An entrepreneur has started a new business that allows content creators to stream live videos to a mobile app, KTube. This app allows registered users to watch videos, and to pay to subscribe to content creators and receive bonuses such as being allowed to directly message the content creator. It is also possible for a user to gift a subscription to another user. New regular users and content creators may register through the app only.

Content creators can also nominate users to become moderators, which are user accounts with special privileges that allow them to kick and ban users from live streams run by that content creator. Administrators must finalise this process, converting the normal user account permanently into a moderator account.

Administrator accounts have full access to the system and can modify the status of any other non$-$administrator accounts, as well as edit any saved details relating to users $($e$.$g$.$ account name, direct message history, etc..$)$ which do not include private or confidential information $($i$.$e$.$ they cannot view or modify passwords, payment details, etc..$).$ Administrator accounts were hardcoded into the app and there is no way to create new ones.

There are only $4$ types of users of the system described above: Registered Users, Content Creators, Moderators and Admins. All interaction with the service is via the app for all $4$ user types.

There are at least $2$ databases: Accounts$-$dbms and Simping$-$dbms

Accounts$-$dbms contains all sensitive personal and account related data for the registered users. Simping$-$dbms contains data relating to subscriptions $($e$.$g$.$ when the subscription was made, for what duration it lasts, the value, etc.$).$

Clearly, the system is not tightly specified. What is explicitly stated as possible or not possible in the above description must be followed, but other actions are possible too $($e$.$g$.$ it is stated user details are stored in Accounts$-$dbms$,$ so they must be$.$ But it is not stated nothing else can be stored there so other information could be stored there, or not, as you feel appropriate$).$ You must add functionality or detail as you see fit that fills in all of the gaps $($e$.$g$.$ whether regular users can chat during streams, how subscriptions are paid for is unspecified, where data related to the content creators accounts is stored, etc..$),$ and document all of your assumptions$/$details about the system which were not specified in the above description.

The outcome of the task should be a level $1$ DFD of the full system that includes your assumptions, and a threat analysis. Use MS Threat Modelling Tool.