oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 11:56:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

start threat modeling section

Browse source
This commit is contained in:
midas 2025-01-22 17:34:00 +01:00
parent a8419fe625
commit fc89ac1ce3
1 changed files with 25 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

25
opsec/cloud_provider_adversary/index.html
View file

@ -133,6 +133,31 @@ in this post we are going to do a threat modelling exercise:<br><br>
<div class="container"> <div class="container">
<div class="row"> <div class="row">
<div class="col-lg-8 col-lg-offset-2"> <div class="col-lg-8 col-lg-offset-2">
<h1><b><b>Alice's threat model</b></h1>
Alice is very happy with her new deployment. The platform runs great and her team has started using it in earnest. Still, the bond of implicit trust that now exists between her and Bob bothers here. She decides to do a quick threat modelling exercise to calm her mind: instead of wondering about whatifs, she is going to identify the risks associated with her current setup and find ways to mitigate them.
<h2><b>Threats to Confidentiality</b></h2>
If Bob was dishonest (or compelled into acting dishonestly), he would be able to harvest information directly from her server's memory! (She doesn't know Leo is already hard at work)<br><br>
<b>Impacted assets<b><br>
<ul>
<li>decryption keys (eg: her https private key, allowing for complete decryption of her team's traffic)</li>
<li>sensitive data (ephemeral private messages on her forum that arer only kepy in RAM in an unencrypted form)</li>
<li>software state (session cookies, metadata)</li>
</ul>
<br><br>
Bob could also use side-channel attacks by monitoring the underlying server's power usage or run cache timing attack to find the value of her cryptographic secret keys even if Bob's hardware allows her to store them in a dedicated secure chip!
<h2><b>Threats to integrity</b></h2>
Someone with Bob's level of access (he is the administrator of the <i>hypervisor</i> - the software that runs Alice's virtual server) could also:
<ul>
<li>Run an evil maid attack: inject thir own code in the bootloader, in Alice's OS image or inside the hypervisor which Alice can't monitor</li>
<li>Through the hypervisor, tamper with Alice's virtual machine to compromise it</li>
</ul>
<h2><b>Threats to availability</b></h2>
</div> </div>
</div><!-- /row --> </div><!-- /row -->