Threat Model Example: Network User • supposes that any anonymous user can – c

1. Threat Model Example: Network User
2. • supposes that any anonymous user can – connect remotely to the software via a network
3. • attack possibilities
4. – measure the size and timing of his own requests and responses
5. – run parallel sessions
6. * masquerading various users and
7. * interleaving their messages in various ways
8. – provide malformed inputs / messages
9. – drop or send extra messages
10. • attack examples
11. – SQL injection, XSS, CSRF etc.
12. – buffer overflow, ROP payloads etc.
13.  
14. – message traffic is safe
15. – ⇒no need for encrypted communication
16. – e.g. the (old) telnet remote login
17. – not (anymore) appropriate in many actual real-life situations
18.  
19. Threat Model Example: Snooping User
20. • supposes a network user
21. – on the same network as other users of the application
22. – e.g. someone connected to an unencrypted Wi-Fi network at a coffee shop
23. – e.g. students in an university campus
24. • additional attack possibilities
25. – read / measure others’ messages
26. – intercept, duplicate or modify others’ messages
27. • attack examples
28. – session hijacking (intercept session key), data theft etc.
29. * violate privacy by reading unencrypted information exchanged between clients and service
30. – side-channel attacks (infer information by measuring size / timing of others’ messages)
31. – DoS
32.  
33. – message traffic is visible (a more realistic assumption)
34. – ⇒encrypted communication needed
35. – which one appropriate: link(encryptedWi-Fi,likeWPA2),network(IPsec) or application (SSL) layer?
36. – consider an attacker that can snoop traffic vs. one that can intercept and change the traffic
37. – encryption not sufficient for the latter
38.  
39. Threat Model Example: Co-located User
40. • supposes a network user(i.e. the attacker)
41. – on the same machine as other users of the application
42. – e.g. a malware installed on a user’s computer
43. • additional attack possibilities
44. – read / write files and memory
45. – snoop key presses and other events
46. – read / write user’s display (e.g. to spoof)
47. • attack examples
48. – secret theft, like passwords, keys
49. – spoofing attacks
50. • note the difference between
51. – snooping: unauthorized access to other’s data
52. – spoofing: impersonate someone (site, person etc.) else for the purpose of stealing data
53.  
54.  
55. – Spoofing – Tampering – Repudiation – Information Disclosure – Denial of Service – Elevation of Privileges