Threat modeling begins with a clear understanding of the system in question. There are several areas to consider when trying to understand threats to an application. The areas of concern include the mobile application structure, the data, identifying threat agents and methods of attack, and controls to prevent attacks. The threat model should be created with an outline or checklist of items that need to be documented, reviewed, and discussed when developing a mobile application.
In this project, you will create a threat model. There are seven steps that will lead you through this project, beginning with the scenario as it might occur in the workplace, and continuing with Step 1: Describe Your Mobile Application Architecture. Most steps in this project should take no more than two hours to complete, and the project as a whole should take no more than two weeks to complete.
The following are the deliverables for this project:
Deliverables
Threat Model Report: An eight- to 10-page double-spaced Word document with citations in APA format. The report should include your findings and any recommendations for mitigating the threats found. The page count does not include figures, diagrams, tables, or citations.
Lab Report: A Word document sharing your lab experience along with screenshots.
Competencies
Your work will be evaluated using the competencies listed below.
1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation.
1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.
1.4: Tailor communications to the audience.
2.1: Identify and clearly explain the issue, question, or problem under critical consideration.
2.2: Locate and access sufficient information to investigate the issue or problem.
2.5: , conclusions or decisions, checking them against relevant criteria and benchmarks.
6.3: Specify security solutions based on knowledge of principles, procedures, and tools of data management, such as modeling techniques, data backup, data recovery, data directories, data warehousing, data mining, data disposal, and data standardization processes.
Step 1: Describe Your Mobile Application Architecture
In your role as a cyber threat analyst, senior management has entrusted you to identify how a particular mobile application of your choosing conforms to mobile architecture standards. You are asked to:
Describe by the application, , data transmission media, interaction with hardware components, and other applications.
Identify the needs and requirements for application security, computing security, and device management and security.
Describe the operational environment and use cases.
Identify the operating system security and enclave/computing environment security concerns, if there are any.
This can be fictional or modeled after a real-world application. This will be part of your final report. Click the following links and review the topics and their resources. These resources will guide you in completing this task:
network security threats
threat modeling
mobile architectures
application security
operating system security
enclave/computing environment
Begin by first reviewing the OWASP Mobile Security Project Testing Guide.
Architecture Considerations
Although mobile applications vary in function, they can be described in general as follows:
wireless interfaces
transmission type
hardware interaction
interaction with on device applications/services
interaction with off device applications/services
encryption protocols
platforms
In Section 1 of your research report, you will focus your discussion on the security threats, vulnerabilities, and mitigations of the above considerations.
The following resources will continue to educate your management about mobile devices and mobile application security: mobile platform security, mobile protocols and security, mobile security vulnerabilities, and related technologies and their security. Related technologies can include the hardware and software needed to interoperate with mobile devices and mobile applications.
Include an overview of these topics in your report.
Use Mobile Application and Architecture Considerations to review the architectural considerations for mobile applications and architecture. Then, include those that are relevant to your mobile application in your report to senior management. Address the following questions:
What is the design of the architecture (network infrastructure, web services, trust boundaries, third-party APIs, etc.)?
What are the common hardware components?
What are the authentication specifics?
What should or shouldn’t the app do?
You will include this information in your report.
When you have completed the work for Section 1, describing the architecture for your app, move on to the next step, where you will define the requirements for the app.
Step 2: Define the Requirements for Your Mobile Application
In the previous step, you described your apps architecture. In Step 2, you will define what purpose the mobile app serves from a business perspective and what data the app will store, transmit, and receive. Include a data flow diagram to showing exactly how data are handled and managed by the application. You can use fictional information or model it after a real-world application. Here are some questions to consider as you define your requirements:
What is the business function of the app?
What data does the application store/process? (provide data flow diagram)
This diagram should outline network, device file system, and application data flows
How are data transmitted between third-party APIs and app(s)?
Will there be remote access and connectivity? Read this resource about mobile VPN security, and include any of these security issues in your report.
Are there between different mobile platforms? (iOS/Android/Windows/J2ME)
Does the app use cloud storage APIs (e.g., Dropbox, Google Drive, iCloud, Lookout) for device data backups?
Does personal data intermingle with corporate data?
Is there specific business logic built into the app to process data?
What does the data give you (or an attacker) access to? Think about data at rest and data in motion as they relate to your app.
Do stored credentials provide authentication?
Do stored keys allow attackers to break crypto functions (data integrity)?
Are third-party data being stored and/or transmitted?
What are the privacy requirements of user data? Consider, for example, a unique device identifier (UDID) or geolocation being transmitted to a third party.
Are there user privacy-specific regulatory requirements to meet?
How do other data on the device affect the app? Consider, for example, authentication credentials shared between apps.
Compare between jailbroken (i.e., a device with hacked or bypassed digital rights software) and nonjailbroken devices.
How do the differences affect app data? This can also relate to threat agent identification.
In this step, you defined the apps requirements. Move to the next step, where you will identify any threats to the apps operation.
Step 3: Identify Threats and Threat Agents
Now that you have identified the mobile apps requirements, you will define its threats.
In Section 3 of the report, you will:
Identify possible threats to the mobile application
Identify the threat agents
Outline the process for defining what threats apply to your mobile application
Review this threat agent identification example resource.
Review this list of threat agents.
After you have identified threats and threat agents, move to the next step, where you will consider the ways an attacker might reach your apps data.
Step 4: Identify Methods of Attack
In the previous step, you identified threat agents. In this step and in Section 4 of the report, you will identify different methods an attacker can use to reach the data. These data can be sensitive information to the device or something sensitive to the app itself.
Read these resources on cyberattacks.
Provide senior management an understanding of the possible methods of attack of your app.
When you have identified the attack methods, move to the next step, where you will analyze threats to your app.
Step 6: Consider Controls
You have identified the methods of attack, and now you will discuss the controls to prevent attacks. Consider the following questions:
Note: Not all of the following may apply. You will address only the areas that apply to the application you have chosen.
What are the controls to prevent an attack? Conduct independent research and then define these controls by platform (e.g., Apple iOS, Android, Windows Mobile).
What are the controls to detect an attack? Define these controls by platform.
What are the controls to mitigate/minimize impact of an attack? Define these controls by platform.
What are the privacy controls (i.e., controls to protect users private information)? An example of this would be a security prompt for users to access an address book or geolocation.
Create a mapping of controls to each specific method of attack (defined in the previous step)
Create a level of assurance framework based on controls implemented. This would be subjective to a certain point, but it would be useful in guiding organizations that want to achieve a certain level of risk management based on the threats and vulnerabilities.
In the next step, you will complete work on the threat model.
Step 7: Complete Your Threat Model
You have just discussed the controls to prevent attacks. You have completed all the components of your report. Now, compile your findings and produce your Threat Model Report.
The following are the deliverables for this project:
Deliverables
Threat Model Report: An eight- to 10-page double-spaced Word document with citations in APA format. The report should include your findings and any recommendations for mitigating the threats found. The page count does not include figures, diagrams, tables, or citations.
Lab Report: A Word document sharing your lab experience along with screenshots.
Submit your Threat Model Report to the Assignments folder.
Check Your Evaluation Criteria
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.
1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation.
1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.
1.4: Tailor communications to the audience.
2.1: Identify and clearly explain the issue, question, or problem under critical consideration.
2.2: Locate and access sufficient information to investigate the issue or problem.
2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.
6.3: Specify security solutions based on knowledge of principles, procedures, and tools of data management, such as modeling techniques, data backup, data recovery, data directories, data warehousing, data mining, data disposal, and data standardization processes.
Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?
Whichever your reason is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.
Students barely have time to read. We got you! Have your literature essay or book review written without having the hassle of reading the book. You can get your literature paper custom-written for you by our literature specialists.
Do you struggle with finance? No need to torture yourself if finance is not your cup of tea. You can order your finance paper from our academic writing service and get 100% original work from competent finance experts.
Computer science is a tough subject. Fortunately, our computer science experts are up to the match. No need to stress and have sleepless nights. Our academic writers will tackle all your computer science assignments and deliver them on time. Let us handle all your python, java, ruby, JavaScript, php , C+ assignments!
While psychology may be an interesting subject, you may lack sufficient time to handle your assignments. Don’t despair; by using our academic writing service, you can be assured of perfect grades. Moreover, your grades will be consistent.
Engineering is quite a demanding subject. Students face a lot of pressure and barely have enough time to do what they love to do. Our academic writing service got you covered! Our engineering specialists follow the paper instructions and ensure timely delivery of the paper.
In the nursing course, you may have difficulties with literature reviews, annotated bibliographies, critical essays, and other assignments. Our nursing assignment writers will offer you professional nursing paper help at low prices.
Truth be told, sociology papers can be quite exhausting. Our academic writing service relieves you of fatigue, pressure, and stress. You can relax and have peace of mind as our academic writers handle your sociology assignment.
We take pride in having some of the best business writers in the industry. Our business writers have a lot of experience in the field. They are reliable, and you can be assured of a high-grade paper. They are able to handle business papers of any subject, length, deadline, and difficulty!
We boast of having some of the most experienced statistics experts in the industry. Our statistics experts have diverse skills, expertise, and knowledge to handle any kind of assignment. They have access to all kinds of software to get your assignment done.
Writing a law essay may prove to be an insurmountable obstacle, especially when you need to know the peculiarities of the legislative framework. Take advantage of our top-notch law specialists and get superb grades and 100% satisfaction.
We have highlighted some of the most popular subjects we handle above. Those are just a tip of the iceberg. We deal in all academic disciplines since our writers are as diverse. They have been drawn from across all disciplines, and orders are assigned to those writers believed to be the best in the field. In a nutshell, there is no task we cannot handle; all you need to do is place your order with us. As long as your instructions are clear, just trust we shall deliver irrespective of the discipline.
Our essay writers are graduates with bachelor's, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college degree. All our academic writers have a minimum of two years of academic writing. We have a stringent recruitment process to ensure that we get only the most competent essay writers in the industry. We also ensure that the writers are handsomely compensated for their value. The majority of our writers are native English speakers. As such, the fluency of language and grammar is impeccable.
There is a very low likelihood that you won’t like the paper.
Not at all. All papers are written from scratch. There is no way your tutor or instructor will realize that you did not write the paper yourself. In fact, we recommend using our assignment help services for consistent results.
We check all papers for plagiarism before we submit them. We use powerful plagiarism checking software such as SafeAssign, LopesWrite, and Turnitin. We also upload the plagiarism report so that you can review it. We understand that plagiarism is academic suicide. We would not take the risk of submitting plagiarized work and jeopardize your academic journey. Furthermore, we do not sell or use prewritten papers, and each paper is written from scratch.
You determine when you get the paper by setting the deadline when placing the order. All papers are delivered within the deadline. We are well aware that we operate in a time-sensitive industry. As such, we have laid out strategies to ensure that the client receives the paper on time and they never miss the deadline. We understand that papers that are submitted late have some points deducted. We do not want you to miss any points due to late submission. We work on beating deadlines by huge margins in order to ensure that you have ample time to review the paper before you submit it.
We have a privacy and confidentiality policy that guides our work. We NEVER share any customer information with third parties. Noone will ever know that you used our assignment help services. It’s only between you and us. We are bound by our policies to protect the customer’s identity and information. All your information, such as your names, phone number, email, order information, and so on, are protected. We have robust security systems that ensure that your data is protected. Hacking our systems is close to impossible, and it has never happened.
You fill all the paper instructions in the order form. Make sure you include all the helpful materials so that our academic writers can deliver the perfect paper. It will also help to eliminate unnecessary revisions.
Proceed to pay for the paper so that it can be assigned to one of our expert academic writers. The paper subject is matched with the writer’s area of specialization.
You communicate with the writer and know about the progress of the paper. The client can ask the writer for drafts of the paper. The client can upload extra material and include additional instructions from the lecturer. Receive a paper.
The paper is sent to your email and uploaded to your personal account. You also get a plagiarism report attached to your paper.
GET A PERFECT SCORE!!! 
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more