User Account

All Pages

7026CEM Security of Emerging Connected Systems Assignment

Assignment Help Computer Network Security
Reference no: EM133128124

7026CEM Security of Emerging Connected Systems - Coventry University

Coursework - Policy and Legal Aspects about IoT systems.

Learning Outcome 1: Critically evaluate the role of a security policy for protecting information assets and be able to propose appropriate security policies to defend those assets based on an understanding of security concepts and their application to internet-based technologies.

Learning Outcome 2: Demonstrate a sound understanding of the key legislation that relates to information security and how it influences the security policy of an organisation.

Tasks

Discuss the laws and the legal background, areas, implication, and consequences related to the security issues that have been found in domus system, which you have written your report about in CW2. Domus system will be for sale to UK residents only at first, but the company is interested in expanding into the US market.

In case any attack occurs for each security issue, discuss the possible legal consequences and penalties for:
• The attacker.
• The end user who runs the system.
• The vendor or the party that has produced this system.
• Any re-selling 3rd party.
• Any other possible parties you think should be held accountable. You need to include the:
• Legal phrases, sections, acts... etc. for each issue, in both UK and
US laws.
• Any procession processes.
• Legal penalties.

You have to explicitly mention the domus security issues in your discussion.
Discuss the legal aspects and implications within the UK and the US laws in the following manner, or report sections:
• UK Law understanding and coverage (50%, ~700-800 words): coverage of all applicable legal aspects and demonstration of a good understanding of them. And the applicable legal consequences or penalties.
• US Law understanding and coverage (30%, ~400-500 words): coverage of key aspects to be considered. And the applicable legal consequences or penalties.
• A sum up section (10%, ~200-300 words): a comparison summarising the differences between UK and US laws.
• Report (10%) the structure of the report that has to be suitable for both technical staff and non-technical management; the style/structure of the report, and the use of language and grammar.
Some recommendations on writing a report:
o Use 3rd person and passive voice rather than 1st and 2nd person.
o Use MS Word with Arial, size 12, and 1.15 line spacing.
o Paragraphs are left alignment.
o Acronyms should be capitalised, explained, and added to a table of acronyms at the beginning of the report.
o Figures, tables, and graphs should be captioned and added to list of figures, tables, and graphs.
o Add a table of contents at the beginning of the report.
o Avoid using American English and try to use British English.

Coursework - IoT systems design and security evaluation according to OWASP lists

Learning Outcome 1: Propose and implement effective 'defence-in-depth' solutions to mitigate the key technical internet security vulnerabilities that organisations face.

Learning Outcome 2: Design and implement secure private networks for IoT and Bring Your Own Device (BYOD).

Learning Outcome 3: Discuss and debate a wide range of current research and technological advances in network security.

Task

Introduction

You are given access to an IoT environment, representing a home owned by early adopters in the current move to "smart homes". The devices are all from a single manufacturer and you are required to evaluate the security aspects of the system before marketing and sale of the devices.

You will be given access to a testbed network to perform a practical security audit as well as associated documentation for review.

Task Breakdown
1. A security evaluation report on the test-bed system. This is a "white-box" analysis, so you should execute it as a security review rather than penetration test. You can examine any of the files and materials you are given, but any security vulnerability should be demonstrated with a proof-of-concept (PoC) attack that would work without the information gained through white-box testing. Make sure you consider more than just direct attacks on the devices. Also consider what information is exposed about the consumer.
2. A report to the manufacturer on your findings that includes a short review of each problem, along with a brief overview of how it could be solved. For each issue, you should have a more detailed description of the steps you took to discover it, showing enough detail for it to be repeated by the developers.
3. For each vulnerability and security issue, you have to analyse it according to the OWASP® Foundation security topics; the top 10 risks and vulnerabilities, 2014 and 2018.
4. You have to research and report on each possible security issue and give:
The OWASP category each security issue belongs to.
A technical explanation describing of why and how the issue does belong to that category, e.g.:
Programming/application analysis security issue.
Networking security analysis issue.
Or any other field that the issue might relate to.
An alternative technical solution to prevent the issue or issues.

Scope

• You will be given a collection of docker build scripts and Makefiles.
• Although you have access to the non-live versions of the systems, their Dockerfiles, Makefiles and so on, this does not count as a vulnerability. This is just the mechanism by which you gain access to the virtualised IoT environment.

o You can, however, examine all of these files to see if there might be vulnerabilities or security flaws you can demonstrate in the running system.
o This is the equivalent of having the source code for the IoT systems and being able to review the code, making this a "white box" test.

The system

The system is comprised of:
• An MQTT server that coordinates internal messaging and provides a web front-end for the user
• A Database server that stores local information, settings and so on
• A number of devices within the system.
o a temperature sensor
o a heating system
o a light sensor

All of the services are containerised in order to minimise platform dependency. For the purposes of this coursework, you can assume that the underlying platform is secure unless the container itself is compromised. You will be given a separate container for each of the services, and they will function in "virtual mode" while not on actual hardware.

You are also provided with a document describing the design of the infrastructure outside of the containers. You must include this in your assessment, but rather than look for vulnerabilities in the implementation for this part, you must assess the design decisions presented.

Attachment:- Security of Emerging Connected Systems.rar

Reference no: EM133128124

Questions Cloud

How will this affect the shape of the efficiency locus : Suppose the production function for commodities X and Y are identical.
Why is preemption important : 1) Why is preemption important? 2) How and why is a law preempted?
What should be reported in oriole income statement : What should be reported in Oriole's income statement for the year ended December 31, 2022, as the cumulative effect on prior years of changing
Transaction of bank of america balance sheet : Suppose you deposit $6000 in currency into your checking account at a branch of Bank of America, which we will assume has no excess reserves at the time you mak
7026CEM Security of Emerging Connected Systems Assignment : 7026CEM Security of Emerging Connected Systems Assignment Help and Solution, Coventry University - Assessment Writing Service
What is the yield to maturity : Consider a 10-year bond that makes semiannual coupon payments. If the face value is 100, the coupon rate is 2% and the bond price is 84.867, what is the yield t
Compute the carrying amount of the machine : Ironic Metal Products, Inc., acquired a machine on January 2, 2017, for $76,600. Compute the carrying amount of the machine at the end of 2020
What is probability that stock market index underperforms : Suppose that the monthly log return of the stock market index is normally distributed with expected return and volatility of 0.0059 and 0.0662, respectively. If
Estimates of the likely pre and postmerger prices : Based only on these data, provide quantitative estimates of the likely pre- and postmerger prices in the wholesale market for premium Scotch liquor.

Reviews

len3128124

4/19/2022 10:32:59 PM

This is a assignment related to testing, In this assignment there are two different course works CW2, which is all about the finding the vulnerabilities for the attached file using white box testing technique and CW1 is about the laws which are applied for the found vulnerabilities in CW2, according to the UK and US Laws. Both the assignment are related CW2 need to be done to get write the laws in CW1

Write a Review

Computer Network Security Questions & Answers

  Appraise network security issues and emerging technologies

Appraise network security issues and emerging technologies and Analyze emerging network technologies and their implementation

  How does the event relate to issues addressed in cyber

Find a Cybersecurity-related current event, activity, or development in the news, briefly summarize the event and reflect on its significance, How does the event relate to issues addressed in cyber

  Discuss about the cyber security and risk management

Read Four (4) academically reviewed articles on Cyber Security and Risk Management and complete the following activities: Wikipedia articles will not be accept

  Decisions on any changes that materially affect project

It has been recommended in some quarters that for large projects, decisions on any changes that materially affect assignment milestones

  Explain the site for marketing and site design purposes

Using the library, the Internet, and any other materials, prepare a PowerPoint presentation that outlines the following items

  Define the principle of defense in depth

Define the principle of defense in depth. Give two examples of how the principle might be applied: one describing security measures across multiple layers of security architecture, and another describing security measures within a single layer

  Give a formal definition of strong one-time secure signature

CS 555-Spring 2017 Homework. Give a formal definition of strong one-time secure signatures. Show a simple way to fix this and get a CPA-secure method

  Explain the importance of communication protocols

Explain the importance of communication protocols. Identify the protocols in your design and provide rationale for your decision.

  Compute runtime of an average exhaustive key-search on des

Compute the runtime of an average exhaustive key-search on DES assuming the implementational details. How many COPACOBANA machines do we need in the case of an average search time of one hour?

  What tool do we have to identify cover communication channel

CSIS 343- As network defenders, what tools do we have to identify cover communication channels, and is that something we should really be concerned about anyway?

  What is authentication in information security

What is authentication in information security? What is authorization in computer security? Why authorization and authentication are important?

  Research at least two successful cyber attacks

Research at least two successful cyber attacks that occurred in recent years. Describe the details of the event. What was compromised?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd