Learn about the information disclosure pillar in the STRIDE threat modeling framework. Discover how to preserve the confidentiality of the data, secrets, and other information you store.
Overview
Syllabus
Introduction
- Allow me to disclose something
- Four-question framework
- Information disclosure as a part of STRIDE
- Authorized access
- Physical layer
- Metadata
- Encrypted and unencrypted
- Metadata in motion
- Non-internet data
- Intentional disclosure
- Metadata and security
- Radios: Intentional and accidental
- Timing
- Interpretation
- Cloud
- IoT and mobile
- AI and machine learning
- Metadata management
- Secrets and secrets management
- Cryptography
- Next steps
Taught by
Adam Shostack