BioSec: DNMar23: Difference between revisions

From Soma-notes
Elizabeth (talk | contribs)
Elizabeth (talk | contribs)
Line 19: Line 19:
* bad/missing/suspect certificate
* bad/missing/suspect certificate
** certificate/credential combination is suspect
** certificate/credential combination is suspect


Human algorithm:
Human algorithm:
* is domain same for the one where we normally send credentials
* is the domain the same for the one where credentials are normally sent?
* not normally in response to email request
* not normally in response to email request
* certificate is the same
* certificate is the same


Think of individual detectors as autonomous:
Think of individual detectors as autonomous:
* how would they be useful?
* how would they be useful?
* how would they work? to detect?
* how would they work? to detect?
* how should they change system state in the normal case?
* how should they change system state in the normal case?


= List of individual detectors =  
= List of individual detectors =  

Revision as of 15:24, 26 March 2012

Possible Security problems

  • misuse of data
  • input validation
  • phishing
    • banking
    • want credentials
    • using email
    • send an email that looks like it comes from the bank
    • link goes to malicious site that looks arbitrarily like the bank (unpack)
    • user types in credentials, potentially gets transparently redirected to real bank site


Problems arise from:

  • illegitimate email
  • link to site that looks like the bank but isn't the bank
  • credentials being entered in wrong domain, wrong page
  • misappropriated text, images in email, site images
  • bad/missing/suspect certificate
    • certificate/credential combination is suspect

Human algorithm:

  • is the domain the same for the one where credentials are normally sent?
  • not normally in response to email request
  • certificate is the same

Think of individual detectors as autonomous:

  • how would they be useful?
  • how would they work? to detect?
  • how should they change system state in the normal case?

List of individual detectors

image filename check

context / semantic word descriptions --> semantic integrity - verifying message / content integrity based on the content itself - even if it is digitally signed.

spellcheck

domain / ip address check

certificate check - issuer name, domain name, client name, date of issue, date of expiry