Blog

Study Case: “GreenThumb Agricultural IoT Network” GreenThumb Solutions provides an innovative IoT-based platform for precision agriculture, designed to help farmers optimize crop yields and resource usage. The system comprises a network of wireless sensors deployed across fields, which continuously monitor soil moisture, nutrient levels, ambient temperature, and humidity. These sensors transmit data wirelessly to a central farm gateway, which then uploads the aggregated information to a cloud-based analytics platform. Farmers access this data and receive actionable insights via a web portal and a mobile application. The platform also features automated irrigation controls, enabling farmers to remotely activate or schedule watering based on sensor data and predefined crop requirements. Farmers can set custom thresholds and receive alerts if conditions deviate. The system aims to minimize water waste and optimize fertilizer application, leading to more sustainable farming practices. Each farmer’s data is siloed and accessible only via their unique, password-protected account. The mobile app connects over HTTPS, and data is encrypted in transit and at rest on the cloud servers. GreenThumb prides itself on its robust and reliable service, acknowledging that continuous operation and accurate data are critical for crop health and farmer livelihoods. The system provides basic anomaly detection for sensor readings (e.g., sudden, impossible drops in temperature) and logs all control commands sent to the irrigation system. While generally reliable, the remote nature of the sensors means they are exposed to the elements and potential physical access. Given User Story: As a GreenThumb farmer, I want to view the real-time soil moisture levels in my cornfield, so that I can decide if my crops need immediate irrigation. Task: Based on the Study Case: Acme University’s Digital Course Hub, and the given User Story, you are to formulate two new stories: A) Evil User Story (10 points): Craft one “Evil User Story” that describes a malicious actor’s goal from their perspective, leveraging a potential vulnerability or feature misuse identified within the study case. Your evil user story should follow the standard evil story format. B) Security Story (10 points): Based on the “Evil User Story” you created in Part A, formulate one corresponding “Security Story.” This story should describe a security control or feature designed to mitigate the threat outlined in your evil user story. Your security story should also follow a security story-like format.   Rubric A) Evil User Story (10 points) Criteria Excellent (10 points) Good (4-9 points) Needs Improvement (0-3 points) Format Adherence (4 points) The story perfectly adheres to the standard evil user story format. The story largely adheres to the format with minor deviations (e.g., slight rephrasing of components) that do not impede understanding. The story significantly deviates from the required format, making it difficult to recognize as an evil user story, or is missing key components. Relevance & Inferred Vulnerability (6 points) The evil user story leverages a potential vulnerability or feature misuse directly inferable from the study case (e.g., leaderboard, data sharing, sensitive data, 2FA for critical actions, third-party provider). The malicious outcome is plausible and well-defined. The evil user story is relevant to the case study, but the vulnerability/feature misuse might be less distinct or the malicious outcome less impactful than optimal. It still shows an attempt to infer from the text. The evil user story is generic, does not link to the study case, or the “vulnerability” is not inferable from the provided text. The malicious outcome is vague, illogical, or entirely disconnected from the scenario.    Rubric B) Security Story (10 points) Criteria Excellent (10 points) Good (4-9 points) Needs Improvement (0-3 points) Format Adherence (4 points) The Story perfectly adheres to the standard security story-like format. The story largely adheres to the format with minor deviations (e.g., slight rephrasing of components) that do not impede understanding. The story significantly deviates from the required format, making it difficult to recognize as a security story, or is missing key components. Relevance & Inferred Vulnerability (6 points) The security story directly and effectively mitigates the specific threat outlined in the student’s Evil User Story from Part A. The proposed security control/feature is a logical and inferable extension of security considerations mentioned in the case study (e.g., related to existing security, data privacy, and user control). The security story aims to mitigate the threat from Part A, but the mitigation might be slightly less direct, comprehensive, or the connection to existing security considerations in the case study is weaker, but still present. It demonstrates an attempt to assess the study case’s security posture. The security story does not mitigate the threat from Part A, or the proposed control is irrelevant/generic. It shows no apparent connection or logical extension from the security considerations discussed in the case study.

LearnSphere is an online learning platform used by universities and training institutions to deliver virtual classes, quizzes, and certifications. Students sign in with their email and password to access course materials, participate in forums, take quizzes, and download certificates upon completion. Key features include: User registration and authentication via a custom login system (not federated). Quiz engine that tracks student scores and triggers automated certificate generation. Instructor dashboard for uploading content and viewing student performance. Certificates are generated as PDFs containing the user’s name and course title, with a QR code that links to a public certificate validation page. The system is hosted on a cloud platform and communicates via a REST API. Recently, a student discovered that: The certificate validation page exposes a sequential certificate ID in the URL. By incrementing the ID, anyone can access the PDFs of other users’ certificates. By modifying API requests, a user can submit fake quiz results without taking the quiz, triggering certificate generation. The system lacks logging for certificate downloads or quiz submission sources.   Task: Using the STRIDE threat modeling methodology, answer the following: A. Threat Enumeration (20 points): Enumerate one specific threat present in this scenario. Your answer should adhere to the structured format for threat statements introduced during class discussions and exercises.   B. STRIDE Classification (10 points): Identify the STRIDE threat class that best corresponds to the threat you described in (A). Briefly justify your answer (maximum length 1 paragraph).   Rubric Task A: Threat Enumeration (20 points) Criteria Excellent (20 points) Good (15-19 points) Developing (10-14 points) Needs Improvement (0-9 points) Structured Format (10 points) The threat statement perfectly adheres to the required structured format. The threat statement largely adheres to the structured format, with minor omissions or slight deviations that do not impede clarity. The threat statement attempts a structured format but has significant deviations or missing components, which impact clarity. The threat statement does not use the structured format, or the attempt is so poor that it renders the statement incomprehensible as a structured threat. Specificity and Accuracy of Threat (10 points) The enumerated threat is particular, directly derived from the scenario, and accurately describes a distinct security concern. The enumerated threat is specific and generally accurate, but may lack a minor detail or have a slight misinterpretation of the scenario. The enumerated threat is too broad, partially inaccurate, or only vaguely related to the scenario. The enumerated threat is incorrect, irrelevant, or absent. Task B: STRIDE Classification & Justification (10 points) Criteria Excellent (10 points) Good (7-9 points) Developing (4-6 points) Needs Improvement (0-3 points) Correct STRIDE Classification (5 points) Accurately identifies the primary STRIDE threat class that best fits the enumerated threat from Task A. Identifies a plausible STRIDE threat class, but it might not be the absolute best fit, or there’s a minor nuance missed. Identifies an incorrect STRIDE threat class, but it shows some understanding of STRIDE concepts. Identifies a completely incorrect STRIDE threat class, or no classification is provided. Clear and Concise Justification (5 points) Provides a clear, logical, and concise justification (within one paragraph) that directly explains why the chosen STRIDE class applies to the specific threat identified in Task A, referencing elements from the scenario. Justification is within length limits. Provides a generally clear justification (within one paragraph) that explains the classification, though it might be slightly less precise or comprehensive. Justification is within length limits, or slightly over (no penalty if over by max 1-2 sentences). The justification is weak, contains irrelevant information, or does not connect the STRIDE class to the specific threat. It may significantly exceed the length limit. (If length is the only issue, max -2 points deduction applied here.) The justification is absent, incoherent, contradicts the classification, or shows a fundamental misunderstanding of the STRIDE model about the scenario. If the justification exceeds the limit significantly and the content is also poor, it has a substantial impact on the score.

A smart thermostat system allows users to control temperatures through a mobile app. During threat modeling, the team discovers that the system accepts firmware updates via unauthenticated HTTP requests. Which STRIDE threat category does this most clearly represent?

A small independent coffee shop, The Daily Grind, has recently deployed a cloud-based customer loyalty program. Customers register via a tablet at the counter, providing their name, email address, and preferred drink. Each purchase earns loyalty points, which are recorded in a cloud-hosted database managed by a third-party vendor. When a customer reaches a certain number of points, the system automatically sends an email containing a unique QR code that can be redeemed at the counter for a free drink. Employees scan the QR code to validate the reward. The system aims to be efficient, improve customer retention, and simplify reward tracking. However, in a recent incident, a malicious actor gained unauthorized read-only access to the cloud database. The attacker could: View all customer names, email addresses, and purchase histories. Exploit a vulnerability in the QR code generation logic, allowing them to generate valid QR codes for free drinks without earning points. They could not alter or inject new data into the database. Task: Using the STRIDE threat modeling methodology, answer the following: A. Threat Enumeration (20 points): Enumerate one specific threat present in this scenario. Your answer should adhere to the structured format for threat statements introduced during class discussions and exercises.   B. STRIDE Classification (10 points): Identify the STRIDE threat class that best corresponds to the threat you described in (A). Briefly justify your answer (maximum length 1 paragraph). Rubric Task A: Threat Enumeration (20 points) Criteria Excellent (20 points) Good (15-19 points) Developing (10-14 points) Needs Improvement (0-9 points) Structured Format (10 points) The threat statement perfectly adheres to the required structured format. The threat statement largely adheres to the structured format, with minor omissions or slight deviations that do not impede clarity. The threat statement attempts a structured format but has significant deviations or missing components, which impact clarity. The threat statement does not use the structured format, or the attempt is so poor that it renders the statement incomprehensible as a structured threat. Specificity and Accuracy of Threat (10 points) The enumerated threat is particular, directly derived from the scenario, and accurately describes a distinct security concern. The enumerated threat is specific and generally accurate, but may lack a minor detail or have a slight misinterpretation of the scenario. The enumerated threat is too broad, partially inaccurate, or only vaguely related to the scenario. The enumerated threat is incorrect, irrelevant, or absent. Task B: STRIDE Classification & Justification (10 points) Criteria Excellent (10 points) Good (7-9 points) Developing (4-6 points) Needs Improvement (0-3 points) Correct STRIDE Classification (5 points) Accurately identifies the primary STRIDE threat class that best fits the enumerated threat from Task A. Identifies a plausible STRIDE threat class, but it might not be the absolute best fit, or there’s a minor nuance missed. Identifies an incorrect STRIDE threat class, but it shows some understanding of STRIDE concepts. Identifies a completely incorrect STRIDE threat class, or no classification is provided. Clear and Concise Justification (5 points) Provides a clear, logical, and concise justification (within one paragraph) that directly explains why the chosen STRIDE class applies to the specific threat identified in Task A, referencing elements from the scenario. Justification is within length limits. Provides a generally clear justification (within one paragraph) that explains the classification, though it might be slightly less precise or comprehensive. Justification is within length limits, or slightly over (no penalty if over by max 1-2 sentences). The justification is weak, contains irrelevant information, or does not connect the STRIDE class to the specific threat. It may significantly exceed the length limit. (If length is the only issue, max -2 points deduction applied here.) The justification is absent, incoherent, contradicts the classification, or shows a fundamental misunderstanding of the STRIDE model about the scenario. If the justification exceeds the limit significantly and the content is also poor, it has a substantial impact on the score.

Considering the provided context of a buffer overflow vulnerability (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in an application developed in the C language, where an attacker can overwrite memory and execute arbitrary code with system privileges by providing oversized input, identify the most relevant STRIDE threat categories. Support File: https://cwe.mitre.org/data/definitions/119.html

An organization has deployed several cloud applications in Microsoft Azure and various database services in AWS. They are now planning to use DevOps and orchestration tools to ensure rapid and consistent deployment of containers and serverless applications across these platforms. What is the primary benefit of using DevOps and orchestration tools in this multi-cloud environment?

You are considering two different software services for your small business. Service A offers a one-time purchase model, while Service B offers a subscription services payment model. You need immediate access to the software and prefer not to commit to long-term contracts. Based on the characteristics of the subscription services payment model, which option should you choose and why?

Your company is transitioning to cloud services and you are tasked with reducing the environmental impact of your IT operations. Which of the following actions should you implement to achieve this goal?

Which cloud migration strategy involves making some modifications to an application to take advantage of cloud benefits, but does not require a complete redevelopment?

Which of the following is a characteristic of cloud computing defined by the National Institute of Standards and Technology (NIST)?