Covid Safe Paths - Threat Modeling Part 1

When (day):
4th - Thursday
At:
10:30 - 12:00
Watch
Zoom link will be available very soon



Session Video

Notable logs from the chat during the session

Our central infra asset that governs approved HA’s
The publishing of points of concern
The upload of data to the HA
The mobile app that holds raw data

Covid Safe Paths

“COVID Safe Paths is a mobile app for digital contract tracing (DCT) sponsored by Path Check a nonprofit and developed by a growing global community of engineers, designers, and contributors. Safe Paths is based on research originally conducted at the MIT Media Lab.”

Threat Modeling (Part 1)

During this session we will be doing a live Threat Modeling review of the application and collaborate with key “Covid Safe Paths” contributors in helping to improve the security of this opne source innitiative

The new coronavirus pandemic has upended our lives drastically. Borders have been closed, airports, hotels and other businesses got shut, the cultural life has been suspended, schools and other educational institutions have been completely switched to remote mode. These unprecedented measures not only depress people from the phycological point of view, but they also disrupt many economies, resulting in mass job losses and raising the probability of widespread hunger. We all want to get out of the house, to reopen the economy and to feel secure again. COVID Safe Paths is a mobile app for digital contact tracing (DCT) sponsored by nonprofit organisation Path Check and developed by a growing global community of engineers, designers, and contributors. The app is based on research originally conducted at the MIT Media Lab. It builds tools that help communities flatten the curve of COVID-19 together. During this session we will be doing a live Threat Modeling review of the application and collaborate with key “Covid Safe Paths” contributors in helping to improve the security of this open source initiative.

Resources

Support documents

Document from https://github.com/OpenSecuritySummit/covid-safe-paths-security/tree/master/docs

Privacy for Location Data in Safe Paths

Safe Places Product Definition

User types, needs, and problems in the Path Check ecosystem

SafePlaces API Architecture

v2 Upload Flow

Private GP trail intersection