Possible attacks

  • Database/server/cloud
  • Insider gains unauthorised access
  • Networking sniffing
  • Bugs in the web app
  • User impersonated
  • Password Breach

Design computer systems with security in mind

Principles of secure Design

CS3235-1-1.PNG

Go bottom up

  • Threat Model
    • Desired security property/goal
    • Attacker capabilities
    • Assumptions about the setup

Principal 1

Weakest Link Principal: Security can be no stronger than its weakest Link

Principal 2

Kerchkhoff’s principal: Security by Obscurity is bad

A good security is a security that does not base itself on obscurity. e.g IP protection

Slides