Please help me to complete the following assignment. This assignment should have minimum 20 pages.

 

Assume that you are in the information security team of a company called HomeAutomator, which is trying to implement home automation system that can be controlled remotely through internet. The proposed system can monitor different parameters like gas, light, motion detection, temperature, etc. using the sensor data and also trigger a process according to the requirement. The data from the sensors are uploaded to a cloud server and this data can be used to analyze the parameters.

Computing hardware of the company includes  Oracle database server, a web server to handle all sensor data through REST API. There is an Android and iOS application to control the device and a dashboard to view the analytics data. All the IoT devices are connected to a Wi-Fi router.

Threat Analysis

Must produce a complete collection of threat modeling documents.

(1) A high-level design style dataflow diagram that shows all files and external entities. It should include processes sufficient to cover all of the functionality described above, but need not break down behavior with any more detail. Also, this DFD should uses dashed lines to depict the trust boundaries.

(2) Using STRIDE identify threats. You need not show an entire threat scenario for each, but there needs to be enough of an explanation to understand the nature of each threat and how it differs from others. Classify each threat under S, T, R, I, D, or E - you should have several in each category Please remember that this exercise needs to be thorough, but also cannot be so detailed that it is uselessly complex. In other words you are expected to capture significant threats, but need not include everything - particularly threats that are nearly impossible or have virtually no impact. Also, please exclude physical threats, such as theft, vandalism, fire or flood to any of the physical devices. Sometimes you may want to group threats into a single lump because they all have substantially the same probability of occurrence and potential for damage. However, you need to think carefully, because it is important to separate threats whenever they have substantially different threat trees, significantly different probability of occurrence or varying potential for damage.

(3) Must draw a threat tree for a threat. Your threat tree must contain at least ten nodes, three levels depth, and must include both AND and OR children.

(4) The team must come to an agreement of threat ranking for each threat. The ranking is to use a LOW-MODEST-MEDIUM-HIGH ranking for probability of occurrence and the same ranking system for potential damage.

You will be graded upon completeness, clarity, reasonableness and the utility of your documents.