INSS 515-191 – Fall 2024 GROUP PROJECT
Submit a research paper worthy of peer-reviewed publication in a scientific /IT journal. Research materials used should not be more than 5 years old.
Project Topic: Apply Secure Software Design Principles In Developing LMS Application.
Purpose: In this assignment, you will analyze software to create a threat model. The threat model is a tool that aids in creating secure software applications/systems.
Assignment Instructions
You are a lead software engineer in the design phase of the secure software development lifecycle in your organization. You will do a threat model based on STRIDE for the learning management system (LMS) for this course.
The following assumptions about the LMS can be made:
The LMS is a web-based application that lives in the Cloud.
The LMS is database-driven. Assume the database is a relational one like Microsoft SQL server.
The database contains:
Authentication details for both students and faculty
Students in the course
Student work
Student grades
Seminar times
Seminar calendar
Seminar recordings
The LMS architecture is multi-tiered (client-server) such that the LMS runs on a web server tier, application server tier, and a database server tier.
The LMS’s application server tier must authenticate to the database.
Students and faculty must authenticate to get into the LMS.
Sensitive information is encrypted in the database.
The registrar’s system interfaces to the LMS via an application programming interface (API). The registrar can only retrieve final grades for the student.
REPORT CREATION
You will create a report for the software development team to review. If you have made assumptions, please list them. You will first create a threat model data flow diagram using OWASP Threat Dragon or a tool of your choice.
Next, identify at least three threats based on STRIDE, the possible motivation for it, and the mitigation for the threat. Use the following headings in your assignment:
Use Case Modeling
Data Flow Diagram
For each threat:
Threat
Motivation
Mitigation
