CS 231: Computer Security

Threat Analysis Using STRIDE

Partner or alone, as you wish.

Hand in by creating a folder named "stride" at the top level of your CS231 repository, and putting a stride.pdf or stride.txt file with your answers in that folder.

In this assignment, you will perform a STRIDE-based analysis of a security scenario.

In a security certification course or something similar, there would doubtless be a strict set of rules for structuring and formatting your threat analysis. My pedagogical goals for this assignment, however, are not to turn you into certified threat modelers, but rather to get you into the habit of thinking in a structured way about threats. Though STRIDE does get you into some "thinking like an attacker," it is more focused on security at the system design stage rather than on reactive defense in the face of attacks. By analyzing your system's structure, you can try to build security into the system from the start.

The scenario


      Santiago Urquijo/Getty

The phone rings. It's David.

"Jeff! The lemurs—lemurs!"

I check my hearing aids.

"Hi David. What about the...um...lemurs?"
"They're rampaging—rampaging!"
"Well, I guess rampaging lemurs could be a problem. How can I help? Do you need me to maybe construct a spanning tree or something?"

He makes a little scoffing sound.

"Oh, that's so sweet of you to think I would want a Minnesotan to do something algorithmic. No no, it's best if you leave that sort of thing to the experts from...well, from a bit further east, where we really know how to deploy mathematical thinking."

There's a long pause.

"Now why did I call again? Oh yes! I need to tell you about DLN!"
"Uh...."
"David's Lemur Network! I've put together a website to help the citizens of Northfield share sightings of rampaging lemurs. They can make accounts, login, search for lemur types, post photos, determine how many degrees of separation between them and a given RL..."

Checking my hearing aids again.

"RL?"
"Rampaging lemur. Try to keep up, Jeff."

RL. Of course. David continues:

Anyway, I've coded it up. I mean, I haven't actually coded it up, but I know what the code would be like in theory, which is pretty much the same thing. But I'm a little worried about security. Can you help?"

Now we're getting somewhere. Maybe I can actually help David with his little problem. I assure him I'll think about his project's security architecture and get back to him. He says something about needing to buy nuts, fruit, netting, and antibiotics and signs off.

Your job

This is where you come in. You're going to do a STRIDE analysis of David's Lemur Network. David's users will require privacy and confidentiality, data integrity, service availability, etc., so threats to any of those attributes of the system need to be identified and (if possible) mitigated.

The service will consist of:

What to hand in

Include in your list as many realistic threats as you can think of, with at least one or two in each STRIDE category.

Have fun!