all InfoSec news
Threat Models over Space and Time: A Case Study of E2EE Messaging Applications. (arXiv:2301.05653v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Threat modelling is foundational to secure systems engineering and should be
done in consideration of the context within which systems operate. On the other
hand, the continuous evolution of both the technical sophistication of threats
and the system attack surface is an inescapable reality. In this work, we
explore the extent to which real-world systems engineering reflects the
changing threat context. To this end we examine the desktop clients of six
widely used end-to-end-encrypted mobile messaging applications to understand
the …
applications attack attack surface case context continuous e2ee end engineering messaging space study system systems systems engineering technical threat threat modelling threat models threats work world