From 05fe6c6a26930ed0c733657b31388ea81e263a7e Mon Sep 17 00:00:00 2001
From: Michael Chen <michael.chen@tuhh.de>
Date: Tue, 10 May 2022 11:00:04 +0200
Subject: [PATCH] =?UTF-8?q?Added=20writeup=20for=20lab=202=20(collaborativ?=
 =?UTF-8?q?e=20with=20M=C3=A1rk)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Exercise/Writeup/lab02.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 Exercise/Writeup/lab02.md

diff --git a/Exercise/Writeup/lab02.md b/Exercise/Writeup/lab02.md
new file mode 100644
index 0000000..f2c64e9
--- /dev/null
+++ b/Exercise/Writeup/lab02.md
@@ -0,0 +1,28 @@
+# Lab 2: Secure Software Design
+
+[WriteMd](https://writemd.rz.tuhh.de/876-Mxb3SeupKelDQ7eTvA?view)
+
+## Security Requirements
+
+Security Pattern [Catalog](https://people.cs.kuleuven.be/~koen.yskout/icse15/catalog.pdf).
+
+### Security Requirement Analysis
+
+| Task | Title | Pattern idea | Tactics |
+| - | -------- | -------- | -------- |
+| A | Enforce Password Policy, Single sign-on, Strong Authentication, Smart Cards | Credential Tokenizer, Single Sign-on, (Single Access Point) | Authenticate Users, Limit Exposure |
+| B | User data disclosure and write protection | Encrypted Storage |
+| C | Isolation of critical and non-critical domains | Server Sandbox, (DMZ) |
+| D | Do not require login on every transaction | Session, Load Balancing (-> JWT) |
+| E | Bank Clerk Operation Tracking | Secure Logger |
+| F | Bank Account Information Privacy, Transaction Authorization | MFA, Fraud Detection |
+| G | Mobile Device Communication Security | PKI, Public-Private Key Encryption -> Secure Pipe |
+
+## Security Tactics
+
+Possible exam question: Name the differences between patterns and tactics and name a few of each category.
+
+*aka. goals*
+
+## Security Patterns
+*e. g. SSO, MFA, OTP*