my stuff for the poster

[Assaf Kipnis]

Confidentiality:CS team needs to ensure that only authorized personnel have access to aggregated data such as historical and real time resident date, billing information and user account information including usernames and passwords.

Integrity:Data flow within the CS department controlled subsystem must be authenticated and prove accurate. Data includes; Information flow between the sensor module (central module) and the web-server, data going in and out of the database and communication with the mobile application and website.

Availability: All CS assets must be accessible and usable at all times. Server, database, Wi-Fi communications, user profiles and physical machine must all be available and be able to communicate throughout during the competition and later “home” lifecycle           

Privacy:CS team needs to identify and protect what is considered to be private information. Personal information related to user profiles, stored learned information (learning algorithm output) and historical information 

Attackers:

Identity thieves: Such attacker would attempt to take the resident’s identity. He/She will try to use the residents information for credit card fraud, fraudulent bills etc. 

Disgruntled employees: An employee of a utility company might want to harm our project in order to smear the name of the company where he/she is employed

Users with past access:A past user with a set of permissions given by the super user. Examples span Ex-spouses, past relationships, house sitters, pet walker etc.

Recreational hackers/crackers:Often high school or university students. This attacker will attempt to access the network for monetary or personal gain. A hacker/cracker might cause chaos, loss or harm to the network for self-satisfaction.

Burglars/Home invasion: Such attackers will gather information from smart features. This information will be used to analyze the resident’s movement over time and find the best time to attack

Assaf