Talk:Threat model

From Wikipedia, the free encyclopedia

Any security implementation can be "secure" depending on the threat model. That is, a security model is valid if it fully addresses and provides defenses against the types of intrusion attempts that it is expected to thwart. An extremely simplified example (just to demonstrate the "threat model" concept) would be that a security implementation that uses a simple alphabet substitution scramble would be considered relatively secure if the expected threat was a horde of pre-school children, but it would definitely not be considered secure at all if the expected threat was the NSA or a foreign intelligence agency.

Determining the expected threat model is not as simple as it would seem. At the very least, one must consider what the expected threat source has at his or her disposal. This can become a very complex analysis because the range of the threat depends on the analysis skills and the computing technology available to the adversary, and that involves a lot of unknowns. Even granting minimal resources, today's minimal resources are capable of quite a lot: much more than is obvious from a cursory examination. Take for instance, the Google Search Engine. It is composed of almost entirely off the shelf hardware, and much of it is not even the latest technology. A single PC is not very capable on its own. A thousand PC's working in parallal is capable of much much more - and it's not very hard to assemble. Combine that with the potential for internet virus propagation to create a network of potentially tens or hundreds of thousands of PC's working in parallel, and the "expected threat model" just grew exponentially while remaining within the bounds of the original "PC Computer Technology" expected threat level. Determining threat level is the subject of much learning and debate, and is beyond the scope of a simple article.

Moved from disk encryption GBL 15:12, 26 November 2006 (UTC)