Kev

Kev

HomeArchives

Threat Modeling

#隐私#安全71
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
Balancing security, privacy, and usability is one of the primary and most difficult tasks in your privacy journey. It involves making trade-offs between security and convenience. Threat models are important in understanding the potential risks to your privacy and security. They help identify the assets you want to protect, the potential adversaries, the likelihood of threats, the severity of consequences, and the level of inconvenience you are willing to tolerate. By creating a threat model, you can narrow down your focus and choose the appropriate tools to protect your assets. It is important to assess the risks and consequences based on your specific situation and prioritize your security measures accordingly.

Balancing security, privacy, and usability is one of the primary tasks you will face in your privacy journey, and it is also one of the most difficult tasks. Everything is a trade-off: the more secure something is, the more restricted or inconvenient it usually becomes, and so on. Often, people find that the problem with the recommended tools is that they are too difficult to get started with!

If you want to use the most secure tools available, you will have to sacrifice a lot of usability. And even then, nothing is completely secure. There is high security, but never complete security. That's why threat modeling is important.

So, what exactly are these threat models?

Threat models are a list of the most likely threats to your security and privacy work. Since it is impossible to protect yourself from every single attack (well, almost), you should focus on the most likely threats. In the field of computer security, a threat is an event that could compromise the efforts you make to maintain privacy and security.

Focusing on the threats that matter to you can narrow down your thinking about what needs protection, so you can choose the right tools for the job.

Creating Your Threat Model#

To determine what could happen to the things you value and identify who might want to harm them, you should answer the following five questions:

  1. What do I want to protect?
  2. Who do I want to protect it from?
  3. How likely is it that I need to protect it?
  4. How severe are the consequences if I fail?
  5. How much trouble am I willing to go through to avoid potential consequences?

What do I want to protect?#

"Assets" are the things you value and want to protect. In the context of digital security, assets are often some form of information. For example, your emails, contact lists, instant messages, location, and files are all potential assets. Your devices themselves can also be assets.

List your assets: the data you store, where it is stored, who has access to it, and factors that prevent others from accessing it.

Who do I want to protect it from?#

To answer this question, it is important to identify who might want to target you or your information. The individuals or entities that pose a threat to your assets are "adversaries". Examples of potential adversaries include your boss, your former business partner, your business competitors, your government, or hackers on the public network.

List your adversaries or those who may want to gain access to your assets. Your list may include individuals, government agencies, or companies.

Depending on who your adversaries are, in some cases, this list may be something you want to destroy after completing your security plan.

How likely is it that I need to protect it?#

Risk is the likelihood of a specific threat occurring against a specific asset. It is closely related to capability. While your phone provider has the capability to access all your data, the risk of them publishing your private data online to harm your reputation is low.

Distinguishing between what could happen and the likelihood of it happening is important. For example, there is a threat of your building collapsing, but the risk of it happening is much higher in San Francisco (where earthquakes are common) than in Stockholm (where earthquakes are rare).

Assessing risk is both personal and subjective. Many people find certain threats unacceptable regardless of how likely they are to occur because the mere presence of the threat is not worth the cost. In other cases, people may overlook high risks because they do not see the threat as a problem.

Write down the threats you want to take seriously, as well as those that may be too rare or harmless (or too difficult to address) to worry about.

How severe are the consequences if I fail?#

Adversaries can access your data in various ways. For example, adversaries can read your private communications as they pass through the network, or they can delete or destroy your data.

Adversaries have different motivations and strategies. A government trying to prevent the spread of videos showing police violence may be satisfied with simply deleting or reducing the availability of the video. On the other hand, a political adversary may want to access secret content and publish it without your knowledge.

Security planning involves understanding how severe the consequences would be if an adversary gained access to one of your assets. To determine this, you should consider the capabilities of your adversaries. For example, your phone provider can access all your call records. Hackers on open Wi-Fi networks can access your unencrypted communications. Your government may have stronger capabilities.

Write down what your adversaries might want to do with your private data.

How much trouble am I willing to go through to avoid potential consequences?#

There is no perfect security option. Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.

For example, a lawyer representing a client in a national security case may be willing to go to great lengths to protect communications about the case, such as using encrypted emails, rather than a mother who regularly sends funny cat videos to her daughter via email.

Write down the options you can use to help mitigate your unique threats. Note whether you have any financial limitations, technical limitations, or social limitations.

Try It Yourself: Protecting Your Belongings#

These questions can apply to various online and offline situations. As a general demonstration of how these questions work, let's create a plan to ensure the security of your home and belongings.

What do you want to protect? (Or, what do you have worth protecting?)
Your assets may include jewelry, electronic devices, important documents, or photos.

Who do you want to protect it from?
Your adversaries may include burglars, roommates, or guests.

How likely is it that you need to protect it?
Are there theft cases in your neighborhood? Are your roommates or guests trustworthy? What capabilities do your adversaries have? What risks should you consider?

How severe are the consequences if you fail?
Do you have anything in your home that is irreplaceable? Do you have the time or money to replace those things? Do you have insurance that covers stolen items from your home?

How much trouble are you willing to go through to avoid potential consequences?
Are you willing to purchase a safe for sensitive documents? Can you afford a high-quality lock? Do you have the time to open a safe deposit box at a local bank and store your valuable items there?

Only after asking yourself these questions can you assess the measures to take. If your belongings are valuable but the likelihood of them being stolen is low, you may not want to invest too much money in locks. However, if the likelihood of a break-in is high, you would want to get the best locks on the market and consider adding a security system.

Creating a security plan will help you understand the threats that are specific to you and evaluate the likelihood of risks to your assets, adversaries, and their capabilities, as well as the likelihood of facing those risks.

Source: privacyguides

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.