Secure by Design

Overview

As a security tool, PropScreen must be as secure as possible in its design and implementation. If PropScreen fails as a security measure, or becomes a viable avenue of attack then it fails in its purpose altogether. The following considerations have been made to ensure PropScreen is secure by design.

Containerization

PropScreen runs in a container and therefore enjoys all the security benefits that come with the utilization of running inside a container. Some benefits worth noting explicitly are the following:

• A hardening of PropScreen's security posture due to the isolation of the container and the processes running inside it from the bare metal machine.

• Since PropScreen is running inside a container, the attack surface against PropScreen is the container and PropScreen's interface as opposed to the entire machine and PropScreen's interface. In other words the attack surface is smaller due to containerization.

• Containerization allows for PropScreen enjoy a greater level of portability between different operating environments and enables an instance to be quickly deployed or redeployed. These two traits allow for PropScreen to be quickly redeployed in the event of a failure or outage.

Database Security

When interacting with the databases required for its function, PropScreen principles of Zero Trust and Least Privilege. It is worth noting that all databases are assumed to be encrypted and configured in such a way that only authorized users and PropScreen have the ability to access them.

• Context String Database

  • This is a read only database to PropScreen that contains non-sensitive information.

• Hashed Organizational Sensitive Information Database

  • This is a read only database to PropScreen that only hashes of the information and nothing in the clear.

• Interdiction Log Database

  • This is a write only database to PropScreen.

  • A current consideration is obfuscating the sensitive information found in the response even from the security analysts view.

Vulnerability Assessment

Docker Scout was used to determine the existence of vulnerabilities in the PropScreen container. Based off of the results a vulnerability remediation plan can be developed and implemented in order to harden PropScreen's security posture. Docker Scout will be a tool that will be continuously used for both vulnerability and supply chain management.

The CATS API fuzzer was utilized to test the security posture of the client web application in the PropScreen PoC. While in an actual deployment, this web interface would not exist in the same form, REST API calls would probably be made. Therefore testing the security posture of the API calls made to PropScreen is justified and necessary.

PropScreen Fails Closed

If PropScreen fails, it fails closed. What this means is that the user is not longer able to access the Company LLM. This ensures that the Company LLM does not have the opportunity to disclose sensitive information while PropScreen is not operational. This approach dramatically reduces the likelihood of sensitive information disclosure occurring during an unexpected outage of PropScreen.