Your Threat Model Is Bad and You Should Feel Bad

Your Threat Model Is Bad and You Should Feel Bad

Speaker: Herbert Bos

Herbert Bos is full professor at Vrije Universiteit Amsterdam where he co-leads the VUSec Systems Security group. He is very proud of his current and former students whose research results have led to three PWNIE Awards as well as changes in all major operating systems, all browsers and all Intel CPUs. He is no fan of climate skeptics and xenophobes. He likes the Beatles.

Abstract

This presentation will explain how to create bad threat models (just keep doing what you're doing), why abstractions are the work of the devil (and a necessary evil), and what happens when processor flaws meet traditional software exploitation (nothing good). I will illustrate my arguments with stick figures and an explanation of our recent BlindSide attack.