Establishing a Security Policy: Threat Models and Principles

Description

This lecture covers the importance of establishing a security policy, focusing on threat models, security principles, and practical exercises. It discusses the principles of economy of mechanism, fail-safe defaults, complete mediation, open design, and separation of privilege. The instructor presents a case study involving Swisscom phone lines being tapped by the NSA, analyzing the threat model, principals, assets, and security properties. Additionally, it explores exercises related to state-level adversaries and solo young hackers, emphasizing data confidentiality, integrity, availability, authenticity, and the prevention of unauthorized access and data modification.

This video is available exclusively on Mediaspace for a restricted audience. Please log in to MediaSpace to access it if you have the necessary permissions.

Watch on Mediaspace

Official source

https://mediaspace.epfl.ch/media/0_f14b0yg4

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Ontological neighbourhood

Computer engineering

Computer security: Access control

Economics

Microeconomics: Economic systems

Related lectures (37)