BYU logo Computer Science
CS 465 Introduction to Security and Privacy

Threat Modeling

Objectives

Learning to think like an attacker is a critical part of cybersecurity. In this project, you will observe a system and consider how you might exploit it.

Requirements

In this project, you should work with up to three partners (groups of 2-3 people). If you really want to, you are permitted to work alone.

With your partners, develop a threat model for a smart home. Since this is a hypothetical system, you will need to identify what types of devices are in the smart home, as well as how the system sends data to cloud services. Be sure to consider a wide range of threats, including physical attacks.

Write a report about the system containing the following sections:

  1. What are we working on?
  • System description
    • What is the system?
    • Who is supposed to use the system? What are their tasks? What are their goals?
  • Diagrams
    • Diagram the user workflow.
    • Produce a data flow diagram for the system.
    • As you don’t have access to the inner workings of the system, make reasonable guesses to fill in this diagram.
  • Asset analysis
    • What assets exists in this system?
    • What assets are most valuable?
  1. What can go wrong?

  • Adversary analysis

    • Who might try to attack the system? Are they an insider or outsider?
    • What are their objectives?
    • What are their methods?
    • What are their capabilities?
    • You should identify at least three adversaries.

  • Enumerating attacks

    • Completely describe 1-2 attacks for each of the adversaries you identified. You may want to use STRIDE or playing cards to identify potential attacks.
    • You must have at least 5 attack trees.
    • Your analysis must have at least two adversaries and five attacks.
  1. What are we going to do about it?

  • Defender analysis

    • Who is trying to defend the system?
    • What resources do they have access to?
      • As you don’t have access to the inner workings of the system, make reasonable guesses about this information.

  • Mitigations

    • Propose three mitigations that could stop or slow down an attacker.
    • Explain how each mitigation will help.
  1. Did we do a good enough job?
  • Reflect
    • Reflect on what you have learned in this assignment.
      • What did you learn about the system?
      • How does this impact how you think of security?
    • This should be 2-3 paragraphs.

Grading Rubric

  • 10 points for the system description.
  • 10 points for the diagrams.
  • 10 points for the asset analysis.
  • 10 points for the adversary analysis.
  • 10 points for the attack tree.
  • 10 points for the defender analysis.
  • 10 points for the mitigations.
  • 10 points for the reflection.

For each section, we will be looking to see that the report covers all the requested items and that an honest effort has been made. I am not looking for perfection, especially since you are new to threat analysis and do not have access to all the information about the system.

The TA may deduct up to 20% of your grade for poor writing quality. This penalty will only be accessed if the writing is so poor as make it difficult for the TA to read and understand the report. This penalty will not be used to punish minor writing errors. If you run a grammar and spelling check, most students should not need to worry about this penalty.

Submission

List the full name of all group members in your report. Have one group member submit a PDF with your group’s report. We will give identical grades to all group members.