Partner or alone, as you wish. If you want help finding a partner, let me know.
In this assignment, you will perform a STRIDE-based analysis of a security scenario.
In a security certification course or something similar, there would doubtless be a strict set of rules for structuring and formatting your threat analysis. My pedagogical goals for this assignment, however, are not to turn you into certified threat modelers, but rather to get you into the habit of thinking in a reasonably structured way about threats. Though STRIDE does get you into some "thinking like an attacker", it is more focused on security at the system design stage rather than on reactive defense in the face of attacks. By analyzing your system's structure, you can try to build security into the system from the start.
The scenario
ilovepets.co
Let's pretend you're going to create an online dating service specifically targeted at people who keep porcupines as pets. (I'm not going to comment on the viability of your business plan. Good luck with the venture capitalists.)
This service will consist of:
- A database server. The database will contain user account information (including names, addresses, credit cards, attributes of each users' ideal porcupine, users' porcupine brush manufacturer preferences, etc.)
- A web server that serves data over HTTPS, enabling user login, browsing of potential dates, browsing of potential porcupines, chat between users, etc.
- A web client (i.e. web pages served from the web server, supporting all the features of the dating service, optimized for phone, tablet, and desktop).
- Client apps for iOS and Android that access an HTTPS-based API on the web server to support the apps' features.
What to hand in
- A data flow diagram for the system.
- A list of threats and their corresponding mitigations, labeled by which element of STRIDE the threat corresponds to. For example, one threat might be "eavesdropper on user's network reads user's interaction with the PorcuDate web server" and its corresponding mitigation might be "all interactions with the PorcuDate server occur over HTTPS". The STRIDE label for this threat would be I (information disclosure). You can submit this list in tabular form, or as a bulleted or numbered list, or something similar. Make sure it's easy to read.
Include in your list as many realistic threats as you can think of, with at least one or two in each STRIDE category.
Have fun!