Secure by Design
Overview
As a security tool, PropScreen must be as secure as possible in its design and implementation. If PropScreen fails as a security measure, or becomes a viable avenue of attack then it fails in its purpose altogether. The following considerations have been made to ensure PropScreen is secure by design.
Containerization
PropScreen runs in a container and therefore enjoys all the security benefits that come with the utilization of running inside a container. Some benefits worth noting explicitly are the following:
A hardening of PropScreen's security posture due to the isolation of the container and the processes running inside it from the bare metal machine.
Since PropScreen is running inside a container, the attack surface against PropScreen is the container and PropScreen's interface as opposed to the entire machine and PropScreen's interface. In other words the attack surface is smaller due to containerization.
Containerization allows for PropScreen enjoy a greater level of portability between different operating environments and enables an instance to be quickly deployed or redeployed. These two traits allow for PropScreen to be quickly redeployed in the event of a failure or outage.
Database Security
When interacting with the databases required for its function, PropScreen principles of Zero Trust and Least Privilege. It is worth noting that all databases are assumed to be encrypted and configured in such a way that only authorized users and PropScreen have the ability to access them.
Context String Database
This is a read only database to PropScreen that contains non-sensitive information.
Hashed Organizational Sensitive Information Database
This is a read only database to PropScreen that only hashes of the information and nothing in the clear.
Interdiction Log Database
This is a write only database to PropScreen.
A current consideration is obfuscating the sensitive information found in the response even from the security analysts view.
Vulnerability Assessment
PropScreen Fails Closed
If PropScreen fails, it fails closed. What this means is that the user is not longer able to access the Company LLM. This ensures that the Company LLM does not have the opportunity to disclose sensitive information while PropScreen is not operational. This approach dramatically reduces the likelihood of sensitive information disclosure occurring during an unexpected outage of PropScreen.
Last updated