Partner or alone, as you wish. If you want help finding a partner, let me know.
In this assignment, you will perform a
STRIDE-based
analysis of a security scenario.
In a security certification course or something similar, there would doubtless be a
strict set of rules for structuring and formatting your threat analysis. My pedagogical goals
for this assignment, however, are not to turn you into certified threat modelers, but rather
to get you into the habit of thinking in a reasonably structured way about threats. Though
STRIDE does get you into some "thinking like an attacker", it is more focused on security
at the system design stage rather than on reactive defense in the face of attacks. By analyzing
your system's structure, you can try to build security into the system from the start.
The scenario
ilovepets.co
Let's pretend you're going to create an online dating service specifically targeted at
people who keep porcupines as pets. (I'm not going to comment on the viability of your
business plan. Good luck with the venture capitalists.)
This service will consist of:
- A database server. The database will contain user account information (including
names, addresses, credit cards, attributes of each users' ideal porcupine,
users' porcupine brush manufacturer preferences, etc.)
- A web server that serves data over HTTPS, enabling user login, browsing of potential
dates, browsing of potential porcupines, chat between users, etc.
- A web client (i.e. web pages served from the web server, supporting all the features of
the dating service, optimized for phone, tablet, and desktop).
- Client apps for iOS and Android that access an HTTPS-based API on the web server
to support the apps' features.
What to hand in
- A data flow diagram
for the system.
- A list of threats and their corresponding mitigations, labeled by which element of STRIDE
the threat corresponds to. For example, one threat might be "eavesdropper on user's network reads
user's interaction with the PorcuDate web server" and its corresponding mitigation might be
"all interactions with the PorcuDate server occur over HTTPS". The STRIDE label for this threat
would be I (information disclosure). You can submit this list in tabular form, or as a bulleted
or numbered list, or something similar. Make sure it's easy to read.
Include in your list as many realistic threats as you can think of, with at least one or two in
each STRIDE category.
Have fun!