Consider the following case study.

MusicOnDemand is a new subscription-based service for on-demand Internet streaming audio media. There are three types of users for MusicOnDemand:

1. Standard users;

2. Premium users;

3. Maintainers.

Standard and Premium users are able to log in, renew their subscriptions, search and have access to the standard audio library. In addition, Premierusers have access to the latest release library. Maintainers are able to log in, add songs, modify user's subscriptions, search for any type of songs, and read the audit log involving users' activities.

An unregistered individual can obtain access to the system via an automatic procedure involving the payment of the subscription through the DBTI bank: such a procedure can be audited by maintainers.

The external dependencies are presented in Table 1.

Table 1: List of external dependencies

You are assigned to be part of the threat modelling team. You need to follow the main steps of the threat modelling process as presented in the course:

1. Decompose the application using data flow diagrams, system architecture diagrams, and a table describing the main components and users of the system;

2. Determine 6 serious threats to the system using the STRIDE model and threat trees: they must refer to distinct classes of the STRIDE model;

3. Rank the threats by decreasing risk using the DREAD model and tables of threats description for each threat identified;

4. Choose how to respond to each threat;

5. Choose techniques to mitigate the threats;

6. Choose the appropriate technologies for the identified techniques.

Any assumption not grounded on information presented in the given case study must be clearly marked in the report.

Attachment:- Assignment.zip