CS 4401 (A12): Software Security Engineering
Assignment: Threats and the Security Mindset

Due: Tuesday, September 11 by 2pm (when class starts) under Turnin assignment threats.


Part 1: Technical Memo on Security System Analysis

[Credits: This assignment adapted (some text copied, with permission) from CSE484 at the University of Washington, taught by Tadayoshi Kohno. The main changes lie in tying this to the terms in the security framework from Ross Anderson's Security Engineering text (2nd edition).]

Pick a physical-world "system" designed to achieve some security, privacy, or access control property. Think of systems that you might have seen on campus, at work, at the bank, at the museum, at the doctors office or pharmacy, at the gym, or even on the street (like an armored car). Try to be creative; don't pick something "standard" like a door or window lock (bonus points for creativity). Write a technical memo with a "security review" of that physical-world system.

As with all technical memo assignments, your answer should be 1-2 pages in length and written crisply for a technical audience. Cover the following questions in your review. Unless otherwise stated, your answer to each question (or each item that you list in response to a question) should be roughly 1-2 sentences.

What to Turn In

Submit a single typeset document (Word or PDF) with your analysis.


Part 2: Threat Modeling

Consider the following three extensions to our online literary magazine application:

  1. "Meet the author" sessions hosted over a third-party VOIP service. Customers participate using their own webcam.
  2. To encourage readership, the portal will allow registered users to "purchase" two works for no charge each month. Subsequent purchases are charged at normal rates.
  3. The data store of uploaded works moves off the company network and onto the cloud.

Extend the threat model we developed in class to support these three extensions. This means (a) modifying the data flow diagram with the entities, processes, stores, and flows needed to model the security aspects of the extension, and (b) providing the STRIDE analysis on your modifications. Your STRIDE analysis does NOT need to cover DFD elements from before the extensions unless an extension would change the analysis of a pre-existing element.

Either on the diagram itself or at the top of your STRIDE analysis, please indicate which of the three extensions prompted each new DFD element.

What to Turn In

Submit an electronic copy of your new data flow diagram and a typeset document (Word or PDF) with your STRIDE analysis. For the revised diagram, you can modify the Powerpoint diagram from class (submit a single slide with your answer), submit PDF generated from some other drawing tool, or scan a hand-drawn DFD (but please write legibly!).


Part 3: Passwords Survey

Complete this anonymous survey (through Blackboard) on how you think about passwords. This should take no more than 10 minutes. Your identity will not be connected with your answers. Blackboard will merely report to the staff that you took the survey. We'll look at the answers in the aggregate during class.