# Threat Modeling Case Studies

1. ### **Web Application Case Study**
    

#### **System Overview**

A web application that allows users to:

* Register and authenticate
    
* Upload and share files
    
* Send messages to other users
    
* View and update their profile
    

#### **Data Flow Diagram**

```mermaid
flowchart LR
    User((User))
    WebServer[Web Server]
    AppServer[Application Server]
    Database[(Database)]
    FileStorage[(File Storage)]
    
    User -->|HTTP/HTTPS| WebServer
    WebServer -->|Internal API| AppServer
    AppServer -->|SQL Queries| Database
    AppServer -->|Store/Retrieve Files| FileStorage
    
    %% Trust Boundaries
    subgraph Internet
        User
    end
    
    subgraph DMZ
        WebServer
    end
    
    subgraph Internal Network
        AppServer
        Database
        FileStorage
    end
    
    style Internet fill:#f9f9f9,stroke:#666,stroke-width:2px,color:#333
    style DMZ fill:#ffffde,stroke:#666,stroke-width:2px,color:#333
    style Internal Network fill:#e6f3ff,stroke:#666,stroke-width:2px,color:#333

```

#### **STRIDE Analysis**

<table><tbody><tr><td colspan="1" rowspan="1"><p><strong>Component</strong></p></td><td colspan="1" rowspan="1"><p><strong>Threat</strong></p></td><td colspan="1" rowspan="1"><p><strong>Mitigation</strong></p></td></tr><tr><td colspan="1" rowspan="1"><p>Authentication</p></td><td colspan="1" rowspan="1"><p>Spoofing (Brute force attacks)</p></td><td colspan="1" rowspan="1"><p>Rate limiting, account lockout, MFA</p></td></tr><tr><td colspan="1" rowspan="1"><p>File Upload</p></td><td colspan="1" rowspan="1"><p>Tampering (Malicious file uploads)</p></td><td colspan="1" rowspan="1"><p>File type validation, malware scanning</p></td></tr><tr><td colspan="1" rowspan="1"><p>User Actions</p></td><td colspan="1" rowspan="1"><p>Repudiation (Denying performed actions)</p></td><td colspan="1" rowspan="1"><p>Secure logging of all security-relevant events</p></td></tr><tr><td colspan="1" rowspan="1"><p>User Data</p></td><td colspan="1" rowspan="1"><p>Information Disclosure (Data leakage)</p></td><td colspan="1" rowspan="1"><p>Data encryption, access controls</p></td></tr><tr><td colspan="1" rowspan="1"><p>Web Server</p></td><td colspan="1" rowspan="1"><p>Denial of Service (Traffic flood)</p></td><td colspan="1" rowspan="1"><p>Rate limiting, CDN, scaling capabilities</p></td></tr><tr><td colspan="1" rowspan="1"><p>Access Control</p></td><td colspan="1" rowspan="1"><p>Elevation of Privilege (IDOR)</p></td><td colspan="1" rowspan="1"><p>Proper authorization checks, RBAC</p></td></tr></tbody></table>

2. ### **IoT Device Case Study**
    

#### **System Overview**

A smart home IoT device that:

* Connects to a home WiFi network
    
* Communicates with a cloud service
    
* Is controlled via a mobile app
    
* Controls physical devices (e.g., lights, locks)
    

#### **Attack Tree**

```mermaid
graph TD
    A[Compromise IoT Device] --> B[Attack Hardware]
    A --> C[Attack Software]
    A --> D[Attack Communications]
   A --> E[Attack Cloud Services]
    
    B --> B1[Physical Tampering]
    B --> B2[Side-channel Attacks]
    B --> B3[Debug Port Access]
    
    C --> C1[Firmware Exploitation]
    C --> C2[Memory Corruption]
    C --> C3[Authentication Bypass]
    
    D --> D1[Network Sniffing]
    D --> D2[Man-in-the-Middle]
    D --> D3[Replay Attacks]
    
   E --> E1[API Vulnerabilities]
   E --> E2[Account Takeover]
   E --> E3[Insufficient Access Control]
    
    style A fill:#f96,stroke:#333,stroke-width:2px

```

#### **DREAD Assessment for "Authentication Bypass"**

<table><tbody><tr><td colspan="1" rowspan="1"><p><strong>Category</strong></p></td><td colspan="1" rowspan="1"><p><strong>Rating (1-10)</strong></p></td><td colspan="1" rowspan="1"><p><strong>Reasoning</strong></p></td></tr><tr><td colspan="1" rowspan="1"><p>Damage</p></td><td colspan="1" rowspan="1"><p>9</p></td><td colspan="1" rowspan="1"><p>Complete control of the device</p></td></tr><tr><td colspan="1" rowspan="1"><p>Reproducibility</p></td><td colspan="1" rowspan="1"><p>7</p></td><td colspan="1" rowspan="1"><p>Once discovered, can be consistently exploited</p></td></tr><tr><td colspan="1" rowspan="1"><p>Exploitability</p></td><td colspan="1" rowspan="1"><p>5</p></td><td colspan="1" rowspan="1"><p>Requires moderate technical knowledge</p></td></tr><tr><td colspan="1" rowspan="1"><p>Affected Users</p></td><td colspan="1" rowspan="1"><p>10</p></td><td colspan="1" rowspan="1"><p>All users of the device</p></td></tr><tr><td colspan="1" rowspan="1"><p>Discoverability</p></td><td colspan="1" rowspan="1"><p>6</p></td><td colspan="1" rowspan="1"><p>Requires targeted testing to discover</p></td></tr><tr><td colspan="1" rowspan="1"><p><strong>Overall Risk</strong></p></td><td colspan="1" rowspan="1"><p><strong>7.4</strong></p></td><td colspan="1" rowspan="1"><p><strong>Medium-High Risk</strong></p></td></tr></tbody></table>

3. ### **Microservices Application Case Study**
    

#### **System Overview**

A microservices architecture with:

* Multiple service containers
    
* API Gateway
    
* Service-to-service communication
    
* Shared data stores
    
* Authentication services
    

#### **Data Flow Diagram**

```mermaid
flowchart TD
    Client((Client))
    Gateway[API Gateway]
    Auth[Auth Service]
    Users[User Service]
    Orders[Order Service]
    Products[Product Service]
    UserDB[(User Database)]
    OrderDB[(Order Database)]
    ProductDB[(Product Database)]
    
    Client -->|HTTPS| Gateway
    Gateway -->|Validate Token| Auth
    Gateway -->|User Operations| Users
    Gateway -->|Order Operations| Orders
    Gateway -->|Product Operations| Products
    
    Users -->|Read/Write| UserDB
    Orders -->|Read/Write| OrderDB
    Products -->|Read/Write| ProductDB
    
    Orders -->|Get User Info| Users
    Orders -->|Get Product Info| Products
    
    subgraph ServiceMesh[Service Mesh]
        Auth
        Users
        Orders
        Products
    end
    
    style ServiceMesh fill:#e6f3ff,stroke:#666,stroke-width:2px,color:#333

```

#### **Key Threats and Mitigations**

<table><tbody><tr><td colspan="1" rowspan="1"><p><strong>Threat</strong></p></td><td colspan="1" rowspan="1"><p><strong>Affected Component</strong></p></td><td colspan="1" rowspan="1"><p><strong>Mitigation</strong></p></td></tr><tr><td colspan="1" rowspan="1"><p>Unauthorized service-to-service calls</p></td><td colspan="1" rowspan="1"><p>Service Mesh</p></td><td colspan="1" rowspan="1"><p>Mutual TLS, service identity</p></td></tr><tr><td colspan="1" rowspan="1"><p>API Gateway bypass</p></td><td colspan="1" rowspan="1"><p>API Gateway</p></td><td colspan="1" rowspan="1"><p>Network segmentation, ingress control</p></td></tr><tr><td colspan="1" rowspan="1"><p>Insecure direct object references</p></td><td colspan="1" rowspan="1"><p>All Services</p></td><td colspan="1" rowspan="1"><p>Proper authorization on all endpoints</p></td></tr><tr><td colspan="1" rowspan="1"><p>Data leakage between tenants</p></td><td colspan="1" rowspan="1"><p>All Databases</p></td><td colspan="1" rowspan="1"><p>Data partitioning, row-level security</p></td></tr><tr><td colspan="1" rowspan="1"><p>Token theft</p></td><td colspan="1" rowspan="1"><p>Auth Service</p></td><td colspan="1" rowspan="1"><p>Short token lifetimes, token validation</p></td></tr></tbody></table>

4. ### **Financial Institution - Online Banking Platform**
    

#### **System Overview**

A major financial institution's online banking platform that provides:

* Account access and management
    
* Fund transfers
    
* Bill payments
    
* Mobile check deposits
    
* Financial reporting
    

#### **Data Flow Diagram**

```mermaid
flowchart TD
    Customer((Customer))
    WAF[Web Application Firewall]
    LoadBalancer[Load Balancer]
    WebApp[Web/Mobile Front-end]
    APIGateway[API Gateway]
    AuthService[Authentication Service]
    FraudDetection[Fraud Detection]
    TransactionService[Transaction Service]
    AccountService[Account Service]
    NotificationService[Notification Service]
    CoreBankingSystem[(Core Banking System)]
    DataWarehouse[(Data Warehouse)]
    
    Customer -->|HTTPS| WAF
    WAF -->|Filtered Traffic| LoadBalancer
    LoadBalancer -->|Balanced Traffic| WebApp
    WebApp -->|API Requests| APIGateway
    
    APIGateway -->|Auth Requests| AuthService
    APIGateway -->|Transaction Requests| TransactionService
    APIGateway -->|Account Requests| AccountService
    
    AuthService --> FraudDetection
    TransactionService --> FraudDetection
    
    TransactionService -->|Process Transactions| CoreBankingSystem
    AccountService -->|Account Information| CoreBankingSystem
    
    TransactionService -->|Transaction Events| NotificationService
    NotificationService -->|SMS/Email| Customer
    
    CoreBankingSystem --> DataWarehouse
    
    subgraph DMZ
        WAF
        LoadBalancer
    end
    
    subgraph Application Layer
        WebApp
        APIGateway
        AuthService
        FraudDetection
        TransactionService
        AccountService
        NotificationService
    end
    
    subgraph Data Layer
        CoreBankingSystem
        DataWarehouse
    end
    
    style DMZ fill:#ffffde,stroke:#666,stroke-width:2px,color:#333
    style Application Layer fill:#e6f3ff,stroke:#666,stroke-width:2px,color:#333
    style Data Layer fill:#ffe6e6,stroke:#666,stroke-width:2px,color:#333

```

#### **STRIDE Analysis**

<table><tbody><tr><td colspan="1" rowspan="1"><p><strong>Component</strong></p></td><td colspan="1" rowspan="1"><p><strong>Threat</strong></p></td><td colspan="1" rowspan="1"><p><strong>Impact</strong></p></td><td colspan="1" rowspan="1"><p><strong>Mitigation</strong></p></td></tr><tr><td colspan="1" rowspan="1"><p>Authentication</p></td><td colspan="1" rowspan="1"><p>Spoofing (Credential theft)</p></td><td colspan="1" rowspan="1"><p>Unauthorized account access</p></td><td colspan="1" rowspan="1"><p>MFA, anomaly detection, secure session management</p></td></tr><tr><td colspan="1" rowspan="1"><p>Transaction Processing</p></td><td colspan="1" rowspan="1"><p>Tampering (Transaction manipulation)</p></td><td colspan="1" rowspan="1"><p>Financial fraud</p></td><td colspan="1" rowspan="1"><p>Digital signatures, transaction verification steps</p></td></tr><tr><td colspan="1" rowspan="1"><p>Audit Trail</p></td><td colspan="1" rowspan="1"><p>Repudiation (Denying financial transactions)</p></td><td colspan="1" rowspan="1"><p>Dispute resolution challenges</p></td><td colspan="1" rowspan="1"><p>Immutable logging, digital receipts</p></td></tr><tr><td colspan="1" rowspan="1"><p>Customer Data</p></td><td colspan="1" rowspan="1"><p>Information Disclosure (Data breach)</p></td><td colspan="1" rowspan="1"><p>PII/financial data exposure</p></td><td colspan="1" rowspan="1"><p>Encryption, data minimization, access controls</p></td></tr><tr><td colspan="1" rowspan="1"><p>Banking Services</p></td><td colspan="1" rowspan="1"><p>Denial of Service (System unavailability)</p></td><td colspan="1" rowspan="1"><p>Service interruption</p></td><td colspan="1" rowspan="1"><p>Redundancy, rate limiting, DDoS protection</p></td></tr><tr><td colspan="1" rowspan="1"><p>Access Controls</p></td><td colspan="1" rowspan="1"><p>Elevation of Privilege (Admin rights)</p></td><td colspan="1" rowspan="1"><p>Unauthorized system access</p></td><td colspan="1" rowspan="1"><p>Strict RBAC, JIT access, privilege monitoring</p></td></tr></tbody></table>

5. ### **Healthcare System - Electronic Health Records**
    

#### **System Overview**

A hospital system's electronic health records (EHR) platform with:

* Patient records management
    
* Prescription handling
    
* Lab test ordering and results
    
* Medical imaging integration
    
* Billing and insurance processing
    

#### **Data Flow Diagram**

```mermaid
flowchart TD
    MedStaff((Medical Staff))
    Patient((Patient))
    Admin((Admin Staff))
    
    AuthN[Authentication System]
    EHRPortal[EHR Portal]
    PatientPortal[Patient Portal]
    AdminPortal[Admin Portal]
    
    FHIR[FHIR API Gateway]
    
    PatientRecords[Patient Records Service]
    Medications[Medications Service]
    Imaging[Imaging Service]
    Billing[Billing Service]
    Audit[Audit Service]
    
    PatientDB[(Patient Database)]
    MedicationDB[(Medication Database)]
    ImagingStore[(Imaging Store)]
    BillingDB[(Billing Database)]
    AuditLogs[(Audit Logs)]
    
    MedStaff -->|Login| AuthN
    Patient -->|Login| AuthN
    Admin -->|Login| AuthN
    
    AuthN -->|Access Grant| EHRPortal
    AuthN -->|Access Grant| PatientPortal
    AuthN -->|Access Grant| AdminPortal
    
    EHRPortal -->|API Calls| FHIR
    PatientPortal -->|Limited API Calls| FHIR
    AdminPortal -->|Admin API Calls| FHIR
    
    FHIR -->|Patient Data| PatientRecords
    FHIR -->|Medication Data| Medications
    FHIR -->|Image Requests| Imaging
    FHIR -->|Billing Info| Billing
    
    PatientRecords -->|Read/Write| PatientDB
    Medications -->|Read/Write| MedicationDB
    Imaging -->|Store/Retrieve| ImagingStore
    Billing -->|Process| BillingDB
    
    FHIR -.->|Log All Access| Audit
    Audit -->|Write Logs| AuditLogs
    
    subgraph Hospital Network
        EHRPortal
        AuthN
        FHIR
        PatientRecords
        Medications
        Imaging
        Billing
        Audit
    end
    
    subgraph Data Stores
        PatientDB
        MedicationDB
        ImagingStore
        BillingDB
        AuditLogs
    end
    
    style Hospital Network fill:#e6ffe6,stroke:#666,stroke-width:2px,color:#333
    style Data Stores fill:#e6e6ff,stroke:#666,stroke-width:2px,color:#333

```

#### **Key Threats and Mitigations**

<table><tbody><tr><td colspan="1" rowspan="1"><p><strong>Threat</strong></p></td><td colspan="1" rowspan="1"><p><strong>Impact</strong></p></td><td colspan="1" rowspan="1"><p><strong>Mitigation</strong></p></td></tr><tr><td colspan="1" rowspan="1"><p>Unauthorized access to patient records</p></td><td colspan="1" rowspan="1"><p>Patient privacy violation, HIPAA breach</p></td><td colspan="1" rowspan="1"><p>Fine-grained access controls, need-to-know basis</p></td></tr><tr><td colspan="1" rowspan="1"><p>Medication prescription tampering</p></td><td colspan="1" rowspan="1"><p>Patient safety risk</p></td><td colspan="1" rowspan="1"><p>Digital signatures, verification workflow</p></td></tr><tr><td colspan="1" rowspan="1"><p>EHR data breach</p></td><td colspan="1" rowspan="1"><p>Mass disclosure of protected health information</p></td><td colspan="1" rowspan="1"><p>Encryption, data segmentation, access monitoring</p></td></tr><tr><td colspan="1" rowspan="1"><p>Ransomware attack</p></td><td colspan="1" rowspan="1"><p>System unavailability, data loss</p></td><td colspan="1" rowspan="1"><p>Robust backups, security patching, network segmentation</p></td></tr><tr><td colspan="1" rowspan="1"><p>Insider threat</p></td><td colspan="1" rowspan="1"><p>Targeted data access, privacy violations</p></td><td colspan="1" rowspan="1"><p>Least privilege access, behavior analytics, audit logging</p></td></tr><tr><td colspan="1" rowspan="1"><p>Medical device compromise</p></td><td colspan="1" rowspan="1"><p>Patient safety, data integrity issues</p></td><td colspan="1" rowspan="1"><p>Device security policies, network isolation, monitoring</p></td></tr></tbody></table>

6. ### **E-commerce Platform**
    

#### **System Overview**

A large e-commerce platform that supports:

* Product browsing and searching
    
* User accounts and profiles
    
* Shopping cart and checkout
    
* Payment processing
    
* Order fulfillment and shipping
    

#### **Data Flow Diagram**

```mermaid
flowchart TD
    Customer((Customer))
    CDN[CDN]
    WebApp[Web Application]
    MobileApp[Mobile Application]
    
    APIGateway[API Gateway]
    AuthService[Auth Service]
    ProductService[Product Service]
    CartService[Cart Service]
    OrderService[Order Service]
    PaymentService[Payment Service]
    
    ProductDB[(Product Database)]
    UserDB[(User Database)]
    CartDB[(Cart Database)]
    OrderDB[(Order Database)]
    
    PaymentProcessor([3rd Party Payment Processor])
    ShippingProvider([3rd Party Shipping])
    
    Customer -->|Browse| CDN
    Customer -->|HTTPS| WebApp
    Customer -->|HTTPS| MobileApp
    
    WebApp -->|API Calls| APIGateway
    MobileApp -->|API Calls| APIGateway
    
    APIGateway -->|Auth Requests| AuthService
    APIGateway -->|Product Requests| ProductService
    APIGateway -->|Cart Operations| CartService
    APIGateway -->|Order Operations| OrderService
    APIGateway -->|Payment Processing| PaymentService
    
    AuthService -->|User Data| UserDB
    ProductService -->|Catalog Data| ProductDB
    CartService -->|Cart Data| CartDB
    OrderService -->|Order Data| OrderDB
    
    PaymentService -->|Process Payment| PaymentProcessor
    OrderService -->|Shipping Request| ShippingProvider
    
    subgraph Frontend
        CDN
        WebApp
        MobileApp
    end
    
    subgraph Microservices
        APIGateway
        AuthService
        ProductService
        CartService
        OrderService
        PaymentService
    end
    
    subgraph Databases
        ProductDB
        UserDB
        CartDB
        OrderDB
    end
    
    subgraph External Services
        PaymentProcessor
        ShippingProvider
    end
    
    style Frontend fill:#f9f9f9,stroke:#666,stroke-width:2px,color:#333
    style Microservices fill:#e6f3ff,stroke:#666,stroke-width:2px,color:#333
    style Databases fill:#e6ffe6,stroke:#666,stroke-width:2px,color:#333
    style External Services fill:#fff2e6,stroke:#666,stroke-width:2px,color:#333

```

#### **STRIDE Analysis**

<table><tbody><tr><td colspan="1" rowspan="1"><p><strong>Component</strong></p></td><td colspan="1" rowspan="1"><p><strong>Threat</strong></p></td><td colspan="1" rowspan="1"><p><strong>Impact</strong></p></td><td colspan="1" rowspan="1"><p><strong>Mitigation</strong></p></td></tr><tr><td colspan="1" rowspan="1"><p>User Authentication</p></td><td colspan="1" rowspan="1"><p>Account takeover</p></td><td colspan="1" rowspan="1"><p>Unauthorized purchases, data access</p></td><td colspan="1" rowspan="1"><p>Strong authentication, account lockouts, fraud detection</p></td></tr><tr><td colspan="1" rowspan="1"><p>Payment Processing</p></td><td colspan="1" rowspan="1"><p>Credit card theft</p></td><td colspan="1" rowspan="1"><p>Financial loss, reputation damage</p></td><td colspan="1" rowspan="1"><p>PCI-DSS compliance, tokenization, encryption</p></td></tr><tr><td colspan="1" rowspan="1"><p>Product Listings</p></td><td colspan="1" rowspan="1"><p>Price manipulation</p></td><td colspan="1" rowspan="1"><p>Revenue loss</p></td><td colspan="1" rowspan="1"><p>Digital signatures, price verification</p></td></tr><tr><td colspan="1" rowspan="1"><p>Shopping Cart</p></td><td colspan="1" rowspan="1"><p>Cart manipulation</p></td><td colspan="1" rowspan="1"><p>Price/item tampering</p></td><td colspan="1" rowspan="1"><p>Server-side validation, integrity checks</p></td></tr><tr><td colspan="1" rowspan="1"><p>Checkout Flow</p></td><td colspan="1" rowspan="1"><p>Session hijacking</p></td><td colspan="1" rowspan="1"><p>Order interception</p></td><td colspan="1" rowspan="1"><p>TLS, secure cookies, session management</p></td></tr><tr><td colspan="1" rowspan="1"><p>User Reviews</p></td><td colspan="1" rowspan="1"><p>Content injection</p></td><td colspan="1" rowspan="1"><p>Platform abuse, reputational damage</p></td><td colspan="1" rowspan="1"><p>Input validation, content moderation</p></td></tr></tbody></table>

7. ### **Cloud Infrastructure Provider**
    

#### **System Overview**

A cloud infrastructure provider offering:

* Virtual machine instances
    
* Managed databases
    
* Storage solutions
    
* Networking services
    
* Identity and access management
    

#### **Data Flow Diagram**

```mermaid
flowchart TD
    Customer((Customer))
    DevOps((DevOps Team))
    LoadBalancer[Load Balancer]
    APIGateway[API Gateway]
    
    WebConsole[Web Console]
    CLI[Command-Line Tools]
    SDKs[Developer SDKs]
    
    IAM[Identity & Access Management]
    ComputeService[Compute Service]
    StorageService[Storage Service]
    DatabaseService[Database Service]
    NetworkingService[Networking Service]
    
    MetadataService[Instance Metadata Service]
    OrchestrationEngine[Orchestration Engine]
    BillingSystem[Billing System]
    
    HypervisorHosts[Hypervisor Hosts]
    PhysicalStorage[Physical Storage Arrays]
    NetworkFabric[Network Fabric]
    
    Customer -->|Console Access| LoadBalancer
    DevOps -->|Admin Access| LoadBalancer
    
    LoadBalancer -->|Route Traffic| WebConsole
    LoadBalancer -->|Route Traffic| APIGateway
    
    WebConsole -->|API Calls| APIGateway
    CLI -->|API Calls| APIGateway
    SDKs -->|API Calls| APIGateway
    
    APIGateway -->|Authenticate| IAM
    APIGateway -->|Compute Requests| ComputeService
    APIGateway -->|Storage Requests| StorageService
    APIGateway -->|DB Requests| DatabaseService
    APIGateway -->|Network Requests| NetworkingService
    
    ComputeService -->|Create/Manage VMs| HypervisorHosts
    ComputeService -->|Instance Metadata| MetadataService
    StorageService -->|Allocate/Manage| PhysicalStorage
    NetworkingService -->|Configure| NetworkFabric
    
    IAM -.->|Auth Decisions| ComputeService
    IAM -.->|Auth Decisions| StorageService
    IAM -.->|Auth Decisions| DatabaseService
    IAM -.->|Auth Decisions| NetworkingService
    
    ComputeService -->|Deploy Resources| OrchestrationEngine
    StorageService -->|Deploy Resources| OrchestrationEngine
    DatabaseService -->|Deploy Resources| OrchestrationEngine
    NetworkingService -->|Deploy Resources| OrchestrationEngine
    
    OrchestrationEngine -->|Resource Usage| BillingSystem
    
    subgraph Control Plane
        APIGateway
        IAM
        ComputeService
        StorageService
        DatabaseService
        NetworkingService
        MetadataService
        OrchestrationEngine
        BillingSystem
    end
    
    subgraph Data Plane
        HypervisorHosts
        PhysicalStorage
        NetworkFabric
    end
    
    style Control Plane fill:#e6f3ff,stroke:#666,stroke-width:2px,color:#333
    style Data Plane fill:#ffe6e6,stroke:#666,stroke-width:2px,color:#333

```

#### **Key Threats and Mitigations**

<table><tbody><tr><td colspan="1" rowspan="1"><p><strong>Threat</strong></p></td><td colspan="1" rowspan="1"><p><strong>Impact</strong></p></td><td colspan="1" rowspan="1"><p><strong>Mitigation</strong></p></td></tr><tr><td colspan="1" rowspan="1"><p>Multi-tenant escape</p></td><td colspan="1" rowspan="1"><p>Customer data breach, cross-account access</p></td><td colspan="1" rowspan="1"><p>Strong isolation, hypervisor hardening, regular patching</p></td></tr><tr><td colspan="1" rowspan="1"><p>API abuse</p></td><td colspan="1" rowspan="1"><p>Service disruption, unauthorized access</p></td><td colspan="1" rowspan="1"><p>Rate limiting, API authentication, activity monitoring</p></td></tr><tr><td colspan="1" rowspan="1"><p>IAM misconfiguration</p></td><td colspan="1" rowspan="1"><p>Excessive permissions, data exposure</p></td><td colspan="1" rowspan="1"><p>Least privilege access, permission boundaries, policy validation</p></td></tr><tr><td colspan="1" rowspan="1"><p>SSRF against metadata service</p></td><td colspan="1" rowspan="1"><p>VM takeover, credential theft</p></td><td colspan="1" rowspan="1"><p>Instance metadata service controls, network segmentation</p></td></tr><tr><td colspan="1" rowspan="1"><p>Supply chain compromise</p></td><td colspan="1" rowspan="1"><p>Backdoor insertion, persistent access</p></td><td colspan="1" rowspan="1"><p>Vendor assessment, code signing, CI/CD security</p></td></tr><tr><td colspan="1" rowspan="1"><p>Physical security breach</p></td><td colspan="1" rowspan="1"><p>Hardware tampering, data theft</p></td><td colspan="1" rowspan="1"><p>Datacenter security, disk encryption, secure decommissioning</p></td></tr></tbody></table>

8. ### **Mobile Payment Application**
    

#### **System Overview**

A mobile payment application that provides:

* Peer-to-peer money transfers
    
* QR code and contactless payments
    
* Bill splitting functionality
    
* Transaction history
    
* Bank account and card linking
    

#### **Data Flow Diagram**

```mermaid
flowchart TD
    User((User))
    Merchant((Merchant))
    
    MobileApp[Mobile Application]
    MerchantPOS[Merchant POS]
    
    APIGateway[API Gateway]
    AuthService[Authentication Service]
    UserService[User Service]
    PaymentService[Payment Service]
    NotificationService[Notification Service]
    FraudService[Fraud Detection]
    
    UserDB[(User Database)]
    TransactionDB[(Transaction DB)]
    TokenVault[(Token Vault)]
    
    BankNetwork([Banking Network])
    CardNetwork([Card Network])
    
    User -->|Open App| MobileApp
    Merchant -->|Payment Request| MerchantPOS
    
    MobileApp -->|Authenticate| APIGateway
    MobileApp -->|Transfer Money| APIGateway
    MobileApp -->|Pay Merchant| APIGateway
    MerchantPOS -->|Process Payment| APIGateway
    
    APIGateway -->|Verify User| AuthService
    APIGateway -->|User Operations| UserService
    APIGateway -->|Process Payment| PaymentService
    
    AuthService -->|Validate| UserDB
    UserService -->|Account Info| UserDB
    PaymentService -->|Record Transaction| TransactionDB
    PaymentService -->|Check Fraud| FraudService
    
    PaymentService -->|Use Payment Token| TokenVault
    TokenVault -->|Process ACH| BankNetwork
    TokenVault -->|Process Card| CardNetwork
    
    PaymentService -->|Transaction Confirmation| NotificationService
    NotificationService -->|Push Notification| MobileApp
    
    subgraph MobilePOS[Mobile & POS]
        MobileApp
        MerchantPOS
    end
    
    subgraph AppServices[Application Services]
        APIGateway
        AuthService
        UserService
        PaymentService
        NotificationService
        FraudService
    end
    
    subgraph DataStorage[Data Storage]
        UserDB
        TransactionDB
        TokenVault
    end
    
    subgraph ExternalNetworks[External Networks]
        BankNetwork
        CardNetwork
    end
    
    style MobilePOS fill:#f9f9f9,stroke:#666,stroke-width:2px,color:#333
    style AppServices fill:#e6f3ff,stroke:#666,stroke-width:2px,color:#333
    style DataStorage fill:#e6ffe6,stroke:#666,stroke-width:2px,color:#333
    style ExternalNetworks fill:#fff2e6,stroke:#666,stroke-width:2px,color:#333

```

#### **DREAD Analysis for "Account Takeover"**

<table><tbody><tr><td colspan="1" rowspan="1"><p><strong>Category</strong></p></td><td colspan="1" rowspan="1"><p><strong>Rating (1-10)</strong></p></td><td colspan="1" rowspan="1"><p><strong>Reasoning</strong></p></td></tr><tr><td colspan="1" rowspan="1"><p>Damage</p></td><td colspan="1" rowspan="1"><p>10</p></td><td colspan="1" rowspan="1"><p>Complete financial loss, identity theft</p></td></tr><tr><td colspan="1" rowspan="1"><p>Reproducibility</p></td><td colspan="1" rowspan="1"><p>6</p></td><td colspan="1" rowspan="1"><p>Requires specific user targeting</p></td></tr><tr><td colspan="1" rowspan="1"><p>Exploitability</p></td><td colspan="1" rowspan="1"><p>5</p></td><td colspan="1" rowspan="1"><p>Requires bypassing multiple security controls</p></td></tr><tr><td colspan="1" rowspan="1"><p>Affected Users</p></td><td colspan="1" rowspan="1"><p>8</p></td><td colspan="1" rowspan="1"><p>Individual accounts, but can be done at scale</p></td></tr><tr><td colspan="1" rowspan="1"><p>Discoverability</p></td><td colspan="1" rowspan="1"><p>7</p></td><td colspan="1" rowspan="1"><p>Public mobile app with observable security controls</p></td></tr><tr><td colspan="1" rowspan="1"><p><strong>Overall Risk</strong></p></td><td colspan="1" rowspan="1"><p><strong>7.2</strong></p></td><td colspan="1" rowspan="1"><p><strong>High Risk</strong></p></td></tr></tbody></table>

9. ### **Automotive Connected Vehicle System**
    

#### **System Overview**

A modern connected vehicle platform that includes:

* In-vehicle infotainment system
    
* Remote vehicle control (lock/unlock, climate)
    
* Telematics and vehicle health monitoring
    
* Over-the-air software updates
    
* Emergency services communication
    

#### **Data Flow Diagram**

```mermaid
flowchart TD
    Driver((Driver))
    MobileApp[Mobile App]
    InVehicleSystem[In-Vehicle System]
    
    CloudBackend[Cloud Backend]
    IdentityService[Identity Service]
    VehicleCommandService[Vehicle Command Service]
    TelematicsService[Telematics Service]
    UpdateService[Update Service]
    
    VehicleCAN[Vehicle CAN Bus]
    BodyControlModule[Body Control Module]
    EngineCU[Engine Control Unit]
    InfotainmentSystem[Infotainment System]
    Telematics[Telematics Control Unit]
    
    VehicleDB[(Vehicle Database)]
    UserDB[(User Database)]
    TelematicsDB[(Telematics DB)]
    SoftwareRepo[(Software Repository)]
    
    EmergencyServices([Emergency Services])
    DealershipSystems([Dealership Systems])
    
    Driver -->|Mobile Control| MobileApp
    Driver -->|Direct Interaction| InVehicleSystem
    
    MobileApp -->|HTTPS| CloudBackend
    InVehicleSystem -->|4G/5G| CloudBackend
    
    CloudBackend -->|Auth Requests| IdentityService
    CloudBackend -->|Vehicle Commands| VehicleCommandService
    CloudBackend -->|Telemetry Data| TelematicsService
    CloudBackend -->|Software Updates| UpdateService
    
    IdentityService -->|User Data| UserDB
    VehicleCommandService -->|Vehicle Status| VehicleDB
    TelematicsService -->|Store Telemetry| TelematicsDB
    UpdateService -->|Fetch Updates| SoftwareRepo
    
    VehicleCommandService -->|Send Commands| Telematics
    TelematicsService -->|Receive Data| Telematics
    UpdateService -->|Send Updates| Telematics
    
    Telematics -->|Vehicle Network| VehicleCAN
    InfotainmentSystem -->|Media/Navigation| VehicleCAN
    
    VehicleCAN -->|Control Signals| BodyControlModule
    VehicleCAN -->|Engine Management| EngineCU
    
    Telematics -.->|Emergency Call| EmergencyServices
    TelematicsService -.->|Diagnostics| DealershipSystems
    
    subgraph MobileCloud[Mobile & Cloud]
        MobileApp
        CloudBackend
        IdentityService
        VehicleCommandService
        TelematicsService
        UpdateService
    end
    
    subgraph VehicleSystems[Vehicle Systems]
        InVehicleSystem
        Telematics
        VehicleCAN
        BodyControlModule
        EngineCU
        InfotainmentSystem
    end
    
    subgraph CloudStorage[Cloud Storage]
        VehicleDB
        UserDB
        TelematicsDB
        SoftwareRepo
    end
    
    style MobileCloud fill:#e6f3ff,stroke:#666,stroke-width:2px,color:#333
    style VehicleSystems fill:#ffe6cc,stroke:#666,stroke-width:2px,color:#333
    style CloudStorage fill:#e6ffe6,stroke:#666,stroke-width:2px,color:#333

```

#### **Key Threats and Mitigations**

<table><tbody><tr><td colspan="1" rowspan="1"><p><strong>Threat</strong></p></td><td colspan="1" rowspan="1"><p><strong>Impact</strong></p></td><td colspan="1" rowspan="1"><p><strong>Mitigation</strong></p></td></tr><tr><td colspan="1" rowspan="1"><p>Remote vehicle control exploit</p></td><td colspan="1" rowspan="1"><p>Safety risk, unauthorized control</p></td><td colspan="1" rowspan="1"><p>Command authentication, secure boot, message authentication</p></td></tr><tr><td colspan="1" rowspan="1"><p>CAN bus injection</p></td><td colspan="1" rowspan="1"><p>Vehicle safety systems compromise</p></td><td colspan="1" rowspan="1"><p>Gateway filtering, bus segmentation, intrusion detection</p></td></tr><tr><td colspan="1" rowspan="1"><p>Infotainment system compromise</p></td><td colspan="1" rowspan="1"><p>Entry point to critical systems</p></td><td colspan="1" rowspan="1"><p>Domain separation, privilege boundary, sandboxing</p></td></tr><tr><td colspan="1" rowspan="1"><p>Telematics unit exploitation</p></td><td colspan="1" rowspan="1"><p>Location tracking, privacy breach</p></td><td colspan="1" rowspan="1"><p>Data minimization, encryption, secure communication</p></td></tr><tr><td colspan="1" rowspan="1"><p>Software update tampering</p></td><td colspan="1" rowspan="1"><p>Malicious code execution</p></td><td colspan="1" rowspan="1"><p>Code signing, update verification, secure delivery</p></td></tr><tr><td colspan="1" rowspan="1"><p>Mobile app API abuse</p></td><td colspan="1" rowspan="1"><p>Unauthorized vehicle access</p></td><td colspan="1" rowspan="1"><p>Strong API security, rate limiting, anomaly detection</p></td></tr></tbody></table>
