security architechture and design lab 4

profilevenkatreddy556
Lab4QuickenBillPay.pdf

ISOL 536 – Security Architecture and Design

Dr. Charles DeSassure

University of the Cumberlands

Lab 4

General Instructions

1. Use the course cover sheet. Start working on page 2 of the cover sheet.

2. Upload your final document to Blackboard by the due date.

Problems

1. Consider an electronic bill-paying system (such as Quicken Bill Pay), see

https://www.quicken.com/. The key features of this system: A customer

using Quicken (on their computer) can pay bills using their computer’s app

(the Quicken program). Paying a bill with such a system directs the

customer’s bank to send money electronically to pay the bill. You can

imagine that the bank just sends a check instead of the person writing the

check, but the payments are made electronically between the customer’s

bank and the payee’s bank (and that transaction is outside the scope of our

analysis).

To make communication between customers and the service more efficient, the

service itself maintains an account for each customer. Also, for each customer,

the service maintains records of the customer's bank and the customer’s account

for each payee. Such records include the customer’s account number for that

payee and the local address of the payee.

a. Draw a network mode of the Quicken Bill Pay service. Use the program

from Lab 2 or any other design/drawing tool. Remember, convert your

final drawing to a PDF file. Make sure that your work is neat, lines are

correct, and you use the correct design shapes (any shape will not work).

Label each shape. (50 points).

b. From the point of view of the Quicken Bill Pay service, what are the assets

to be protected in such a system? (Only consider the part of the service

that allows bill payments and queries about bill payments by customers).

[Do not other services such as transferring money between accounts]). You

should list at least five. (25 pts).

c. From the point of view of the Quicken Bill Pay service, what are the threats

for the service? List and explain five threats to the system. (25 pts).