- Systems may fail for many reasons
- Reliability deals with accidental failures
- Usability deals with problems arising from operating mistakes made by users
- Security deals with intentional failures created by intelligent parties
- “Computing in the presence of an adversary”
- Computer security experts think like an attacker all the time
- What can go wrong?
- How can it go wrong?
- What assumptions might not be correct?
- How can I exploit this system?
- They also think like a defender
- Security policy
- Threat model
- Risk assessment
- Countermeasures
Threat Modeling §
- What does “security” mean in the scenario?
- Who are our adversaries?
- What are their motives?
- What are their capabilities?
- What about their access?
- What kinds of attacks need to be prevented?
- What kind of attacks should be ignored?
The Security Mindset §
- Thinking like an attacker
- Understanding how to circumvent security
- Look for where security can fall down
- Thinking like a defender
- What are you defending and from whom
- Weigh benefits vs costs: no system is ever completely secure
- “Rational paranoia”