ThreatModelingAssignment-CS456Consider that you are the security team for the following software development project: Your customer is a local auction firm called MooTube Auctions. Mootube specializes in onsite farm, household, and video store (hence the "tube") auctions and they need a software system designed to handle their auction events. The company has three employees - an auctioneer (also the MooTube owner), a clerk and a flunky. Computing hardware of the company includes a mySQL database server, a web server to handle all auction transactions, and two iPads - one for the clerk and one for the flunky. All of these devices communicate by WIFI and Internet, except the two servers, which are connected on a proprietary in-house LAN and protected behind a perimeter firewall. All communication with the iPads uses unencrypted http protocols. MooTube also uses their website and database server to advertise their various business with a typical Internet retail presence, but the associated software to implement MooTube web pages was written by another company and not part of this project. Each auction is a new event and only buyers registered on that day may bid. To register a potential buyer must show see the clerk who photographs the individual's driver's license. Your software must check this individual against your database of folks who have not paid their debts from a prior auction and against the DMV's database of criminals and/or invalid driver's licenses. Each registrant must also supply their email address to the clerk. Authenticated buyers are each given a uniquely numbered placard that they must wave in order to place a bid. As the auction proceeds, the flunky with the second iPad enters each purchase into a purchase database. The purchase must indicate three things: an ID code for the item purchased, a dollar amount to be paid and the placard number of the buyer. Buyers can check out with the clerk at any time within two hours after the auction ends. To check out the purchaser must show his/her placard and then present a credit card to the clerk. The clerk enters the credit card info and your application uses a standard third-party system to verify that the card is legitimate and has sufficient credit to cover the purchase. The purchaser receives an invoice that is emailed by your software to the email address supplied at the time of registration. The day after the auction the database of purchase transactions and the database of buyers is archived. Also at this time, all buyers with unpaid bills are added to the buyers with unpaid bills database. The auctioneer is the only person with admin privilege on the web and database servers. The auctioneer chooses when to create and destroy the customer databases, and can manually alter any field of any database record. Each of the three employees has a separate role that allows them to perform only the functions as described. Your servlet must allow the MooTube owner create, delete and modify new users. Each user is given one of the three roles, along with a user name and password. User authentication to your system is handled through a web servlet regardless of device, and all user accounts are maintained by the web server. Your program maintains a log file on the web server of all logins and logouts.

ThreatAnalysisFor this assignment you will produce a complete collection of threat modeling documents. (These should then by emailed to riley@cs.uwlax.edu or submitted in paper form) (1) A high-level design style dataflow diagram that shows all files and external entities. It should

include processes sufficient to cover all of the described functionality, but need not break down behavior with any more detail. Also, your DFD should include dashed lines to depict the trust boundaries.

(2) Using STRIDE identify threats. You need not show an entire threat scenario for each, but there

needs to be enough of an explanation to understand the nature of each threat and how it differs from others. Classify each threat under S, T, R, I , D, or E - you should have several in each category Please remember that this exercise should be thorough but not uselessly complex. In other words you are expected to capture significant threats, but need not include everything - particularly threats that are nearly impossible or have virtually no impact. Also, please exclude physical threats, such as theft, vandalism, fire or flood to any of the physical devices. Sometimes you may want to group threats into a single lump because they all have substantially the same probability of occurrence and potential for damage. However, you need to think carefully, because it is important to separate threats whenever they have substantially different threat trees, significantly different probability of occurrence or varying potential for damage.

(3) Draw a threat/attack tree for one of the threats you have identified. In part this tree will be graded

upon complexity - number of nodes and tree height and breadth. Include both one AND and one OR relationship somewhere within your tree. This means that you need to select a root threat that is sufficiently broad that it can be broken down into a complex tree.

(4) Select five of the threats you listed in response to requirement (2) above, but not more than one

that was included in your threat tree. Rank each of these five threats using a LOW-MODEST-MEDIUM-HIGH ranking for probability of occurrence and the same ranking system for potential damage.

You will be graded upon completeness, clarity, reasonableness and the utility of your documents.

DueDate:Apr.22,2016