threat model
a formal model of the actions that an attacker can & cannot perform (aka a trusted computing base or components that an attacker can & cannot perform)
what are 4 that an attacker must follow? (aka model)
- cannot read memory
- directly access code on system
- break encryption
- cannot impersonate a system
what does an un-sanitized input?
a system doesn’t validate input before using it (therefore we should always check user input before using it)
what are side channels?
information is leaked in indirect ways -> for instance different timing could allow for a password to be guessed if it awas 1 ms for a correct and 2 ms for an incorrect value)
what is security through obscurity?
the attacker does not know what program we are executing
what does an attacker observe/control in a single node system?
- observe the timing of actions
- observe the inputs / outputs of the system
- control the inputs to the system
what does an attacker observer in a multi node system?
observe messages sent between nodes
drop messages sent between nodes
change messages sent between nodes
