User Account

All Pages

Mobile application security project

Assignment Help Computer Network Security
Reference no: EM131849363

Project: Mobile Application Threat Modeling

You are a cyber threat analyst at a mobile applications company. One morning, your supervisor, Dan, tells you about a mobile application security project that is already underway, but needs more guidance. Because of your success on previous projects, he wants your help. Your expertise and oversight will enable the mobile app team to meet its approaching deadline. "Mobile applications and their security are on the technology roadmap for our organization. Of course, this means we need to be well-informed of mobile application security management.", Dan says. "Without the proper threat modeling, leadership can't be sure of the issues that lie ahead.

I want you to oversee the project and manage the team." Dan says, "We'd also like you to contribute to this project by preparing a report for senior management. The report should include threat models to this technology as well as remediation for management to consider.

The report should give senior management a greater understanding of mobile application security and its implementation. Your report should consist of the following sections-- mobile application architecture, mobile data, threat agent identification, methods of attack, and possible controls.

The goal is to convince senior managers that your proposals will benefit the company. If you succeed, leadership will move forward with its plan for mobile applications. The report is due in two weeks."

Step 1. Decribe Your Mobile Application Architecture

In your role as a cyber threat analyst, you will identify for senior management how a particular mobile application of your choosing conforms to mobile architectures where you are asked to describe device-specific features used by the application, wireless transmission protocols, data transmission mediums, interaction with hardware components, and other applications. You will identify the needs and requirements for application security, computing security, and device management and security. You will describe the operational environment and use cases, and identify the operating system security and enclave/computing environment security concerns, if there are any. This can be fictional or modeled after a real-world application. Be sure to use APA citation format. This will be part of your final report.

To guide you in your completion of this task, and review the topics and their resources:
- network security threats
- threat modeling
- mobile architectures
- application security
- operating system security
- enclave/computing environment

Architecture Considerations
Although mobile applications vary in function, they can be described in general as follows:
- wireless interfaces
- transmission type
- hardware interaction
- interaction with on device applications/services
- interaction with off device applications/services
- encryption protocols
- platforms

In Section 1 of your research report, you are to address a number of questions as they apply to your selected mobile application. You will focus your discussion on the security threats, vulnerabilities, and mitigations of the above considerations.

The following resources will continue to educate your management about mobile devices and mobile application security: mobile platform security, mobile protocols and security, mobile security vulnerabilities, and related technologies and their security. Related technologies can include hardware and software that are needed to interoperate with mobile devices and mobile applications. Include an overview of these topics in your report.

Use Mobile Application and Architecture Considerations to review the architecture considerations for mobile applications and architecture. Then, in your report to senior management, include those that are relevant to your mobile application. Address the following questions:

1. What is the design of the architecture (network infrastructure, web services, trust boundaries, third-party APIs, etc.)?

2. What are the common hardware components?

3. What are the authentication specifics?

4. What should or shouldn't the app do?

You will include this information in your report.

When you have completed the work for Section 1, describing the architecture for your app, move on to the next step, where you will define the requirements for the app.

Step 2: Define the Requirements for Your Mobile Application

In the previous step, you described your app's architecture. For Step 2 and in the second section of your report, you will define what purpose the mobile app serves from a business perspective and what data the app will store, transmit, and receive. It's also important to include a data flow diagram to determine exactly how data is handled and managed by the application. You can use fictional information or model it after a real-world application. Here are some questions to consider as you define your requirements:
- What is the business function of the app?
- What data does the application store/process (provide data flow diagram)?
o This diagram should outline network, device file system, and application data flows
o How is data transmitted between third-party APIs and app(s)?
o Will there be remote access and connectivity? Read this resource about mobile VPN security, and include any of these security issues in your report.
o Are there different data-handling requirements between different mobile platforms? (iOS/Android/Blackberry/Windows/J2ME)
o Does the app use cloud storage APIs (e.g., Dropbox, Google Drive, iCloud, Lookout) for device data backups?
o Does personal data intermingle with corporate data?
o Is there specific business logic built into the app to process data?
- What does the data give you (or an attacker) access to? Think about data at restand data in motion as they relate to your app. Do stored credentials provide authentication? Do stored keys allow attackers to break crypto functions (data integrity)?
- Third-party data: Is it being stored and/or transmitted? What are the privacy requirements of user data? Consider, for example, a unique device identifier (UDID) or geolocation being transmitted to a third party. Are there regulatory requirements to meet specific-to-user privacy?
- How does other data on the device affect the app? Consider, for example, authentication credentials shared between apps.
- Compare the impacts of jailbroken devices (i.e., a device with hacked or bypassed digital rights software) and non-jailbroken devices. How does the differences affect app data? This can also relate to threat agent identification.

When you have defined the requirements, move to the next step, where you will identify any threats to the app's operation.

Step 3: Identify Threats and Threat Agents

Now that you have identified the mobile app's requirements, you will define its threats. In Section 3 of the report, you will identify possible threats to the mobile application and also identify the threat agents. Additionally, you will outline the process for defining what threats apply to your mobile application.

After you've identified threats and threat agents, move to the next step, where you will consider the kinds of ways an attacker might use to reach your app's data.

Step 4: Identify Methods of Attack

In the previous step, you identified threat agents. In this step and in Section 4 of the report, you will identify different methods an attacker can use to reach the data. This data can be sensitive information to the device or something sensitive to the app itself. Read these resources on cyberattacks and provide senior management with an understanding of the possible methods of attack of your app.
When you have identified the attack methods, move to the next step, where you will analyze threats to your app.

Step 5: Analyze Mobile Application Threats

You just learned to identify threats and methods of attacks on mobile applications. Now, apply what you have learned by analyzing sample threats using tools in the lab. Identify threat agents and ways they may try to attack your mobile application. Review any previous resource that might help you.

Step 6: Controls

You've just identified the methods of attack, and now you will discuss the controls to prevent attacks. Consider the following questions:
Note: Not all of the following may apply. You will need to address only the areas that apply to the application you have chosen.
- What are the controls to prevent an attack? Conduct independent research, then define these controls by platform (e.g., Apple iOS, Android, Windows Mobile, BlackBerry).
- What are the controls to detect an attack? Define these controls by platform.
- What are the controls to mitigate/minimize impact of an attack? Define these controls by platform.
- What are the privacy controls (i.e., controls to protect users' private information)? An example of this would be a security prompt for users to access an address book or geolocation.
- Create a mapping of controls to each specific method of attack (defined in the previous step)
o Create a level of assurance framework based on controls implemented. This would be subjective to a certain point, but it would be useful in guiding organizations who want to achieve a certain level of risk management based on the threats and vulnerabilities

Step 7: Complete Your Threat Model

You've just discussed the controls to prevent attacks. By now you should have completed all the components of your report. Now, you will compile all your findings and produce your threat model.

When you have completed the Workspace exercise, provide a 8-10 page double-spaced Word document including your findings and any recommendations for mitigating the threats found with citations in APA format. The page count does not include figures, diagrams, tables or citations.

Attachment:- Project.rar

Verified Expert

This report helps to understand that threat landscape is totally different for the mobile applications compared with the server or client applications because of the compact size and multiple dimensions. The difference is created because the mobile applications access on some specific data types that is never available on the web applications like the call history, contact lists, Sms logs, geo locations and many more, because of this differences as well as for the more sensitive features the data gets exposures. This report further focuses on the Architecture for the mobile application, as well as will define what the needs of the mobile application are. The report also identifies and explains threats of the mobile application and the threat agents, along with the various methods for the attack.

Reference no: EM131849363

Questions Cloud

What does the comparison of the way we treated france : What does the comparison of the way we treated France after the Napoleonic wars and Germany after World War I suggest for the treatment
Brown corporation operates several trades and businesses : Brown Corporation operates several trades and businesses. what are the tax issues for Brown Corporation and its shareholders?
Change the voters perceptions about the bureaucracy : What would ou do to change either the size o government or to change the voters' perceptions about the bureaucracy?
Discuss the progress iran is making in their attempt : Discuss the progress Iran is making in their attempt to implement a democratic election process. Next, speculate on two challenges you believe Iran will face in
Mobile application security project : CST620 You are a cyber threat analyst at a mobile applications company. One morning, your supervisor, Dan, tells you about a mobile application security project
Calculate realized rate of return earned on this bond : Calculate the realized rate of return (annualized) earned on this bond.
Negotiate textile quotas : Congress would not give President Bush the ability to negotiate textile quotas with two allies crucial to the fight against terrorism. Which countries were they
How would you assess reliability-validity and utility : Imagine that you could design a psychological test of your own. In your post, describe what you would measure and why. Be sure to include the practical need.
How can they manifest themselves in a jury room : What are some challenges that attorneys face in seating a jury? How can they manifest themselves in a jury room?

Reviews

inf1849363

4/3/2018 4:49:57 AM

27364525_1EM20842ROD29CNS_Updated Solution.docx This document has no grammar mistake from start to finish the document do not make sense. It is nicely written to be professionally done. Where is the quality control who suppose to have proof read this document. Professional language needs is used throughout the document. good job

inf1849363

4/3/2018 4:48:41 AM

This is lab 3 submission guidance. Let me know if there anything more you need. 27364513_1Lab 3 Submission Guidance 4.docx Please be sure that the project is very technical and detail. It is essential. This document is really good. i am sending you another file....make below mentioned changes in them please I highlighted the most trouble areas. Yellow highlight mean that it needs to be in paragraph form. Red means the sentences needs clarity and more information and complete sentences. Green mean the sentences does not make sense and need more information in the paragraphs. Pink mean give examples on how it works or pertains to the document instructions. Light blue mean it needs to be in paragraph form and written in complete sentences. i want bullets points. Correct sentences structure. Provide more technical data. 27364540_1MOBILE APPLICATION THREAT MODELING .docx

inf1849363

4/3/2018 4:46:30 AM

Requirements are clear from the file sent by me please tell expert to send some clear requirements in case this is the original file please highlight my requirements in the same file Here is the clear requirements in case file. 27364571_1Project 3-Threat Model Template 4.docx More information for EM2842ROD29CNS. 27364549_1Data at Rest.docx 27364549_2ListingofThreatAgents-ByCategory.pdf 27364549_3nistspecialpublication800-77.pdf 27364560_1nistspecialpublication800-113.pdf 27364560_3ThreatAgentIdentificationExample.pdf Here are the screen-shot for the lab. HTTP_Pcap NO. (Packet)1,3,12 Hotspot_Cpap No. (Packet) 1,3,9 Telephone_Pcap No. (1,5,8) 27364580_1HTTP PCAP screen shots.zip 27364594_2Hot spot pcap.zip 27364594_3Telephone Pcap.zip Here are the screen-shot for the lab. These labs are the ones to use for the project

len1849363

2/5/2018 4:56:45 AM

When you have completed the Workspace exercise, provide a 8-10 page double-spaced Word document including your findings and any recommendations for mitigating the threats found with citations in APA format. The page count does not include figures, diagrams, tables or citations. Submit your threat model report to the Assignments folder.

len1849363

2/5/2018 4:56:21 AM

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work. • 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment. • 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation. • 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. • 1.4: Tailor communications to the audience. • 2.1: Identify and clearly explain the issue, question, problem under consideration. • 2.2: Locate and access sufficient information to investigate the issue or problem. • 2.5: Develop well-reasoned ideas, conclusions, checking against relevant criteria. • 6.3: Specify security solutions based on knowledge of principles, procedures, & tools of data mgmt, such as modeling techniques, data backup, data recovery, data directories, data warehousing, data mining, data disposal, & data standardization processes.

Write a Review

Computer Network Security Questions & Answers

  Description of the task the pseudo-code

Create a Word document. The document should contain: a brief description of the task the pseudo-code associated with the task. Create a Visual Logic file to execute each of the tasks

  Describe the purpose of a ddos attack

Describe the purpose of a DDoS attack. How is a DDoS attack configured. How can DDoS attacks be detected and prevented. Research the internet for a DDoS attack. Describe the events.

  The 2 main types of communications media used for network

the 2 main types of communications media used for network connections are wired connections and wireless connections.

  Why it important that companies implement security policies

Why is it important that companies implement security policies? Should be three pages, follow APA formatting guidelines, and include an abstract and conclusion.

  Explain what you learned about security from the video

Explain what you learned about security from the video and why you selected this particular video. Would you recommend this video to others? You should include any key points or issues raised.

  What type of access controls are probably configured

If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured?

  Discuss symmetric and asymmetric key encryption

A short introduction to SSH, explaining why it is the preferredway of logging into a remotemachine-this explanation will need to discuss symmetric and asymmetric key encryption.

  Discuss the items that you would place in such a plan

Research and discuss the items that you would place in such a plan, and justify your reasoning for the items that you have decided to include.

  Explain the advantages and disadvantages of using wi-fi

The guide should briefly explain the advantages and disadvantages of using Wi-Fi, and provide some guidelines as to when Wi-Fi is an appropriate solution.

  Create an outline on cyber security

Based on your selected topic on computer related crime, forensics or cyber security create an outline Term Paper #2 and an outline of the subtopics in the term paper.

  Focuses on a model of implementing security in layers

assignment focuses on a model of implementing security in layers which in many cases requires a network that is designed accordingly

  Information security system in australia

Would the company need the certification and accreditation of its information security system in the countries of satellite campuses as well?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd