Model application threat modeling | Computer Science homework help

Threat modeling begins with a clear understanding of the system in question. There are several areas to consider when trying to understand possible threats to an application. The areas of concern include the mobile application structure, the data, identifying threat agents and methods of attack, and controls to prevent attacks. The threat model should be created with an outline or checklist of items that need to be documented, reviewed, and discussed when developing a mobile application.

In this project, you will create a threat model. There are seven steps, which will lead you through this project, beginning with the scenario as it might occur in the workplace, and continuing with Step 1: “Describe Your Mobile Application Architecture.” Most steps in this project should take no more than two hours to complete, and the project as a whole should take no more than two weeks to complete. 

The following are the deliverables for this project:

  • Threat Model Report: An eight- to 10-page double-spaced Word document with citations in APA format. The report should include your findings and any recommendations for mitigating the threats found. The page count does not include figures, diagrams, tables, or citations. 

Step 1: Describe Your Mobile Application Architecture

In your role as a cyber threat analyst, senior management has asked you to identify how a particular mobile application of your choosing conforms to mobile architecture standards. You are asked to:

  1. Describe device-specific features used by the application, wireless transmission protocols, data transmission media, interaction with hardware components, and other applications. 
  2. Identify the needs and requirements for application security, computing security, and device management and security. 
  3. Describe the operational environment and use cases.
  4. Identify the operating system security and enclave/computing environment security concerns, if there are any. 

This can be fictional or modeled after a real-world application. This will be part of your final report. Click the following links and review the topics and their resources. These resources will guide you in completing this task:

Begin by first reviewing the OWASP Mobile Security Project Testing Guide.

Architecture Considerations

Although mobile applications vary in function, they can be described in general as follows:

  • wireless interfaces
  • transmission type
  • hardware interaction
  • interaction with on device applications/services
  • interaction with off device applications/services
  • encryption protocols
  • platforms

In Section 1 of your research report, you will focus your discussion on the security threats, vulnerabilities, and mitigations of the above considerations.

The following resources will continue to educate your management about mobile devices and mobile application security: mobile platform security, mobile protocols and security, mobile security vulnerabilities, and related technologies and their security. Related technologies can include the hardware and software needed to interoperate with mobile devices and mobile applications. 

Include an overview of these topics in your report.

Use Mobile Application and Architecture Considerations to review the architectural considerations for mobile applications and architecture. Then, include those that are relevant to your mobile application in your report to senior management. Address the following questions:

  1. What is the design of the architecture (network infrastructure, web services, trust boundaries, third-party APIs, etc.)?
  2. What are the common hardware components?
  3. What are the authentication specifics?
  4. What should or shouldn’t the app do?

You will include this information in your report.

When you have completed the work for Section 1, describing the architecture for your app, move on to the next step, where you will define the requirements for the app.

Step 2: Define the Requirements for Your Mobile Application

In the previous step, you described your app’s architecture. In Step 2, you will define what purpose the mobile app serves from a business perspective and what data the app will store, transmit, and receive. Include a data flow diagram to showing exactly how data are handled and managed by the application. You can use fictional information or model it after a real-world application. Here are some questions to consider as you define your requirements:

  1. What is the business function of the app?
  2. What data does the application store/process (provide data flow diagram)?
    1. This diagram should outline network, device file system, and application data flows
    2. How are data transmitted between third-party APIs and app(s)?
    3. Will there be remote access and connectivity? Read this resource about mobile VPN security, and include any of these security issues in your report. 
    4. Are there different data-handling requirements between different mobile platforms? (iOS/Android/Blackberry/Windows/J2ME)
    5. Does the app use cloud storage APIs (e.g., Dropbox, Google Drive, iCloud, Lookout) for device data backups?
    6. Does personal data intermingle with corporate data?
    7. Is there specific business logic built into the app to process data?
  3. What does the data give you (or an attacker) access to? Think about data at restand data in motion as they relate to your app. 
    1. Do stored credentials provide authentication? 
    2. Do stored keys allow attackers to break crypto functions (data integrity)?
  4. Are third-party data being stored and/or transmitted? 
    1. What are the privacy requirements of user data? Consider, for example, a unique device identifier (UDID) or geolocation being transmitted to a third party. 
    2. Are there user privacy-specific regulatory requirements to meet?
  5. How do other data on the device affect the app? Consider, for example, authentication credentials shared between apps.
  6. Compare between jailbroken (i.e., a device with hacked or bypassed digital rights software) and nonjailbroken devices. 
    1. How do the differences affect app data? This can also relate to threat agent identification.

In this step, you defined the app’s requirements. Move to the next step, where you will identify any threats to the app’s operation.

Step 3: Identify Threats and Threat Agents

Now that you have identified the mobile app’s requirements, you will define its threats. 

In Section 3 of the report, you will:

  1. Identify possible threats to the mobile application 
    1. Identify the threat agents
  2. Outline the process for defining what threats apply to your mobile application

Review this Threat Agent Identification Example resource for an example of threat agent identification.

Review this List of Threat Agents resource for a list of threat agents.

After you have identified threats and threat agents, move to the next step, where you will consider the ways an attacker might reach your app’s data.

Step 4: Identify Methods of Attack

In the previous step, you identified threat agents. In this step and in Section 4 of the report, you will identify different methods an attacker can use to reach the data. These data can be sensitive information to the device or something sensitive to the app itself. 

Read these resources on cyberattacks.

Provide senior management an understanding of the possible methods of attack of your app.

When you have identified the attack methods, move to the next step, where you will analyze threats to your app.

Step 6: Controls

You have identified the methods of attack, and now you will discuss the controls to prevent attacks. Consider the following questions:

Note: Not all of the following may apply. You will address only the areas that apply to the application you have chosen.

  • What are the controls to prevent an attack? Conduct independent research and then define these controls by platform (e.g., Apple iOS, Android, Windows Mobile, BlackBerry).
  • What are the controls to detect an attack? Define these controls by platform.
  • What are the controls to mitigate/minimize impact of an attack? Define these controls by platform.
  • What are the privacy controls (i.e., controls to protect users’ private information)? An example of this would be a security prompt for users to access an address book or geolocation.
  • Create a mapping of controls to each specific method of attack (defined in the previous step)
    • Create a level of assurance framework based on controls implemented. This would be subjective to a certain point, but it would be useful in guiding organizations that want to achieve a certain level of risk management based on the threats and vulnerabilities. 

In the next step, you will complete work on the threat model.

You have just discussed the controls to prevent attacks. You have completed all the components of your report. Now compile all your findings and produce your Threat Model Report.

The following are the deliverables for this project:


  • Threat Model Report: An eight- to 10-page double-spaced Word document with citations in APA format. The report should include your findings and any recommendations for mitigating the threats found. The page count does not include figures, diagrams, tables, or citations. 
  • Lab Report: A Word document sharing your la
Get 20% Discount on This Paper
Pages (550 words)
Approximate price: -

Try it now!

Get 20% Discount on This Paper

We'll send you the first draft for approval by at
Total price:

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

Do My Homework has assembled a team of highly skilled writers with diverse experience in the online writing circles. Our aim is to become a one stop shop for all your Academic/ online writing. Check out below our amazing service!


Essay Writing Services

At Do My Homework, we prioritize on all aspects that creates a good grade such as impeccable grammar, proper structure, zero-plagiarism, and conformance to guidelines. The principal purpose of essay writing is to present the author's evaluation concerning a singular subject about which they have made. Since Professionalism is the mother of every success, try our team of experienced writers in helping you complete your essays and other assignments.


Admission Papers

You have been trying to join that prestigious institution you long yearned for, but the hurdle of an admission essay has become a stumbling block. We have your back, with our proven team that has gained invaluable experience over time, your chance of joining that institution is now! Just let us work on that essay.How do you write an admission essay? How do you begin the essay? For answers, try Quality Custom Writers Now!


Editing and Proofreading

Regardless of whether you're pleased with your composing abilities, it's never an impractical notion to have a second eye go through your work. The best editing services leaves no mistake untouched. We recognize the stuff needed to polish up a writing; as a component of our editing and proofreading, we'll change and refine your write up to guarantee it's amazing, and blunder free. Our group of expert editors will examine your work, giving an impeccable touch of English while ensuring your punctuation and sentence structures are top-notch.


Technical papers

We pride ourselves in having a team of clinical writers. The stringent and rigorous vetting process ensures that only the best persons for job. We hire qualified PhD and MA writers only. We equally offer our team of writers bonuses and incentives to motivate their working spirit in terms of delivering original, unique, and informative content. They are our resources drawn from diverse fields. Therefore your technical paper is in the right hands. Every paper is assessed and only the writers with the technical know-how in that field get to work on it.


College Essay Writing

If all along you have been looking for a trustworthy college essay service provider that provides superb academic papers at reasonable prices, then be glad that you search has ended with us. We are your best choice! Get high-quality college essay writing from our magnificent team of knowledgeable and dedicated writers right now!


Quality Assignment/Homework Help

We give the students premium quality assignments, without alarming them with plagiarism and referencing issues. We ensure that the assignments stick to the rules given by the tutors. We are specific about the deadlines you give us. We assure you that you will get your papers well in advance, knowing that you will review and return it if there are any changes, which should be incorporated.