CSE 127 Lecture Notes - Lecture 2: Attack Surface, Alarm Clock, Threat Model
Document Summary
Prevent of unauthorized modification of info, process, or function. Ex: increasing your bank acc balance w/o depositing money. Availability - prevent of unauthorized denial of service to others. Privacy: a person"s right or expectation to control the disclosure of his/her personal info. Vulnerabilities - weaknesses that could be exploited to cause damage to assets. In particular, look to assumptions in system. Set of systems/components/people/entities that your security depends on (and you have. Sb: perimeter around components of the same trust level. As: set of interaction points that an attacker can interact (things they could try to attack) Minimize as (fewest ways to attack) via air-gapping . Your threat model is your problem scope. Attackers don"t care about your threat model! You can"t make a msystem secure it you don"t even know what it does: assets & attackers. An attacker must not be able to compromise the [property] of ___ : system design.