AS Lab 1 - Threat Modeling

:::success # AS Lab 1 - Threat Modeling **Author: Ivan Okhotnikov** ::: :::info ### **Intro** In this assignment, you will perform threat modeling for an example application. There is a company that wants to implement a youtube-like application. At this stage they are designing the system and ask you for a security consulting. They want to know what potential issues they may have and how to mitigate them. ::: Through all the information described in the task, I have compiled one of the possible schemes of my application. On it you can see how information is exchanged between all the servers and services of the application. I also found it necessary to add the S3P service to check access rights to content (it checks the user's authorization by accessing the backend server, for security, to find out if there is access for the user to the requested content inside the project page, if there is, it issues content, if not, it issues a 403 error). And I also decided to divide the application server into separate servers: one for the frontend, and the other for the backend. This solution is provided with an understanding of the basic security of the system. <center> ![](https://i.imgur.com/K2Rf13v.png) Figure 1 - General Scheme </center> The table below shows all the external dependencies, according to them you can see in detail the relationship between all the servers and services of the system. <center> ![](https://i.imgur.com/RX7Ovja.png) Figure 2 - Table of External Dependencies </center> [Table of External Dependencies](https://docs.google.com/spreadsheets/d/1nqIf3273XaAUGwXDZpDcSID9PdryDriWBPlpFhT8OqE/edit?usp=sharing) ## 1. Decompose the application :::info 1. Describe entry points, assets and trust levels in form of tables ::: In this step, I have identified all the Entry points of the application. Since the entire internal system works exclusively within a single local network, the table shows those elements that can only be accessed via the HTTPS port, however, I consider this doubtful, since communication is established via the secure TLS protocol. [Table of Entry points](https://docs.google.com/spreadsheets/d/1-_Ohx3WMFGTeyTkaSXyD9H2HhyYz2WIf8nj7VfUgDv8/edit?usp=sharing) After that, I determined all the trust levels of my application. I found it necessary to add an account of a junior devops engineer to test and develop new functionality in a test environment. Also, all users/processes affecting other services in any way are fully described in the table. [Table of Trust levels](https://docs.google.com/spreadsheets/d/1i3O1PapWrkrD1CNDsJv9nvku9sYrbiYOy1BLnOW7DWo/edit?usp=sharing) I have created a separate page to identify the resources. It describes all the features of each of the trust levels and application resources that are interesting for an attacker. [Table of Assets](https://docs.google.com/spreadsheets/d/139tDXK_tTt6qcdaGw3wbycz4r012CGyUukq6WeNfQCE/edit?usp=sharing) :::info 2. Select at least 3 use cases that you think are the most interesting and prepare Data Flow Diagrams (DFD) for them. ::: The first case describes the use of jwt token technology when the user wants to log in to the system. To do this, he sends his data through the login form, where they go through the verification process (data is taken from the "Users" repository) and the web token registration process. Then, depending on the outcome, the user either receives an error response, or his personal json web token is issued. <center> ![](https://i.imgur.com/NVe92WI.png) Figure 3 - Data Flow Diagram for 1st use case </center> The following use case is a video search process. In it, the user sends a request through a search form, then the "find video" process takes place, within which a search takes place by keywords, language, duration and date of publication (if there is a neural network, a search by video content is possible), the appeal takes place directly to the video storage. And then, depending on the results, the user will either be shown a list of videos satisfying his request, or an empty web page will be displayed. <center> ![](https://i.imgur.com/IIWjjV5.png) Figure 4 - Data Flow Diagram for 2st use case </center> Here is the process of checking the video before downloading it. It is displayed in sufficient detail, however, after receiving the user's request by accessing the download form, the video file is sent to the download server, where a task is created for the handler queue. After that, the queue handler itself creates tasks for analyzing the audio track and video track in accordance with the current video publishing rules (to search for copyright infringing content). Based on the results of the check, we receive a video file that is allowed to be published. <center> ![](https://i.imgur.com/pF3r4Pe.png) Figure 5 - Data Flow Diagram for 3rd use case </center> ## 2. Determine threats :::info Your task is to apply STRIDE for each asset in the application and come up with a summary table ::: Now I have to analyze possible threats, calculate their criticality, and also describe the vulnerabilities in my system that can be detected, and decide what countermeasures I can take to prevent threats. The attacker cannot get some assets because he does not have access to the internal network. It can manipulate, for example, a queue from the backend server, but it cannot manage all queues. Similar and other cases are described in detail in the table below. [Table for Threats Model](https://docs.google.com/spreadsheets/d/1RNU6Y95G09gBNqbNaFDErfE40Jl37TzWvfjLttGtIbw/edit?usp=sharing) ## References: 1. [JWT](https://jwt.io/) 2. [OWASP: Threat Modeling Process](https://owasp.org/www-community/Threat_Modeling_Process#trust-levels)