BioSec: DNMar23

From Soma-notes

Possible Security problems

  • misuse of data
  • input validation
  • phishing
    • banking
    • want credentials
    • using email
    • send an email that looks like it comes from the bank
    • link goes to malicious site that looks arbitrarily like the bank (unpack)
    • user types in credentials, potentially gets transparently redirected to real bank site
    • banking
    • want credentials
    • using email
** send an email that looks like it comes from the bank
** link goes to malicious site that looks arbitrarily like the bank (unpack)
** user types in credentials, potentially gets transparently redirected to real bank site

Problems arise from: 

* illegitimate email
* link to site that looks like bank but isn’t
* credentials being entered in wrong domain, wrong page
* misappropriated language, images in email, site
* bad/missing/suspect cert?
** cert/credential combo suspect


Human algorithm: 

* is domain same for the one where we normally send credentials
* not normally in response to email request
* certificate is the same

Think of individual detectors as autonomous: 

* how would they be useful?
* how would they work? to detect?
* how should they change system state in the normal case?

List of individual detectors

image filename check

context / semantic word descriptions --> semantic integrity - verifying message / content integrity based on the content itself - even if it is digitally signed.

spellcheck

domain / ip address check

certificate check - issuer name, domain name, client name, date of issue, date of expiry

Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=BioSec:_DNMar23&oldid=17137"