worksheet_hw2

SFWE 401 UArizona Homework 2 1. What is threat modeling? Describe the following components of a threat model: a) Assets, b) Attackers, and c) Attack Vectors. (20 pts) 2. What is STRIDE and DREAD? Describe both (STRIDE and DREAD) in detail. (20pts) 3. What is PASTA? Describe the steps in PASTA. (20pts) 4. The table below shows partially completed threat model for an autonomous vehicle. Complete the threat model, by applying the DREAD methodology and rating each vulnerability for the asset WiFi. Justify your answers. (20pts) SFWE501: Study and describe what each of this attack does? AV Architecture Layer Asset Attack Surface STRIDE Threat Impact D R E A D Rating Inter Vehicle Networks WiFi Frame Spoofing S, R, I, D Unauthorized Deauthentication S, D Fake Access Points S, T, R, D Denial of Service S, D 5. The table below shows partially completed threat model for an autonomous vehicle. Apply STRIDE to each vulnerability for the asset Bluetooth. Justify your answers. (20pts) SFWE501: Study and describe what each of this attack does? AV Architecture Layer Asset Attack Surface STRIDE Threat Impact D R E A D Rating Inter Vehicle Networks Bluetooth Packet Sniffing 2 1 3 3 3 12 Man in the Middle 2 3 3 3 3 14