Student Name

ID

Course

Instructor

Date

1
Contents

Introduction..............................................................................................................................2

Background...............................................................................................................................3

UML Diagram..........................................................................................................................3

Data Flow Diagrams (DFDs)...................................................................................................5

Threat Type Modelling............................................................................................................8

Threats to System.....................................................................................................................9

Conclusion.................................................................................................................................9

References...............................................................................................................................10

2
Introduction

Threat modeling is the process of improving system security by identifying vulnerabilities

and defining countermeasures to prevent and mitigate the effects of the threats (Xiong &

Lagerström 2019, p. 51). A vulnerability is a weakness in the system that can make it easier

for an attacker to bypass the security measures in place and access confidential information

(Vliet et al. 2016, p. 375). This report aims to identify security threats for Business &

Communication Insurance (B&C Insurance) and develop a cyber-security crisis management

plan to address potential risks and threats from hackers trying to steal information from the

company. This report includes data flow diagrams for the system to show B&C Insurance

management about how data will flow in the proposed system. The report also identifies

threats to the system and how to mitigate them before causing any damage.

Background

B&C Insurance is a private health insurance company whose CEO received a ransom email

from an unidentified company that claims to have access to the company's strategic plans and

personal details of 200,000 clients. This made the CEO appoint a group of expert consultants

to prepare reports identifying threats and vulnerabilities of the system and extrapolate a crisis

management plan to address these weaknesses to avoid consequent attacks. This report

outlines the system's threat model, possible threats, their impact, and their likelihood to occur.

UML Diagram

A UML diagram is a diagram based on the Unified Modeling Language used to represent a

system's main actors, roles, classes, and actions to help understand information about the

system (Cvetković & Cvetković 2019, p. 1351). There are many different types of UML

diagrams including use case diagrams, class diagrams, and component diagrams. There are

3
two main types of UML diagrams; behavioral and structural. Structural UML diagrams show

elements of a system independent of time and convey how these elements relate to each other

(Shirole & Kumar 2013, p. 5). In contrast, behavioral UML diagrams, on the other hand,

depict the dynamic behavior of a system and the factors that change over time.

Differences between Structural and Behavioural UML Diagrams

Structural Behavioral

It emphasizes the static structure of the It emphasizes the dynamic behavior of the

system system (Zafar et al. 2014, p. 173)

A structural diagram describes the relation A behavioral diagram describes the

between classes. interaction between people and use cases.

Deployment view can be achieved. Deployment view cannot be achieved.

Examples include class diagram, object Examples include use case diagram,

diagram, component diagram, and sequence diagram, collaboration diagram,

deployment diagram. statechart diagram, and activity diagram.

Changes in events will not have any effect Changes in events have an effect on the

on the internal states. internal states.

Table 1: Differences between Structural & Behavioural UML Diagrams

Advantages of Using UML Diagrams

 Flexible and mainly used

UML is used and recognized by most people as one of the best platforms for system

design. UML allows one to customize the modeling elements and interactions to suit

the domains being used (Hassan et al. 2020, p. 2).

 Abundant UML tools

4
 Many developers use UML mainly for their tools. UML tools can be used to apply

design patterns, perform complex analysis, and even mine requirements.

 Requires little knowledge use

One does not need too much knowledge to use UML tools. The software is intuitive,

and anyone with knowledge in software design can use it to model a design for their

system.

 Planning tool

UML has good planning tools that can generate code based classes in the model. This

helps reduce the overhead tasks during the implementation stage of the System

Development Life Cycle.

Disadvantages of Using UML Diagrams

 UML code does not include information about the system; therefore, such information

may be lost.

 UML does not define a standard file format. Every vendor stores the representation of

its UML model in its proprietary format.

 The UML model is limited to what the vendor out of the box.

 Synchronizing codes with models can be difficult.

 UML is a large and complex language with many different concepts and imprecise

semantics.

Data Flow Diagrams (DFDs)

A data flow diagram is a visual representation of how information flows through a process or

system. DFDs include data inputs, outputs, data stores, and processes that the data moves

through (Zhang et al. 2018, p. 41). There are standard symbols and notations used to describe

5
the entities and relationships in the system. The diagram below shows the DFD for the B&C

Insurance system.

Figure 1: DFD for B&C Insurance

Components

The components of the DFD for B&C Insurance are as follows:

1. Insurance Plan

A client applies for a new insurance plan by filling in a form and submitting it to the

system. After submittal, the system automatically captures the data and forwards the

details for verification.

2. Verify details

6
 The detailed verification process receives data from the insurance plan process,

verifies it, sends the appropriate staff member to add the customer details, and sends

the insurance plan's status back.

3. Payment

After the application status is approved, the customer makes payment via credit card.

Once the payment goes through, the system is confirmed, and the customer's

insurance plan is paid for and will take effect according to the policy.

4. Add customer details

The staff member receives details of the application and adds the customer's details in

the customer data store.

DFD with Trust Boundary

7
A trust boundary in threat modeling is a term used to describe the boundary program data or

execution changes its level of trust (Hassan et al. 2020, p. 10). This line defines where data

comes from an untrusted source. This line depicts where it is necessary to implement security

features like authentication before access to information is granted.

Figure 2: DFD with Trust Boundary for B&C Insurance

Context Diagram

A context diagram is used to diagrammatically define boundaries between the system and its

environment, showing its entities and how they interact with it (Hong & Song 2013, p. 181).

It is also referred to as level 0 DFD. The B&C Insurance entities include customers, staff

members, and the administrators, among others.

8
 Figure 3: Level 0 DFD or Context Diagram for B&C Insurance

DFD level 1

The level 1 DFD of B&C Insurance goes deeper into the Add Identity process and shows its

sub-processes and how they interact. Here, the customer can add identity after their insurance

application status has been approved or renew their old insurance.

9
 Figure 4: Level 1 DFD for B&C Insurance

Threat Type Modelling

Threat Definition Why it happens Impact Likelihood

Denial of Denial of service  Channel Moderate High

Service occurs when an overload may

attacker floods the cause the

system with system to

unwanted messages crash

like spam such that  A large

other users of the number of data

system are packets sent at

temporarily unable to once causes

use the services the system to

(Xiong &

10
 Lagerström 2019, p. hang

53).

Spoofing Spoofing is where an  If the High Moderate

attacker poses as a authentication

trusted or known system is

source in order to bypassed

trick users.  When

malware is

used to fake

operations

Information This threat occurs  An attacker High High

Disclosure when an attacker can use

exposes confidential malware to

information to an steal

unauthorized third passwords and

party inputs.

 The attacker

can steal

browser

history from

an insecure

PC.

Tampering Modification of data  Modification High Moderate

for malicious of keyboard

purposes tools using

11
 malware

 Bugs placed in

the system

listen and

infiltrate

information to

the attacker

Repudiation A repudiation attack  Lack of log of High Moderate

happens when a user activities

system does not on the system.

adopt controls to  Users denied

track users' actions, performing

thus allowing some

malicious activities.

manipulation or

forging the

identification of new

actions (Chen et al.

2017, p. 18).

Table 2: Threat Type Modelling

Threats to System

Type of Threat View From B&C Insurance Perspective

Denial of Service Bulky unwanted messages can make the B&C Insurance

12
 system hang or crash temporarily, leading to a lack of

services (Santos et al. 2017, p. 3)

Spoofing Insufficient authentication can lead to credential theft by

attackers and unauthorized access to the system

Tampering Attackers can modify data leading to loss of data

integrity and security breach.

Information disclosure An attacker can disclose sensitive information to third

party companies.

Table 3: Threats to System

Conclusion

This report outlined the threats and threat model for B&C Insurance company and their

impacts on the system. It also covered the different UML diagrams that can be used to model

the system with improved security features that will assist management in ensuring all

vulnerabilities are addressed, and crisis management strategies are in check. Data flow

diagrams are also used to depict the system model and how data flows within processes from

untrusted zones to trusted zones where security features must be implemented. The current

B&C Insurance system is vulnerable to different types of security threats, including spoofing

threats, denial of service, tampering of information, and information disclosure.

Implementing the crisis-management strategies in place will reduce the chances of another

attack on the company.

References

Chen, C-L, Chiang, M-L, Peng, C-C, Chang, C-H & Sui, Q-R 2017, 'A secure mutual

authentication scheme with non-repudiation for vehicular ad hoc networks',

13
 International Journal of Communication Systems, vol. 30, no. 6, 10.1002/dac.3081,

<https://lesa.on.worldcat.org/oclc/6987626883>.

Cvetković, J & Cvetković, M 2019, 'Evaluation of UML diagrams for test cases

generation:Case study on depression of internet addiction', Physica A: Statistical

Mechanics and its Applications, vol. 525, pp. 1351-9, 10.1016/j.physa.2019.03.101,

<https://lesa.on.worldcat.org/oclc/8156828656>.

Hassan, MM, Hassan, MR, Huda, S & de Albuquerque, VHC 2020, 'A Robust Deep Learning

Enabled Trust-boundary Protection for Adversarial Industrial IoT Environment',

IEEE Internet of Things Journal, p. 1, 10.1109/JIOT.2020.3019225,

<https://lesa.on.worldcat.org/oclc/8652198317>.

Hong, O & Song, J 2013, 'A New Method of Understanding Learning in Science Centers:

Context Diagrams of Learning Experiences', Visitor Studies, vol. 16, no. 2, pp. 181-

200, 10.1080/10645578.2013.827021,

<https://lesa.on.worldcat.org/oclc/5160026255>.

Santos, EE, Santos, E, Korah, J, Thompson, JE, Murugappan, V, Subramanian, S, Yan, Z &

Ieee International Symposium on Technologies for Homeland Security Waltham,

MAUSAAA 2017, 'Modeling insider threat types in cyber organizations', in 2017

IEEE International Symposium on Technologies for Homeland Security (HST),

IEEE, pp. 1-7, <https://lesa.on.worldcat.org/oclc/7064639044>.

Shirole, M & Kumar, R 2013, 'UML behavioral model based test case generation a survey',

ACM SIGSOFT Software Engineering Notes, vol. 38, no. 4, pp. 1-13,

10.1145/2492248.2492274, <https://lesa.on.worldcat.org/oclc/5138552497>.

14
Vliet, VMTH, Wiberg, D, Leduc, S & Riahi, K 2016, 'Power-generation system vulnerability

and adaptation to changes in climate and water resources', Nature Climate Change,

vol. 6, no. 4, pp. 375-80, <https://lesa.on.worldcat.org/oclc/6894141503>.

Xiong, W & Lagerström, R 2019, 'Threat modeling - A systematic literature review',

Computers & Security, vol. 84, pp. 53-69, 10.1016/j.cose.2019.03.010,

<https://lesa.on.worldcat.org/oclc/8124699258>.

Zafar, NA, Alhumaidan, F, International Conference on Computational, S & Computational

Intelligence Las Vegas, NVUSAMM 2014, 'Possible Improvements in UML

Behavior Diagrams', in 2014 International Conference on Computational Science

and Computational Intelligence (CSCI), pp. 173-8,

<https://lesa.on.worldcat.org/oclc/8622919685>.

Zhang, H, Liu, W, Xiong, H & Dong, X 2018, 'Analyzing data flow diagrams by combination

of formal methods and visualization techniques', Journal of Visual Languages and

Computing, vol. 48, pp. 41-51, 10.1016/j.jvlc.2018.08.001,

<https://lesa.on.worldcat.org/oclc/7807529617>.

15