System Description Consider a carpooling system where users can register, create

profiles, list, and book ride. The system uses different matching algorithms to pair the

passengers with suitable drivers based on various constraints such as location, time,

destination etc.

The system provides both a web interface and a mobile application for users to interact

with it$.$ It also contains three servers: a web server to handle http requests, an application

server to implement the business logic and a database server. Third$-$part services

including a payment gateway and geolocation services are used by this system.

Instructions. Your task is to first identify security requirements for this system and then

perform threat analysis. You might need to make some assumptions about the scenario

and justify them, e$.$g$.,$ assume that a specific component has a specific type of

vulnerability, or the driver uses a particular type of device with known security

weaknesses, etc. Your threat analysis should answer the following three questions:

I. Identify three application$-$specific security requirements for this system which

directly impact the passengers. Each requirement is meant to ensure a security

property corresponding to an aspect of STRIDE.

Note: A security requirement is a statement that describes the required security

functionalities to ensure certain security properties, such as integrity, availability,

confidentiality, etc. An example of a general security requirement is $$The system

should use two$-$factor authentication to authenticate users$.$

II$.$ Design a FAIR Loss Scenario involving third$-$party services which violates two of

the security requirements identified in $($I$).$ You need to identify all the relevant

elements of the loss scenario according to the FAIR methodology $($See the slides$).$

Which requirements are violated by this?

III. Draw an attack tree for your scenario which contains at least four levels of nodes

and engages with the scenario. Give a brief description of your attack tree and

suggest mitigations to protect again this threat using MITRE ATT@CK mitigations.

Your attack tree should refine the attack steps as far as possible and include

concrete steps. You are advised to consult MITRE ATT@CK framework to develop

appropriate tactics and techniques.Rubric

The following Rubric will be used for the assessment.