course evaluation
play

course evaluation room for attestations: 03.05.051 iLab Threat - PowerPoint PPT Presentation

Sep 08, 2022 •501 likes •986 views

course evaluation room for attestations: 03.05.051 iLab Threat modelling, surveillance, operational security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt

  1. course evaluation room for attestations: 03.05.051

  2. iLab Threat modelling, surveillance, operational security Benjamin Hof hof@in.tum.de Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München Closing event – 15ss

  3. You may not be interested in surveillance, but surveillance is interested in you CC-BY-SA 3.0 Andreas Preuß

  4. IEEE Spectrum 2007: The Athens Affair.

  5. IEEE Spectrum 2007: The Athens Affair.

  6. View on security 1. communication 2. software stacks 3. physical security

  7. Outline Classification of actors Threat actors Attack systems Examples Systematic defence

  8. submarinecablemap.com

  9. Eve lifewinning.com/submarine-cable-taps

  10. Mallory

  11. Burglar

  12. Jack Bauer

  13. Outline Classification of actors Threat actors Attack systems Examples Systematic defence

  14. High end ◮ Five eyes ◮ Israel ◮ China ◮ Russia ◮ France

  15. Commercial variants

  17. arms dealers

  18. Mercenaries law suits, high profile business deals

  20. attacker resources ./ money ./ target value

  21. Scale

  22. Outline Classification of actors Threat actors Attack systems Examples Systematic defence

  23. RAMPART-A Typical Operation USA Country X Processing Center E D B C Partner Analysts NSA Network SECRET//COMINT NETWORK Access Point A International Cable TOP SECRET//COMINT//NOFORN

  25. ◮ full traffic storage ◮ search engines ◮ financial transactions ◮ mobile systems

  26. ~ - ~; - e n - t i f - i ~ - ~ m -._ ~ L ~ -~ L ~W~ " O!" · gma f .c o:n :~._-.~ - ~ : ~h~me skypeM~ sk.ypeM~l:.*.en ~ gmo l . com P.v~s or sep~rate.:1 ~d ) TOP SECRET//$1 //REL U SA , AUS, CAN, GBR, NZL ' • (TS//51//REL) Change the query to search for the last 3 Months and click SUBMIT .. St lector Prollle sear ch Seied:or P l' oflle S<iec tor Ploflle [· - - - -:o>gnal.ccm<goo;je>) Mttlcatlon: v 20111110 [3 OD:OO :OO End D.t o: v 'bd>y Selectors Yeste«Jay c .. ,.,.,. <oi) Add @ Remove 1h l< - 7 1h i :>Mon th L google Parcrreters L Mt Nonlh [J Parilmetefs l 0ay El ._.-~- P ar<meters 2 t»ys googlo [J ParM'let«s 3 ~ 5.,.,. skyp e MaJ'blcM E P¥.snet us . Oays 1 t:l skype r.,.lbken 140ays google Pararwet. : ers J M>tth o 3r...w Ad d: I Ercer ~ rrore- seleclot! by (OO!mst and ht enter Qui et 6Monlhs A ut hority Filtus l v~-~ I > - . .. .. . . t· · •n• ·• •• .- .. - . - ll SPIEGEL ONLINE

  29. Outline Classification of actors Threat actors Attack systems Examples Systematic defence

  30. “I hunt sys admins” ◮ router ◮ look for successful logins ◮ admin ◮ personal webmail/facebook ◮ quantum

  31. GCHQ attack on Belgian ISP Belgacom

  32. German satcom provider Stellar

  33. Attacks on standards ◮ Dual_EC_DRBG ◮ IETF

  35. BSI report on German steel mill

  36. Outline Classification of actors Threat actors Attack systems Examples Systematic defence

  37. Operational security ◮ get a strategy ◮ unlinkability, compartmentalization ◮ paranoia doesn’t work retroactively

  38. Endpoint security requires control.

  39. Debian reproducible builds

  40. QubesOS

  41. Applications ◮ OTR ◮ Textsecure, Redphone, Signal ◮ Tor

  42. Hide metadata

  43. Development ◮ LANGSEC ◮ OWASP ◮ ENISA

  44. Operations ◮ diceware ◮ don’t store plaintext ◮ logging ◮ defence in depth

  45. Attack surface Endpoints ◮ browsers, drivers, . . . ◮ AMT/IPMI tracking devices with audio functionality ◮ SS7 ◮ data trail ◮ baseband processor ◮ additional batteries

  47. Believe nothing. Research everything.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

User Interface Evaluation Empirical evaluation Heuristic evaluation 1 CS 349 - UI evaluation

User Interface Evaluation Empirical evaluation Heuristic evaluation 1 CS 349 - UI evaluation

User Interface Evaluation Empirical evaluation Heuristic evaluation 1 CS 349 - UI evaluation When does UI evaluation happen? Design Testing and Implementation Development evaluation Testing 2 CS 349 - UI evaluation Types of tests

820 views • 20 slides
Evaluation DEMMS: Evaluation of Multimedia What are the Evaluation lectures about: When

Evaluation DEMMS: Evaluation of Multimedia What are the Evaluation lectures about: When

Evaluation DEMMS: Evaluation of Multimedia What are the Evaluation lectures about: When to evaluate Systems What kinds of evaluation are possible Predictive evaluations Robert Villa Traditional user experiments

551 views • 10 slides
Evaluation 101: An Introduction for New Evaluation Practitioners AEA/CDC Summer Evaluation

Evaluation 101: An Introduction for New Evaluation Practitioners AEA/CDC Summer Evaluation

Evaluation 101: An Introduction for New Evaluation Practitioners AEA/CDC Summer Evaluation Institute 2008 Introductions &amp; Expectations Introduce yourself to someone at your table using these three basic topics Name, rank, serial number

577 views • 18 slides
Evaluation: Using CDCs Evaluation Framework By: Thomas J. Chapel, MA, MBA Chief Evaluation

Evaluation: Using CDCs Evaluation Framework By: Thomas J. Chapel, MA, MBA Chief Evaluation

Practical Program Evaluation: Using CDCs Evaluation Framework By: Thomas J. Chapel, MA, MBA Chief Evaluation Officer CDC/OADPG Tchapel@cdc.gov 404-639-2116 ... If you blindfold someone, put them in a large field, and tell them to walk

758 views • 44 slides
SunyoungKim,PhD Todays agenda Evaluation Expert evaluation o Cognitive

SunyoungKim,PhD Todays agenda Evaluation Expert evaluation o Cognitive

Human-Computer Interaction 22. Evaluating User Interface: Expert Evaluation SunyoungKim,PhD Todays agenda Evaluation Expert evaluation o Cognitive Walkthrough o Heuristic Evaluation Design process (Koberg &amp; Bagnall) Why

865 views • 54 slides
Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of a system can be carried out either: experimentally (heuristic) : a system prototype is built and empirical statistical data are used to evaluate

470 views • 25 slides
e-Bug Pack Evaluation 1 Evaluation Process Evaluation carried out in 3 countries Finland

e-Bug Pack Evaluation 1 Evaluation Process Evaluation carried out in 3 countries Finland

e-Bug Pack Evaluation 1 Evaluation Process Evaluation carried out in 3 countries Finland Control and Intervention Schools Latvia Denmark Lithuania Ireland England England Poland Junior and Senior Belgium Czech Rep.

447 views • 24 slides
Search engine evaluation Nisheeth Evaluation Evaluation is key to building effective and

Search engine evaluation Nisheeth Evaluation Evaluation is key to building effective and

Search engine evaluation Nisheeth Evaluation Evaluation is key to building effective and efficient search engines measurement usually carried out in controlled laboratory experiments online testing can also be done Effectiveness,

646 views • 48 slides
Webinar on Meta-evaluation Approaches to Improve Evaluation Practice Mnica Lomea Gelis,

Webinar on Meta-evaluation Approaches to Improve Evaluation Practice Mnica Lomea Gelis,

Webinar on Meta-evaluation Approaches to Improve Evaluation Practice Mnica Lomea Gelis, Maria Bustelo Ruesta, Principal Evaluation Officer at Director of the Master on Evaluation of Independent Development Evaluation of Zimbabwe

439 views • 26 slides
Evaluation &amp; Research 27 August 2019 NPN- Chicago Evaluation is a systematic process to

Evaluation &amp; Research 27 August 2019 NPN- Chicago Evaluation is a systematic process to

Evaluation &amp; Research 27 August 2019 NPN- Chicago Evaluation is a systematic process to determine merit, worth, value or significance. -The American Evaluation Association Evaluation helps coalitions Name and frame community

730 views • 44 slides
What is a performance evaluation? Performance Management v. Performance Evaluation Evaluation

What is a performance evaluation? Performance Management v. Performance Evaluation Evaluation

3/16/2015 Employee Performance Evaluations and Their Importance Presented by Summer Randall March 18, 2015 What is a performance evaluation? Performance Management v. Performance Evaluation Evaluation Management One time event Ongoing

175 views • 6 slides
Programme BRICK Programme Evaluation: How, why and what? The plan Practical evaluation -

Programme BRICK Programme Evaluation: How, why and what? The plan Practical evaluation -

External Evaluation of the BRICK Programme BRICK Programme Evaluation: How, why and what? The plan Practical evaluation - meeting objectives BRICK evaluation - aims and approach BRICK evaluation - emerging findings Learning -

552 views • 32 slides
Heuristic Evaluation (Pinelle) Heuristic evaluation is a method of qualitative evaluation of

Heuristic Evaluation (Pinelle) Heuristic evaluation is a method of qualitative evaluation of

Heuristic Evaluation (Pinelle) Heuristic evaluation is a method of qualitative evaluation of software. 449: A Design Space for Evaluation Open-ended Open-ended Formative Qualitative Methods Usability Breadth of Engineering question

634 views • 25 slides
Evaluation Map Guide Evaluation Map Guide Evaluation Map Guide Evaluation Map Guide Progress on

Evaluation Map Guide Evaluation Map Guide Evaluation Map Guide Evaluation Map Guide Progress on

Evaluation Map Guide Evaluation Map Guide Evaluation Map Guide Evaluation Map Guide Progress on Output 1 Progress on Output 1 Progress on Output 1 Progress on Output 1 Madrid Meeting at CECE 22 July 2016 1 Contents 1. Basic assumptions

310 views • 13 slides
Evaluation Talk From Uganda, Ukraine and beyond Evaluation lessons from parliamentary

Evaluation Talk From Uganda, Ukraine and beyond Evaluation lessons from parliamentary

Evaluation Talk From Uganda, Ukraine and beyond Evaluation lessons from parliamentary strengthening? A practical example of the design and execution of a multi-country end-evaluation By: Karin Weber Kampala, April 9 th 2014 Presentation

224 views • 21 slides
I-70 East Project Evaluation of Statements of Qualifications I-70 East: SOQ Evaluation Agenda

I-70 East Project Evaluation of Statements of Qualifications I-70 East: SOQ Evaluation Agenda

July 2015 I-70 East Project Evaluation of Statements of Qualifications I-70 East: SOQ Evaluation Agenda Evaluation Process &amp; Teams Candidate Teams Evaluation Criteria Summary of Total Weighted Scores Shortlist

449 views • 8 slides
OpenEXR / ID Cyril Corvazier Today Isolate part of the image with regexps Unmodified

OpenEXR / ID Cyril Corvazier Today Isolate part of the image with regexps Unmodified

OpenEXR / ID Cyril Corvazier Today Isolate part of the image with regexps Unmodified OpenEXR 2.0 Flat images, not deep Support AA, motion blur, DOF, transparency IO C++ library OpenFX plug-in File format for mask

369 views • 9 slides
7 Lessons Learned Leading Internet Era Communities Zachary Rosen TWITTER:@ZACK EMAIL:

7 Lessons Learned Leading Internet Era Communities Zachary Rosen TWITTER:@ZACK EMAIL:

7 Lessons Learned Leading Internet Era Communities Zachary Rosen TWITTER:@ZACK EMAIL: ZACK@GETPANTHEON.COM MY QUICK STORY The Professional Website Platform IM A MISSIONARY, NOT A MERCENARY OUR MISSION Democratize the web. 7 LESSONS

573 views • 21 slides
CMTC Providing Incentives and Support for A&amp;D Manufacturers John Anderson - Director

CMTC Providing Incentives and Support for A&amp;D Manufacturers John Anderson - Director

The Aerospace &amp; Defense Forum South Bay Chapter January 13, 2015 CMTC Providing Incentives and Support for A&amp;D Manufacturers John Anderson - Director CMTC is Part of a Network to Ensure Your Success U.S. Department of Commerce

547 views • 7 slides
On singular two-parameter eigenvalue problems Andrej Muhi c Institute of Mathematics, Physics

On singular two-parameter eigenvalue problems Andrej Muhi c Institute of Mathematics, Physics

MEP From MEP to a coupled GEP Common regular eigenvector On singular two-parameter eigenvalue problems Andrej Muhi c Institute of Mathematics, Physics and Mechanics, University of Ljubljana, Slovenia The Second Najman Conference on Spectral

540 views • 25 slides
1 Impact Plan - Entrepreneurship STRATEGIES IMMEDIATE OUTCOMES INTERMEDIATE OUTCOMES INTENDED

1 Impact Plan - Entrepreneurship STRATEGIES IMMEDIATE OUTCOMES INTERMEDIATE OUTCOMES INTENDED

Grant Program Review Board of Directors Meeting June 7-8, 2016 Program Agenda 2016 budget status Program updates Six grant proposals Annual Meeting topics Site Visits Financial and Investment Reviews 2 BOD Meeting June

257 views • 15 slides
May 1 st 4 th , 2018 Executive Board President Vice President Secretary-Treasurer Jill

May 1 st 4 th , 2018 Executive Board President Vice President Secretary-Treasurer Jill

May 1 st 4 th , 2018 Executive Board President Vice President Secretary-Treasurer Jill McAdams Cheree Bontrager Lisa Norris City of Irving City of Richardson City of Grand Prairie Trustees Shante Akafia Sandra Duran Christi Klyn

339 views • 15 slides
UK In Inhaler Group Purpose: To promote the correct use of inhaled therapies to improve

UK In Inhaler Group Purpose: To promote the correct use of inhaled therapies to improve

UK In Inhaler Group Purpose: To promote the correct use of inhaled therapies to improve outcomes for patients with respiratory conditions and ensure NHS gets optimal value from prescribed medication Group comprises representatives from

300 views • 6 slides
GMHSP COVID-19 VACCINATION PROGRAMME UPDATE 2 nd December 2020 Greater Manchester Health

GMHSP COVID-19 VACCINATION PROGRAMME UPDATE 2 nd December 2020 Greater Manchester Health

GMHSP COVID-19 VACCINATION PROGRAMME UPDATE 2 nd December 2020 Greater Manchester Health COVID-19 Vaccine and Social Care Partnership AGENDA 1. Covid Vaccine Priorities and Models 2. Primary Care Update 3. Interim JCVI Recommendations 4.

409 views • 9 slides

More recommend