BioSec: DNMar23: Difference between revisions

From Soma-notes
← Older editNewer edit →
Afry (talk | contribs)
305 edits
Elizabeth (talk | contribs)
72 edits
Line 1: Line 1:
== Possible Security problems ==
== Possible Security problems ==


- misuse of data
* misuse of data
* input validation
* phishing
** banking
** want credentials
** using email
** send an email that looks like it comes from the bank
** link goes to malicious site that looks arbitrarily like the bank (unpack)
** user types in credentials, potentially gets transparently redirected to real bank site


- input validation
Problems arise from:
 
- phishing
 
  - banking
 
  - want credentials
 
  - using email
 
  - send an email that looks like it comes from the bank
 
  - link goes to malicious site that looks arbitrarily like the bank (unpack)
 
  - user types in credentials, potentially gets transparently redirected to real bank site
 
problem arises from:


  * illegitimate email
  * illegitimate email
  * link to site that looks like bank but isn’t
  * link to site that looks like bank but isn’t
  * credentials being entered in wrong domain, wrong page
  * credentials being entered in wrong domain, wrong page
  * misappropriated language, images in email, site
  * misappropriated language, images in email, site
  * bad/missing/suspect cert?
  * bad/missing/suspect cert?
** cert/credential combo suspect


  - cert/credential combo suspect
Human algorithm
  is domain same for the one where we normally send credentials
  not normally in response to email request
  cert is the same
Think of individual detectors as autonomous
  - how would they be useful?


  - how would they work? to detect?


  - how should they change system state in the normal case?
Human algorithm:
* is domain same for the one where we normally send credentials
* not normally in response to email request
* certificate is the same


Think of individual detectors as autonomous:
* how would they be useful?
* how would they work? to detect?
* how should they change system state in the normal case?


= List of individual detectors =  
= List of individual detectors =  

Revision as of 15:18, 26 March 2012

Possible Security problems

  • misuse of data
  • input validation
  • phishing
** banking
** want credentials
** using email
** send an email that looks like it comes from the bank
** link goes to malicious site that looks arbitrarily like the bank (unpack)
** user types in credentials, potentially gets transparently redirected to real bank site

Problems arise from: 

* illegitimate email
* link to site that looks like bank but isn’t
* credentials being entered in wrong domain, wrong page
* misappropriated language, images in email, site
* bad/missing/suspect cert?
** cert/credential combo suspect


Human algorithm: 

* is domain same for the one where we normally send credentials
* not normally in response to email request
* certificate is the same

Think of individual detectors as autonomous: 

* how would they be useful?
* how would they work? to detect?
* how should they change system state in the normal case?

List of individual detectors

image filename check

context / semantic word descriptions --> semantic integrity - verifying message / content integrity based on the content itself - even if it is digitally signed.

spellcheck

domain / ip address check

certificate check - issuer name, domain name, client name, date of issue, date of expiry

Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=BioSec:_DNMar23&oldid=17136"