Activity 4: Secure Software
In this assignment, you are designing a new software-based system from a security-first perspective. You won’t be writing full production code—instead, your focus will be on the secure design of the system. You will identify potential threats, outline system components, and propose security controls to reduce risk. Your final deliverable will include a design document and a threat model.
Pick one of the following hypothetical systems to design securely:
- A web-based student gradebook and course management tool.
- A mobile health tracking app for patients and doctors.
- A smart home control hub (IoT-based).
- A digital voting system.
- A peer-to-peer file sharing platform.
Assignment Requirements
System Overview
- Describe the system, its users, features, and environment.
- Identify the technologies and platforms involved.
- Optional (worth 2 extra credit points): You can include diagrams if applicable (e.g., data flow diagram or architecture diagram) if you are comfortable with these.
- What are your tangibles? What are your intangibles?
- What are some risks?
- What is the likelihood of threats occuring?
- What is a possible reporting policy or risk assessment policy you could implement for your system?
- Identify potential threats using STRIDE or another model.
- Identify assets, entry points, trust boundaries, and potential attackers.
- Include a table of these threats with mitigation strategies.
Explain how your design incorporates at least 4 secure design principles such as:
- Least privilege
- Fail-safe defaults
- Defense in depth
- Secure by design
- Open design
- Separation of duties
Detail at least 3 technical or policy-based security controls:
- Examples: Input validation, secure authentication, logging and monitoring, secure APIs, encryption, secure key management, rate limiting.
- What trade-offs did you have to make?
- What was most challenging?
- What risks remain, and how might you reduce them further?
This can be written in any format, but needs to be submitted via Kit.