Detailed Statement of Assignment 1

Objective

The objective of this work is to put into practice the concepts seen in class concerning threat modeling according to the STRIDE method.

Steps of implementation

Here is a brief summary of the problem.

A company in the field of automobile and home insurance has made a website available to its customers in order to allow them to open a file following an incident.

The site allows a customer with an insurance policy to fill out the form and describe the incident in order to process the file.

The main lines:

1. The ACME.com website allows policyholders to open an insurance claim for its customers.
2. The insurance claim website consists of a form with the following details:
   1. Unique Claim Identification (generated)
   2. Role (Are you an agent or an insurance holder?)
   3. Gender
   4. First Name
   5. Last Name
   6. Address
   7. Town
   8. Zip code
   9. State
   10. Country
   11. Home/work/mobile phone number
   12. Email address
   13. Identification of the co-applicant
   14. Date de l’incident
   15. Description of the incident with identification of witnesses
3. The policyholder may include files to support their claim.
4. The policyholder submits their claim form and files via HTTPS to the insurance company.
5. When the policyholder submits their form, an email notification is sent to all agents for approval
6. The company stores the received textual information in a database.
7. The company stores the metadata of the files (such as location, file name, complaint identification, etc.) in the same database.
8. The files themselves are stored on a file server.
9. This project will use a three-tier architecture: browser, web server, and database server
10. After a certain period of time or when the status of claims changes (usually no more than three business days), the policyholder receives a PDF file by email containing the status of their claim.
11. This PDF file is attached to this email and contains the following information:
    1. Follow-up of the request
    2. Last name, first name, address, policy number, driver’s license number, date of incident, claims history, name of files uploaded, etc. (all the information we have from the request).
12. An investigation officer can also view the status of the application on the same website.
13. When an agent clicks the “I’m an agent” option or the user tries to search for a request by login, a login window appears to log in as an agent.
14. The agent website part shows the same information, but it’s read-only. It comes with a list of approval or rejection requests and the ability to add comments.
15. The agent can download one or more of the files attached to the request to see what’s in it
16. All information between the client or agent browser and the web server is in HTTPS.
17. Agents can use their personal computers to log in.

Here’s a screenshot of the site as seen by customers:

* A “submit” button is displayed when the required elements are completed

Here is a summary of the key steps for the user entering the website (This is a user flow diagram):

Table of Contents

Q1 – Introduction. 1

Q2 – Status Report 2

Q3 – Threat Modelling (DFD). 3

Q3 – Threat Modeling (Analysis). 4

Q4 – Validation. 1

Q5 – Conclusion. 2

Q6 – Bibliography. 3

Correction. 4

Q1 – Introduction

Why is threat modeling done? What are the objectives behind threat modelling? (Write a paragraph or two)

Q2 – Project Status

What are your appreciation on this homework’s statement?
List processes, actors, hypotheses and your observations [1]

Q3 – Threat Modelling (DFD)

Cloakroom:

• Use the statement and your assumptions in Q2 to create a DFD (Data Flow Diagram) using the tool seen in class.
• Take a readable capture. Otherwise, you will have a score of zero for this question.

Insert a screenshot of your DFD here:

Q3 – Threat Modeling (Analysis)

• You need to analyze one attack vector per team member. If there are 3 of you, you will analyze 3 attack vectors. If you are alone, analyze 1.
• The vector is a flow (name, type) that goes from point A (source) to point B (target) and is either unidirectional or bidirectional (direction).
  • If you have a “request submission” process and a “client browser” actor and you have put a flow that goes from the actor to the process. The vector happens to be the interaction between the two
• The flow of the chosen vector must pass through a trusted zone and must not be a human actor
  • Don’t put a nested trust zone (one within the other), it doesn’t make sense and you’ll lose points.
• Use the generated threats that apply to the chosen vector(s) and prioritize them.
• Add two threats of your own for each vector analyzed and prioritize them. (Please indicate which ones were added by you)
• Find a relevant mitigation measure for high priority (high) threats.
• For lower-priority threats, justify your decision.
• Fill in the corresponding table

Vector 1

(there are more lines than necessary)

Vector 2 (to be completed if you are a team of 2 or 3+)

Vector 3 (to be completed if you are a team of 3+)

(If you are exceptionally more than 3, copy and paste additional tables, if applicable)

Q4 – Validation

What would you change in the initial statement (see here “The Main Lines” or “The User Journey”) so that this company limits its risks and/or reduces the attack surface available for this project in light of your analysis and understanding?

Q5 – Conclusion

If you had analysed all the attack vectors of the DFD, would you, in view of what you have done, have achieved the objectives you set for yourself in Q1 and how?

Q6 – Bibliography

You must cite at least the course notes. Use the APA style. You can use the Word tool

Grading

• -10% for each day of delay
• -5% penalty for unfollowed instructions on the handover format.

[1] Example: There does not seem to be a system for converting attached files in the instructions. You could hypothesize that there is.

H2025_CR440E_AnswerSheet-Assignment1 (1)