Case Study: Security of System for Remote Management of Windows

In the process of designing and forming each system, it is necessary to identify potential vulnerabilities and threats to that system and to include appropriate countermeasures. The process that helps to find the problem in the first phase of design is called threat modeling. Threat modeling is based on the idea that every system has valuable resources that need to be protected. These resources have certain weak points that internal or external threats can use to harm them, while there are as well countermeasures used to mitigate them. Therefore, this paper analyses the security of a Web of Things (WoT)-based system for remote management of windows, which is in the design stage by using a threat modeling approach based on STRIDE and DREAD. The results obtained through Microsoft Threat Modeling Tool (MTMT) justified the use of threat modeling in the design phase given that we have identified in total 118 threats, with Elevation of privilege class of threats being the most prominent ones. The Information disclosure threats are found to be the ones characterized as medium and low risk ones, while the most represented high-risk threats again come from the Elevation of privilege class of threats.