Lectures Flashcards
(43 cards)
What are two key themes in the Computer Security course?
• Thinking about security – The “security mindset” – Threat modelling – Security principles – Current events • Technical aspects of security – Attacks – Defenses
What are 12 categories that an attacker may be motivated by?
- Access or Convenience
- Curiosity or Boredom
- Desire or Obsession
- Diplomacy or Warfare
- Malice or Revenge
- Money
- Politics
- Protection
- Religion
- Self-Promotion
- World View
- Unusual
What are eight ways to brainstorm about security?
- Adversary Motivations
- Adversary Resources
- Assets
- Threats
- Vulnerabilities
- Attack Techniques
- Risks
- Mitigations
What are eight categories of assets?
- Emotional Well-being
- Financial Well-being
- Personal Data
- Personal Well-being
- Relationships
- Societal Well-being
- The Biosphere
- Unusual Impacts
What are some targets of an adversary motivated by Access or Convenience?
- appointment-based online enrollment systems
- sales of limited tickets
- personal electronics with restricted permissions
What are some actions that an adversary motivated by Access or Convenience might take?
- modify personal electronics
- bypass company filtering to access personal e-mail
- access a protected wireless network
What are some targets of an adversary motivated by Curiosity or Boredom?
- acquaintances
- strangers
- institutions
- celebrities
What are some actions that an adversary motivated by Curiosity or Boredom might take?
- look up celebrity’s medical record
- browse personal photos
- attack a random system
What are some targets of an adversary motivated by Desire or Obsession?
- ex-boyfriend
- ex-girlfriend
- celebrities
- children
What are some actions that an adversary motivated by Desire or Obsession might take?
- harassing messages
- sexual blackmail
- covert webcam activation
- monitoring communications
- location tracking
What are some targets of an adversary motivated by Diplomacy or Warfare?
- public infrastructure
- cyber-physical
- communication
- emergency systems
What are some actions that an adversary motivated by Diplomacy or Warfare might take?
- gather data
- spread misinformation
- track individuals
- disable equipment
- cause distractions
- cause bodily harm
- disable communications
What are some targets of an adversary motivated by Malice or Revenge?
- ex-employer
- neighbor
- rival
What are some actions that an adversary motivated by Malice or Revenge might take?
- misinformation
- cause physical harm
- cause monetary damage
- cause emotional damage
What are some goals of an adversary motivated by Money?
- drain assets
- sell DoS services
- extort organization
- sell user data
- sabotage competitor’s system
- manipulate market
What are some actions that an adversary motivated by Money might take?
- steal data
- disclose data
- misinformation
- sabotage competitor’s system
What are some goals of an adversary motivated by Politics?
- alter, prevent, or invalidate votes
- discredit political figures
- alter the public’s understanding or impression
What are some actions that an adversary motivated by Politics might take?
- DoS attack
- steal data
- disclose data
- misinformation
What are some targets of an adversary motivated by Protection?
- employers
- government
- family
What are some actions that an adversary motivated by Protection might take?
- monitor behavior
- evade censorship
- preemptive attack
What are some goals of an adversary motivated Religion?
- spread information about beliefs
* discredit another group
What are some actions that an adversary motivated by Religion might take?
- disclose data
- misinformation
- cause physical harm
- cause monetary damage
What are some targets of an adversary motivated by Self-Promotion?
- systems with personal information
- prominent systems
- challenging systems
What are some actions that an adversary motivated by Self-Promotion might take?
- change grades
- redact information
- deface a corporate website
- crack an encryption scheme
