course evaluation
play

course evaluation room for attestations: 03.05.051 iLab Threat - PowerPoint PPT Presentation

Sep 08, 2022 •501 likes •986 views

course evaluation room for attestations: 03.05.051 iLab Threat modelling, surveillance, operational security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt

  1. course evaluation room for attestations: 03.05.051

  2. iLab Threat modelling, surveillance, operational security Benjamin Hof hof@in.tum.de Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München Closing event – 15ss

  3. You may not be interested in surveillance, but surveillance is interested in you CC-BY-SA 3.0 Andreas Preuß

  4. IEEE Spectrum 2007: The Athens Affair.

  5. IEEE Spectrum 2007: The Athens Affair.

  6. View on security 1. communication 2. software stacks 3. physical security

  7. Outline Classification of actors Threat actors Attack systems Examples Systematic defence

  8. submarinecablemap.com

  9. Eve lifewinning.com/submarine-cable-taps

  10. Mallory

  11. Burglar

  12. Jack Bauer

  13. Outline Classification of actors Threat actors Attack systems Examples Systematic defence

  14. High end ◮ Five eyes ◮ Israel ◮ China ◮ Russia ◮ France

  15. Commercial variants

  17. arms dealers

  18. Mercenaries law suits, high profile business deals

  20. attacker resources ./ money ./ target value

  21. Scale

  22. Outline Classification of actors Threat actors Attack systems Examples Systematic defence

  23. RAMPART-A Typical Operation USA Country X Processing Center E D B C Partner Analysts NSA Network SECRET//COMINT NETWORK Access Point A International Cable TOP SECRET//COMINT//NOFORN

  25. ◮ full traffic storage ◮ search engines ◮ financial transactions ◮ mobile systems

  26. ~ - ~; - e n - t i f - i ~ - ~ m -._ ~ L ~ -~ L ~W~ " O!" · gma f .c o:n :~._-.~ - ~ : ~h~me skypeM~ sk.ypeM~l:.*.en ~ gmo l . com P.v~s or sep~rate.:1 ~d ) TOP SECRET//$1 //REL U SA , AUS, CAN, GBR, NZL ' • (TS//51//REL) Change the query to search for the last 3 Months and click SUBMIT .. St lector Prollle sear ch Seied:or P l' oflle S<iec tor Ploflle [· - - - -:o>gnal.ccm<goo;je>) Mttlcatlon: v 20111110 [3 OD:OO :OO End D.t o: v 'bd>y Selectors Yeste«Jay c .. ,.,.,. <oi) Add @ Remove 1h l< - 7 1h i :>Mon th L google Parcrreters L Mt Nonlh [J Parilmetefs l 0ay El ._.-~- P ar<meters 2 t»ys googlo [J ParM'let«s 3 ~ 5.,.,. skyp e MaJ'blcM E P¥.snet us . Oays 1 t:l skype r.,.lbken 140ays google Pararwet. : ers J M>tth o 3r...w Ad d: I Ercer ~ rrore- seleclot! by (OO!mst and ht enter Qui et 6Monlhs A ut hority Filtus l v~-~ I > - . .. .. . . t· · •n• ·• •• .- .. - . - ll SPIEGEL ONLINE

  29. Outline Classification of actors Threat actors Attack systems Examples Systematic defence

  30. “I hunt sys admins” ◮ router ◮ look for successful logins ◮ admin ◮ personal webmail/facebook ◮ quantum

  31. GCHQ attack on Belgian ISP Belgacom

  32. German satcom provider Stellar

  33. Attacks on standards ◮ Dual_EC_DRBG ◮ IETF

  35. BSI report on German steel mill

  36. Outline Classification of actors Threat actors Attack systems Examples Systematic defence

  37. Operational security ◮ get a strategy ◮ unlinkability, compartmentalization ◮ paranoia doesn’t work retroactively

  38. Endpoint security requires control.

  39. Debian reproducible builds

  40. QubesOS

  41. Applications ◮ OTR ◮ Textsecure, Redphone, Signal ◮ Tor

  42. Hide metadata

  43. Development ◮ LANGSEC ◮ OWASP ◮ ENISA

  44. Operations ◮ diceware ◮ don’t store plaintext ◮ logging ◮ defence in depth

  45. Attack surface Endpoints ◮ browsers, drivers, . . . ◮ AMT/IPMI tracking devices with audio functionality ◮ SS7 ◮ data trail ◮ baseband processor ◮ additional batteries

  47. Believe nothing. Research everything.

Recommend

User Interface Evaluation Empirical evaluation Heuristic evaluation 1 CS 349 - UI evaluation

User Interface Evaluation Empirical evaluation Heuristic evaluation 1 CS 349 - UI evaluation

User Interface Evaluation Empirical evaluation Heuristic evaluation 1 CS 349 - UI evaluation When does UI evaluation happen? Design Testing and Implementation Development evaluation Testing 2 CS 349 - UI evaluation Types of tests

820 views • 20 slides
Evaluation DEMMS: Evaluation of Multimedia What are the Evaluation lectures about: When

Evaluation DEMMS: Evaluation of Multimedia What are the Evaluation lectures about: When

Evaluation DEMMS: Evaluation of Multimedia What are the Evaluation lectures about: When to evaluate Systems What kinds of evaluation are possible Predictive evaluations Robert Villa Traditional user experiments

551 views • 10 slides
Evaluation 101: An Introduction for New Evaluation Practitioners AEA/CDC Summer Evaluation

Evaluation 101: An Introduction for New Evaluation Practitioners AEA/CDC Summer Evaluation

Evaluation 101: An Introduction for New Evaluation Practitioners AEA/CDC Summer Evaluation Institute 2008 Introductions &amp; Expectations Introduce yourself to someone at your table using these three basic topics Name, rank, serial number

577 views • 18 slides
Evaluation: Using CDCs Evaluation Framework By: Thomas J. Chapel, MA, MBA Chief Evaluation

Evaluation: Using CDCs Evaluation Framework By: Thomas J. Chapel, MA, MBA Chief Evaluation

Practical Program Evaluation: Using CDCs Evaluation Framework By: Thomas J. Chapel, MA, MBA Chief Evaluation Officer CDC/OADPG Tchapel@cdc.gov 404-639-2116 ... If you blindfold someone, put them in a large field, and tell them to walk

758 views • 44 slides
SunyoungKim,PhD Todays agenda Evaluation Expert evaluation o Cognitive

SunyoungKim,PhD Todays agenda Evaluation Expert evaluation o Cognitive

Human-Computer Interaction 22. Evaluating User Interface: Expert Evaluation SunyoungKim,PhD Todays agenda Evaluation Expert evaluation o Cognitive Walkthrough o Heuristic Evaluation Design process (Koberg &amp; Bagnall) Why

865 views • 54 slides
Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of a system can be carried out either: experimentally (heuristic) : a system prototype is built and empirical statistical data are used to evaluate

470 views • 25 slides
e-Bug Pack Evaluation 1 Evaluation Process Evaluation carried out in 3 countries Finland

e-Bug Pack Evaluation 1 Evaluation Process Evaluation carried out in 3 countries Finland

e-Bug Pack Evaluation 1 Evaluation Process Evaluation carried out in 3 countries Finland Control and Intervention Schools Latvia Denmark Lithuania Ireland England England Poland Junior and Senior Belgium Czech Rep.

447 views • 24 slides
Search engine evaluation Nisheeth Evaluation Evaluation is key to building effective and

Search engine evaluation Nisheeth Evaluation Evaluation is key to building effective and

Search engine evaluation Nisheeth Evaluation Evaluation is key to building effective and efficient search engines measurement usually carried out in controlled laboratory experiments online testing can also be done Effectiveness,

646 views • 48 slides
Webinar on Meta-evaluation Approaches to Improve Evaluation Practice Mnica Lomea Gelis,

Webinar on Meta-evaluation Approaches to Improve Evaluation Practice Mnica Lomea Gelis,

Webinar on Meta-evaluation Approaches to Improve Evaluation Practice Mnica Lomea Gelis, Maria Bustelo Ruesta, Principal Evaluation Officer at Director of the Master on Evaluation of Independent Development Evaluation of Zimbabwe

439 views • 26 slides
Evaluation &amp; Research 27 August 2019 NPN- Chicago Evaluation is a systematic process to

Evaluation &amp; Research 27 August 2019 NPN- Chicago Evaluation is a systematic process to

Evaluation &amp; Research 27 August 2019 NPN- Chicago Evaluation is a systematic process to determine merit, worth, value or significance. -The American Evaluation Association Evaluation helps coalitions Name and frame community

731 views • 44 slides
What is a performance evaluation? Performance Management v. Performance Evaluation Evaluation

What is a performance evaluation? Performance Management v. Performance Evaluation Evaluation

3/16/2015 Employee Performance Evaluations and Their Importance Presented by Summer Randall March 18, 2015 What is a performance evaluation? Performance Management v. Performance Evaluation Evaluation Management One time event Ongoing

175 views • 6 slides
Programme BRICK Programme Evaluation: How, why and what? The plan Practical evaluation -

Programme BRICK Programme Evaluation: How, why and what? The plan Practical evaluation -

External Evaluation of the BRICK Programme BRICK Programme Evaluation: How, why and what? The plan Practical evaluation - meeting objectives BRICK evaluation - aims and approach BRICK evaluation - emerging findings Learning -

552 views • 32 slides
Heuristic Evaluation (Pinelle) Heuristic evaluation is a method of qualitative evaluation of

Heuristic Evaluation (Pinelle) Heuristic evaluation is a method of qualitative evaluation of

Heuristic Evaluation (Pinelle) Heuristic evaluation is a method of qualitative evaluation of software. 449: A Design Space for Evaluation Open-ended Open-ended Formative Qualitative Methods Usability Breadth of Engineering question

634 views • 25 slides
Evaluation Map Guide Evaluation Map Guide Evaluation Map Guide Evaluation Map Guide Progress on

Evaluation Map Guide Evaluation Map Guide Evaluation Map Guide Evaluation Map Guide Progress on

Evaluation Map Guide Evaluation Map Guide Evaluation Map Guide Evaluation Map Guide Progress on Output 1 Progress on Output 1 Progress on Output 1 Progress on Output 1 Madrid Meeting at CECE 22 July 2016 1 Contents 1. Basic assumptions

310 views • 13 slides
Evaluation Talk From Uganda, Ukraine and beyond Evaluation lessons from parliamentary

Evaluation Talk From Uganda, Ukraine and beyond Evaluation lessons from parliamentary

Evaluation Talk From Uganda, Ukraine and beyond Evaluation lessons from parliamentary strengthening? A practical example of the design and execution of a multi-country end-evaluation By: Karin Weber Kampala, April 9 th 2014 Presentation

224 views • 21 slides
I-70 East Project Evaluation of Statements of Qualifications I-70 East: SOQ Evaluation Agenda

I-70 East Project Evaluation of Statements of Qualifications I-70 East: SOQ Evaluation Agenda

July 2015 I-70 East Project Evaluation of Statements of Qualifications I-70 East: SOQ Evaluation Agenda Evaluation Process &amp; Teams Candidate Teams Evaluation Criteria Summary of Total Weighted Scores Shortlist

449 views • 8 slides
Sharing information to improve evaluation Choosing evaluation methods to suit the complex

Sharing information to improve evaluation Choosing evaluation methods to suit the complex

Sharing information to improve evaluation Choosing evaluation methods to suit the complex ecologies of the particular intervention and evaluation How the BetterEvaluation platform can support appropriate evaluation design Patricia Rogers -

839 views • 39 slides
Workload-Driven Architectural Evaluation Evaluation in Uniprocessors Decisions made only after

Workload-Driven Architectural Evaluation Evaluation in Uniprocessors Decisions made only after

Workload-Driven Architectural Evaluation Evaluation in Uniprocessors Decisions made only after quantitative evaluation For existing systems: comparison and procurement evaluation For future systems: careful extrapolation from known quantities

889 views • 76 slides
Year three evaluation December 2018 LWN Hub evaluation partners Small Kings College London

Year three evaluation December 2018 LWN Hub evaluation partners Small Kings College London

Lambeth Living Well Network Hub Year three evaluation December 2018 LWN Hub evaluation partners Small Kings College London (KCL) evaluation team - members with a range of skills and research expertise Developed evaluation proposals in

964 views • 54 slides
SENSORY EVALUATION .. Basics of Sensory evaluation, Tools, Techniques, Methods and

SENSORY EVALUATION .. Basics of Sensory evaluation, Tools, Techniques, Methods and

SENSORY EVALUATION .. Basics of Sensory evaluation, Tools, Techniques, Methods and Interpretation 1 SENSORY EVALUATION Sensory evaluation is a scientific discipline that analyses and measures human responses to the composition and

758 views • 39 slides
ICS 667 Advanced HCI Design Methods 08. Intro to Evaluation Analytic Evaluation Dan Suthers

ICS 667 Advanced HCI Design Methods 08. Intro to Evaluation Analytic Evaluation Dan Suthers

ICS 667 Advanced HCI Design Methods 08. Intro to Evaluation Analytic Evaluation Dan Suthers Spring 2005 Outline Introduction to Evaluation Types of Evaluation etc. Usability Specifications Analytic Methods Metrics and

519 views • 21 slides
Evaluation of training Learning objectives Design a possible evaluation procedure for

Evaluation of training Learning objectives Design a possible evaluation procedure for

INF3280, 15 Feb 2017 Evaluation of training Learning objectives Design a possible evaluation procedure for Assignment 5 Core literature Chapter 9 Auxiliary literature Holton III (1996) The flawed four-level evaluation model

260 views • 9 slides
9. Evaluation Outline 9.1. Cranfield Paradigm &amp; TREC 9.2. Non-Traditional Measures 9.3.

9. Evaluation Outline 9.1. Cranfield Paradigm &amp; TREC 9.2. Non-Traditional Measures 9.3.

9. Evaluation Outline 9.1. Cranfield Paradigm &amp; TREC 9.2. Non-Traditional Measures 9.3. Incomplete Judgments 9.4. Low-Cost Evaluation 9.5. Crowdsourcing 9.6. Online Evaluation Advanced Topics in Information Retrieval / Evaluation 2

573 views • 40 slides
Interim Evaluation and Long-Term Evaluation Planning August 23, 2012 Agenda 2 Introductions

Interim Evaluation and Long-Term Evaluation Planning August 23, 2012 Agenda 2 Introductions

County of Santa Clara Community Corrections Partnership 1 AB 109 Evaluation: Interim Evaluation and Long-Term Evaluation Planning August 23, 2012 Agenda 2 Introductions AB 109 Interim Evaluation Overview Project Timeline CCP

88 views • 8 slides

More recommend