TUHH/secure-software-engineering
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added session 2 writeup for lab 1 (collaborative with Márk)

Browse Source
This commit is contained in:
Michael Chen 2022-05-03 11:04:01 +02:00
parent ff46ca5eeb
commit ecc555f4f4
No known key found for this signature in database
GPG Key ID: 1CBC7AA5671437BB
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Exercise/Writeup/MisuseCase.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

19
Exercise/Writeup/lab01.md
View File

@ -25,6 +25,13 @@ User | Use voice chat | Communicate with other users
User | Fast travel | Quickly get to another location in the virtual space
User | Give another user an item | Sell/Gift assets
> As a 'Metaverse user',
> I want to add/remove friends (from/to my virtual friend list)
> So I can keep track of their activites
**Integrity** => Befriending strangers => disclosing personal information to strangers (HARM)
**ACTION** => Unauthorized access (edit) to FList
## Assets
- User identity
- User belongings
@ -33,6 +40,12 @@ User | Give another user an item | Sell/Gift assets
- Voice data
### Harm analysis
> "What **HARM** could come to [asset] from an [action] violating a [concern]?"
> assets from User Stories
> actions yield Avoid goals
> concerns from CIA+ principles
Action | Asset | Harm
-- | -- | --
Steal user credentials | User identity | User information compromised, belongings stolen
@ -41,5 +54,9 @@ Unmute user microphone without consent | Voice data | User privacy compromise
### *'Achieve'* goals
- Always use multi-factor authentication for users
-
## Use Cases
Produced using [Lucidchart](https://lucid.app/lucidchart/daccac87-861b-46f9-a0f1-5d13ae90bc02/edit?invitationId=inv_6aea8472-a917-4a59-ad01-afd8f3ca40e5).
![Use Case / Misuse Case diagram](MisuseCase.svg)