Privacy: Who Ya Gonna Trust?
Crispin Cowan, Leviathan Security Group
November 1, 2019 2:30pm, in DC 2585
Privacy, especially anonymity, is tricky, because you don’t want to trust anyone, lest your identity leak, but you must trust someone, or else you cannot communicate. Threat modeling is rarely used in privacy, instead most used for prioritizing security hardening efforts. This talk presents a live example where we used threat modeling to do privacy analysis of a VPN vendor in a commercial setting. Most such penetration testing projects are confidential, but in this case Golden Frog VPN chose to publish the report, so we get to see the details of how this was done in industry.
Dr. Crispin Cowan has been a security innovator and influencer for over 20 years. In 1998, as a professor, he published the StackGuard paper, coining the term “stack canary,” which now protects nearly all computer platforms. In 1999, he founded Immunix, which built both AppArmor and the Linux Security Modules (LSM) interface, enabling Linux to have Mandatory Access Controls. Immunix was subsequently acquired by Novell. From 2008 to 2017, Dr. Cowan was with Microsoft, where he designed the App Container sandbox that is used by the Edge and Chrome web browsers, Microsoft Office, and Windows 10 to contain Universal Windows Apps. If you use a computer or a phone, something Dr. Cowan built is inside protecting it. He currently works as a consultant for the Leviathan Security Group where he founded the threat modeling service.