From 57585d322d1c98ecf2e30d96110a6fdcad1a9eb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torma=20Krist=C3=B3f?= Date: Fri, 16 Oct 2020 04:12:44 +0200 Subject: [PATCH] Created Threat Modelling (markdown) --- Threat-Modelling.md | 80 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 Threat-Modelling.md diff --git a/Threat-Modelling.md b/Threat-Modelling.md new file mode 100644 index 0000000..31c5176 --- /dev/null +++ b/Threat-Modelling.md @@ -0,0 +1,80 @@ +# Target of Evaluation + +![alt_text](Threat-Modeling/Target-of-Evaluation.png "image_tooltip") + +# Security requirements and objectives + +## Security requirements + +| | Security Requirement | Security Objective | +|-----------------|------------------------------------------------------------------------|---------------------------------| +| Confidentiality | Personal data of users must be protected from external entities | Data encryption, access control | +| Confidentiality | Only registered users should be able to upload and download CAFF files | Data encryption, access control | +| Confidentiality | Only registered users should be able to write comments for CAFF files | Data encryption, access control | +| Integrity | Regular users should not be able to modify or delete data. | Access control | +| Availability | The webshop should be usable with all modern browsers | Browser support | +| Authentication | Users should be able to register | User authentication mechanism | +| Authorization | Only administrators should be able to modify or delete data. | Administrator privileges | +| Authorization | Only administrators can view the purchases of other users | Administrator privileges | +| Auditing | Sign in attempts must be recorded | Logging facilities | + +# Threat assessment + +## Assets + +Physical: + +* ‒ + +Human: + +* Users + +Logical: + +* CAFF files +* Personal data of users +* Login credentials + +![alt_text](Threat-Modeling/Full-system.png) + +## Use Cases + +![alt_text](Threat-Modeling/UseCase-diagram.png) + +## Weaknesses - Potential points of attack + +* Request from Frontend to Backend +* Response from Backend to Frontend +* Data flow between Backend and User Database +* Data flow between Backend and Image Database + +## Possible attack interfaces + +* Compromised credentials +* Weak and stolen passwords +* Malicious insiders +* Missing or poor encryption +* Misconfiguration +* Distributed Denial of Service +* Phishing + +## Attack methods - Threat agents + +* **Script kiddie** ‒ Since we are not dealing with sensitive information and the webshop is not an essential service, the most likely attacker is a script kiddie. They could do a phishing attack and intrude the system. They could also exploit weak passwords. +* **Disgruntled employee** ‒ An employee might have credentials and a deeper understanding of the system to do some damage or steal data. +* **Cyber crime organization** ‒ It is not likely but possible that a cyber crime organization tries to steal passwords hoping that some users use the same password on other websites. + +# Risk assessment + +| Item Number | Observation | Likelihood | Impact | Risk Rating | +|-------------|------------------------------------------|------------|--------|-------------| +| 1 | User passwords can be guessed or cracked | High | Medium | High | +| 2 | DDOS attack | Low | High | Medium | +| 3 | Accidental file deletion/modification | Medium | High | High | + +# Identify countermeasures + +1. Enforce minimum passwrd length +2. Monitor the firewall +3. Monitor permissions, previleged users and backups \ No newline at end of file