Security Goals v.s. Adversaries
1. Policy --> Confidentiality, Integrity, Availability
2. Threat Modeling --> assumptions about adversaries
3. Mechanism --> software/ hardware/ system
Policy:
Recovery questions: Yahoo case
Suggestion: Be conservative about the policy.
Threat Modeling:
MIT 1980's Kerberos 56 bits DES
SSL/TLS CAs
DARPA secure OS
Mechanism:
Android Bitcoin
Java Function: SecureRandom( ); SecureRandom( ) --> PRNG --> Random private key
PRNG is forgotten, then can guess SecureRandom( ) output.
Sparks:
1. Email is a little like Single Sign On (SSO) of a person's information system, since there are so many other accounts are bound to the email account, is the email account is compromised, other account will also be put in danger.
2. Apple's iCloud example, software will have vulnerabilities, for instance, the "Find my iPhone" subsystem forgot to check the brute force attack. Patches the vulnerability will works however if SOC exist, it will be find easier and be protected quickly.
3. Threat modeling: "Threat Modeling" Frank Swiderski
4. "Citi" case: Vulnerability always exits, quick response can largely decrease the damage.
