Added writeup for lab 2 (collaborative with Márk)
This commit is contained in:
parent
ee926b889e
commit
05fe6c6a26
28
Exercise/Writeup/lab02.md
Normal file
28
Exercise/Writeup/lab02.md
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
# Lab 2: Secure Software Design
|
||||||
|
|
||||||
|
[WriteMd](https://writemd.rz.tuhh.de/876-Mxb3SeupKelDQ7eTvA?view)
|
||||||
|
|
||||||
|
## Security Requirements
|
||||||
|
|
||||||
|
Security Pattern [Catalog](https://people.cs.kuleuven.be/~koen.yskout/icse15/catalog.pdf).
|
||||||
|
|
||||||
|
### Security Requirement Analysis
|
||||||
|
|
||||||
|
| Task | Title | Pattern idea | Tactics |
|
||||||
|
| - | -------- | -------- | -------- |
|
||||||
|
| A | Enforce Password Policy, Single sign-on, Strong Authentication, Smart Cards | Credential Tokenizer, Single Sign-on, (Single Access Point) | Authenticate Users, Limit Exposure |
|
||||||
|
| B | User data disclosure and write protection | Encrypted Storage |
|
||||||
|
| C | Isolation of critical and non-critical domains | Server Sandbox, (DMZ) |
|
||||||
|
| D | Do not require login on every transaction | Session, Load Balancing (-> JWT) |
|
||||||
|
| E | Bank Clerk Operation Tracking | Secure Logger |
|
||||||
|
| F | Bank Account Information Privacy, Transaction Authorization | MFA, Fraud Detection |
|
||||||
|
| G | Mobile Device Communication Security | PKI, Public-Private Key Encryption -> Secure Pipe |
|
||||||
|
|
||||||
|
## Security Tactics
|
||||||
|
|
||||||
|
Possible exam question: Name the differences between patterns and tactics and name a few of each category.
|
||||||
|
|
||||||
|
*aka. goals*
|
||||||
|
|
||||||
|
## Security Patterns
|
||||||
|
*e. g. SSO, MFA, OTP*
|
Loading…
Reference in New Issue
Block a user