Possible Security problems

• misuse of data
• input validation
• phishing
  • banking
  • want credentials
  • using email
  • send an email that looks like it comes from the bank
  • link goes to malicious site that looks arbitrarily like the bank (unpack)
  • user types in credentials, potentially gets transparently redirected to real bank site

Problems arise from:

• illegitimate email
• link to site that looks like the bank but isn't the bank
• credentials being entered in wrong domain, wrong page
• misappropriated text, images in email, site images
• bad/missing/suspect certificate
  • certificate/credential combination is suspect

Human algorithm:

* is domain same for the one where we normally send credentials
* not normally in response to email request
* certificate is the same

Think of individual detectors as autonomous:

* how would they be useful?
* how would they work? to detect?
* how should they change system state in the normal case?

List of individual detectors

image filename check

context / semantic word descriptions --> semantic integrity - verifying message / content integrity based on the content itself - even if it is digitally signed.

spellcheck

domain / ip address check

certificate check - issuer name, domain name, client name, date of issue, date of expiry