errors, including file corruption. Implement recovery mechanisms, such as attempting to repair the database or providing options for data recovery from backups.
    • Backup and Restore Strategy: Implement a backup and restore strategy for the Realm database (separate from device backups if needed for specific recovery scenarios).
    • Use Realm Transactions: Enclose all write operations within Realm transactions to ensure atomicity and consistency, reducing chances of corruption during write failures.

Threat: Vulnerabilities in Realm Swift Library

  • Description: Security vulnerabilities are discovered in the Realm Swift library itself. Attackers could exploit these vulnerabilities if the application uses a vulnerable version of Realm Swift. Exploits could range from denial of service to data breaches or code execution depending on the nature of the vulnerability.
  • Impact: Variable, potentially Critical. Impact depends on the specific vulnerability. Could range from application crashes to data breaches or remote code execution.
  • Realm-Swift Component Affected: Core Realm Swift Library, potentially various modules depending on the vulnerability.
  • Risk Severity: Variable, potentially Critical depending on the vulnerability.
  • Mitigation Strategies:
    • Keep Realm Swift Updated: Regularly update the Realm Swift library to the latest stable version.
    • Monitor Security Advisories: Subscribe to Realm security advisories, release notes, and security mailing lists to stay informed about reported vulnerabilities.
    • Promptly Apply Security Patches: Apply security patches and updates from Realm as soon as they are released.
    • Dependency Management: Use dependency management tools to track and manage Realm Swift library versions and updates.