diff --git a/docs/final_documentation/images/threat_model.png b/docs/final_documentation/images/threat_model.png new file mode 100644 index 00000000..40b2209c Binary files /dev/null and b/docs/final_documentation/images/threat_model.png differ diff --git a/docs/final_documentation/main.pdf b/docs/final_documentation/main.pdf index 7da714f1..a43cfc1b 100644 Binary files a/docs/final_documentation/main.pdf and b/docs/final_documentation/main.pdf differ diff --git a/docs/final_documentation/main.tex b/docs/final_documentation/main.tex index aaad2462..b059a8f8 100644 --- a/docs/final_documentation/main.tex +++ b/docs/final_documentation/main.tex @@ -37,6 +37,8 @@ We implemented two caches pull all the data from the ai recommendation every time it wants to notify the users about new movies to recommend \end{enumerate} +\paragraph{Database} +We use postgresql database to contain data about users, movies and user ratings \begin{figure}[H] @@ -47,8 +49,31 @@ We implemented two caches \section{Automated Infrastructure Management solution} +We use \textbf{Dockerfiles} +for each microservice, webinterface and database which +later get combined in docker compose file, after each commit on +\textbf{GitHub} main repository docker compose gets automatically run +on \textbf{Google Cloud} platform and deployed \section{Federated authorization and authentication management in the project} +We use industry standard \textbf{OAuth} protocol in our webinterface, +user creates their account and logs in, we use user token to +authorize their access on backend to their ratings and +recommendations. We use \textbf{firebase} services to manage OAuth protocol. \section{Threat model with mitigations} +Our single most important asset are user likes for specific movies \\ +We expect either bots or human agents trying to access those likes for a specific users or to modify user ratings to improve or decrease certain movies ratings \\ +To mitigate that we use: +\begin{enumerate} + \item Certificates on our frontend, which encrypt data transmitted between website and user + \item OAuth which is used to authenticate user and lower amount of bots accessing our Infrastructure + \item TLS encryption between our microservices so that even our inside communication is encrypted + \item Google cloud default security policies allowing us to monitor odd and potentially harmfull behaviours +\end{enumerate} +\begin{figure}[H] + \caption{Threat model} + \centering +\includegraphics[width=\textwidth]{images/threat_model.png} +\end{figure} \end{document} \ No newline at end of file