首页 > 其他分享 >COMP6236 隐私和安全的hreat模型

COMP6236 隐私和安全的hreat模型

时间:2023-05-18 09:02:56浏览次数:41  
标签:hreat app marks two COMP6236 STRIDE 隐私 threat Marks


COMP6236 2023
Assignment 3: Threat modelling for Privacy and Security
This assignment is divided into three tasks that progressively increase in length and mark
allocation. The three tasks are independent of each other and there is no overall length or
word count limits as this is coursework. However, a good rule of thumb would be to target
one paragraph for task one and two for task two. Task three is longer.
Notes
The following notes are intended to highlight some common ”gotchas”.
1. For each task, please stick to the requirements provided.
2. The edges of a graph can provide information about the nodes they connect to, especially if the
graph includes more than one type of edge.
3. For task two, remember that LINDDUN is prescriptive in its mapping and mitigation.
4. For task three we are expecting two DFDs of the same system, one at level 0 and one at level 1. It
must be clear how these relate to each other and that they are of the same system.
5. For task three, please review the examples provided in the STRIDE slide deck, as well as the
discussion around the meaning of DFD elements.
6. For task three, keep to system elements explicitly named in the scenario and remember that data
flows are also elements of the system and can be included in the seven you choose.
Marks Breakdown
Task 1 Five marks, consisting of:
2 Marks: For explaining non-repudiation.
3 Marks: For contrasting security and privacy concerns.
Task 2 Ten marks, consisting of:
3 Marks: For contrasting L df2 to L df3.
2 Marks: For explaining inter-tree and inter-model links.
5 Marks: For challenge description and mitigation(s).
Task 3 Twenty-five marks, consisting of:
10 Marks: For DFDs and DFD elements.
15 Marks: For threat identification and discussion/mitigation of seven threats.
That is three marks for a glaring security error and 2 marks for the other six.
Submission Instructions
Please use the template provided and submit using Turnitin on the module blackboard page at this link.
(You should be able to see the “Assignments” tab on the left panel)
1
Deadline
The coursework deadline is on 19-05-2023 at 16:00. Note that late submissions will be penalised using
the standard University rules (10% per working day) and that no work will be accepted that is more
than five days late.
Purpose of this coursework
The coursework maps to the following aims and objectives of COMP6236:
Knowledge and Understanding
A1. Common issues affecting the security of software systems
Subject-specific Intellectual and Research Skills
B1. Describe specific methods for exploiting software systems
Subject-specific Practical Skills
D1. Identify security weaknesses in software systems and applications
Academic Integrity
This coursework is an individual piece of work and the usual rules regarding individual coursework and
academic integrity apply. In particular, please note the University Academic Integrity Regulations. All
the reports will be checked for plagiarism by scanning them in Turnitin.
Marking Criteria
Your submission will be marked out of 40. The following criteria will be used.
Task Criteria Marking Scheme
Task 1
Ability to differentiate between
privacy and security-focused
threat analysis.
Up to 5 marks are awarded for
describing non-repudiation and
the contradictory positions held
by LINDDUN and STRIDE.
Task 2
Ability to navigate the LIND-
DUN threat tree.
Up to 10 marks are awarded for
describing key features and ap-
plying a second set of features.
Task 3
Ability to conduct STRIDE-
based threat modelling.
Up to 25 marks are awarded
building and asessing a threat
model at two levels of granual-
rity.
Marks calculation
This coursework counts for 40%
of the module mark.
File format
Submitted file is in PDF format,
the report is compliant with the
provided template. If the format
is not PDF, a 5 marks penalty
will be applied. If the report is
corrupted or cannot be opened,
0 mark will be awarded for the
coursework.
2
Task1 - Non-repudiation
Both STRIDE and LINDDUN directly address the concept of non-repudiation.
1. Explain briefly what non-repudiation is and why it is important.
2. Then explain how both STRIDE and LINDDUN view non-repudiation and why it’s different.
Task 2 - Linkability in LINDDUN
The threat tree included below is for the Linkability of data flows (L df).
1. Describe the similarities and differences between L df2 and L df3.
2. Most of the nodes on this threat tree are squares, but there is also a blue hexagon and a red circle.
Describe the functions of both the blue hexagon and the red circle.
Consider the following hypothetical. A new mobile payment system is currently in the design phase and
based on the excessive collection of personal data by the system and the transmission of that data to
data processors, you have determined that there is a significant threat under L df1 specifically.
1. Given that this is in the design phase, work from L df1 to the Mitigation strategies Taxonomy to
map strategies to threats and suggest four remedial actions.
2. Based on the previous, suggest a LINDDUN-linked Privacy Enhancing Technology (PET) that can
be deployed here.
Figure 1: Linkability of data flows on LINDDUN
3
Task 3 - STRIDE threat modelling
Scenario
A multinational conglomerate, Ecorp LLC, is currently designing a new fitness tracker and associated
smartphone app. Neither exists yet but the intended functionality is fairly typical for consumer smart
electronics. The fitness tracker is a watch-style device which records the wearer’s activity including walk-
ing, running, and cycling, but nothing else. This information is then passed via BlueTooth connection
to an associated smartphone hosting the device control app. The fitness tracker can only connect via
BlueTooth to the smartphone and has no other connections. The smartphone on the other hand can be
any modern smartphone and will therefore support mobile data, wifi, and BlueTooth.
The device control app is downloaded from an app store, installed on the user’s smartphone as normal,
and therefore shares the smartphone’s storage with other apps. The app store’s IP address is of the form
https://**.**.**.**. The device control app has read-and-write access to the smartphone’s data store
and by default asks for access to the user’s photos, location data, and crash reporting from the phone.
When the user installs the device control app they are prompted to create an account where they provide
personal details and also get credentials to log into both the app and the Ecorp website. The website’s
IP address is of the form https://**.**.**.**. During this process, the users are told that crash reports
are collected but no specifics are given. In practice, the Ecorp device control app includes the crashlytics
crash reporting and tracking app from Google. All crash reports are sent to a server in the United States
and its IP address is of the form https://**.**.**.**. Lastly, daily updates from the control app to the
Ecorp database are sent to a server with an IP address in the form http://**.**.**.**. These updates
use the POST method and contain two strings, the first is encrypted and can not be read while the
second is in clear text and is as follows: ”DEV-ID: 00:24:E4:FF:FF:FF”
Instructions
Please use the principles of STRIDE to prepare Data Flow Diagrams (DFDs) and threat analysis for the
scenario presented above. Use the MS Threat Modelling Tool or any other appropriate tool, to develop
your DFDs. Also, if you are using a tool that does not support double lines for a complex process that
is acceptable as long as your numbering from lvl 0 to lvl 1 is consistent.
1. Create two DFDs, one each for level 0 and level 1 of the scenario.
2. Provide a description of each node on the two DFDs and why you included it.
3. Map the appropriate threats to seven vulnerable DFD elements and propose mitigation(s) for
each. These are the seven elements with the most urgent issues according to you.
4. Do not use the automated analysis features of the MS Threat Modelling Tool or any other such
tool. Only use tooling to prepare the DFD, but not to perform analysis since some of the assump-
tions underlying such tooling would not be appropriate for the work presented here.
5. This is a STRIDE-only exercise, please do not reference LINDDUN here.

 

标签:hreat,app,marks,two,COMP6236,STRIDE,隐私,threat,Marks
From: https://www.cnblogs.com/messagejava/p/17410848.html

相关文章

  • Facebook 又大出血,因面部隐私引诉讼,遭罚款 6.5 亿美元
    By超神经内容提要:Facebook近年来多次因用户隐私问题而陷入舆论中心,也因此付出了巨大的代价。此前,Facebook因剑桥分析事件认罚50亿美元,达成和解。近日,又因五年前一项关于人脸识别的诉讼,付出6.5亿美元以达成和解。关键词:Facebook用户隐私 面部识别去年4月,Facebook因泄露......
  • 基于FATE联邦学习的隐私计算实践
    FATE 是一个工业级联邦学习框架,所谓联邦学习指的就是可以联合多方的数据,共同构建一个模型;与传统数据使用方式相比,它不需要聚合各方数据搭建 数据仓库,联邦学习在联合计算建模的过程中,多方机构之间的数据是不会进行共享的,实现数据的 可用不可见。本文主要分享隐私计算平台 FATE......
  • 配置wordpress:创建隐私政策页(wordpress 6.2)
    一,wordpress系统中默认的隐私政策页1,页面->所有页面:可以看到默认的隐私政策页面 注意默认的隐私政策页的状态是草稿,并未正式发布,需要发布后才能加链接到菜单等二,如果隐私政策页被误删除也可以重新创建也可以指定使用其他页面,例如:改选其他页面,然后点使用本页按钮......
  • 美颜SDK的隐私保护与安全性分析
    随着智能手机和移动应用的普及,美颜SDK已经成为了很多应用的标配。美颜SDK的使用可以让用户在拍照或者视频聊天时,实现自拍美颜、滤镜、磨皮、瘦脸等效果。但是,在享受美颜SDK带来的便利的同时,我们也需要关注美颜SDK的隐私保护与安全性问题。一、了解数据流程美颜SDK会从用户的相机或......
  • 邮件签名SSL证书是如何保护隐私的
    在当今数字化时代,电子邮件已成为人们日常沟通和业务交流的重要方式。然而,随着电子邮件的广泛使用,保护电子邮件的隐私和安全性变得尤为重要。邮件签名SSL证书(Secure/MultipurposeInternetMailExtensions,简称S/MIME)通过使用S/MIME协议,提供了一种可靠的解决方案,可以对电子邮件进行......
  • 互联网医院系统源码:数据安全与隐私保护问题如何解决?
    当下,互联网医院系统源码已经走进了很多人的视野中,它的作用和好处小编就不用强调了,今天我们来聊另一个话题——隐私与数据安全。在智慧医疗行业,安全问题更是重中之重,这也自然而然成为了老生常谈的一个问题。本文小编将从互联网医院系统源码的数据安全与隐私保护的意义、当前面临的挑......
  • 顶象推出应用隐私合规检测服务
    为帮助开发者更高效地进行App隐私合规检测,顶象推出应用隐私合规检测服务,快速发现App可能存在的各类隐私安全漏洞,并提供详细的检测报告,给出专业的合规整改建议。该服务可应用于上架前和合规检测,通过个人信息保护分析、威胁定位分析和可视化结果报告等方式,帮助开发者全方位评估App......
  • 糖果摄影师隐私政策
    糖果摄影师隐私政策 北京时间共舞科技有限公司是糖果摄影师的运营者(以下称“糖果摄影师”或“我们”),我们非常重视用户的隐私和个人信息保护。在使用我们的产品与/或服务时,可能会收集和使用您的相关信息。我们希望通过《糖果摄影师隐私政策》(“本隐私政策”)向您说明我们在您使用......
  • 【THM】Red Team Threat Intel(红队威胁情报)-红队
    本文相关的TryHackMe实验房间链接:https://tryhackme.com/room/redteamthreatintel本文相关内容:将威胁情报应用于红队演练和对手模拟。简介威胁情报(TI-ThreatIntelligence)或网络威胁情报(CTI-CyberThreatIntelligence)是指归属于攻击者的信息、TTPs(Tactics,Techniques,......
  • 保护爬虫隐私安全的HTTPS与Socks5技术
      作为一名网络工程师和网络文章主编,我经常收到读者和客户的咨询和反馈,其中有不少是关于代理IP的应用和如何保护爬虫的隐私安全的问题。在本文中,我将深入探讨代理IP、HTTPS、爬虫和Socks5的相关技术,并提供一些实用的建议和指导,希望能够帮助读者更好地理解和应用这些技术。一、......