secure-software-engineering/Exercise/Writeup/lab01.md

# Lab 1: Security Requirements

## Metaverse User Stories

`Metaverse Users` are referred to as users here.

User | Task | Goal | Context | Action | Outcomes
-- | -- | -- | -- | -- | -- 
User | perform authorized payment transactions | only I can make transactions in my name | An adversary knows my payment information | he tries to pay with my info | the payment is declined if not authorized by me
Developer | access user configurations (avatars, config) | personalize the user experience of my applications
Teacher | make physical course material available in the metaverse | students can see them in virtual reality
User | have a unique identification key in bound to my avatar | everyone can recognize my avatar | my avatar is public | my avatar is used by another user | the user cannot impersonate my identity because he doesn't know the key
User | virtual home to be self or zero knowledge hosted | my privacy can not be intruded

Corrections:

- User stories are more non-functional and should not contain less security aspects, rather the use-case functionality

User | Task                      | Goal
--   | --                        | --
User | Perform a payment         | Acquire a virtual/physical asset
User | Add and remove friends    | Keep track of what my friends are up to
User | Set home privacy          | Prevent strangers from entering my home
User | Use voice chat            | Communicate with other users
User | Fast travel               | Quickly get to another location in the virtual space
User | Give another user an item | Sell/Gift assets
Added writeup for lab 1 (first session) 2022-05-02 17:53:26 +02:00			`# Lab 1: Security Requirements`

			`## Metaverse User Stories`

			`Metaverse Users` are referred to as users here.

			`User \| Task \| Goal \| Context \| Action \| Outcomes`
			`-- \| -- \| -- \| -- \| -- \| --`
			`User \| perform authorized payment transactions \| only I can make transactions in my name \| An adversary knows my payment information \| he tries to pay with my info \| the payment is declined if not authorized by me`
			`Developer \| access user configurations (avatars, config) \| personalize the user experience of my applications`
			`Teacher \| make physical course material available in the metaverse \| students can see them in virtual reality`
			`User \| have a unique identification key in bound to my avatar \| everyone can recognize my avatar \| my avatar is public \| my avatar is used by another user \| the user cannot impersonate my identity because he doesn't know the key`
			`User \| virtual home to be self or zero knowledge hosted \| my privacy can not be intruded`

			`Corrections:`

			`- User stories are more non-functional and should not contain less security aspects, rather the use-case functionality`

Write new user stories 2022-05-02 19:24:05 +02:00			`User \| Task \| Goal`
			`-- \| -- \| --`
			`User \| Perform a payment \| Acquire a virtual/physical asset`
			`User \| Add and remove friends \| Keep track of what my friends are up to`
			`User \| Set home privacy \| Prevent strangers from entering my home`
			`User \| Use voice chat \| Communicate with other users`
			`User \| Fast travel \| Quickly get to another location in the virtual space`
			`User \| Give another user an item \| Sell/Gift assets`