> For the complete documentation index, see [llms.txt](https://propscreen.gitbook.io/propscreen/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://propscreen.gitbook.io/propscreen/project-considerations/secure-by-design.md). # Secure by Design ## Overview As a security tool, PropScreen must be as secure as possible in its design and implementation. If PropScreen fails as a security measure, or becomes a viable avenue of attack then it fails in its purpose altogether. The following considerations have been made to ensure PropScreen is secure by design. ## Containerization PropScreen runs in a container and therefore enjoys all the security benefits that come with the utilization of running inside a container. Some benefits worth noting explicitly are the following: * A hardening of PropScreen's security posture due to the isolation of the container and the processes running inside it from the bare metal machine. * Since PropScreen is running inside a container, the attack surface against PropScreen is the container and PropScreen's interface as opposed to the entire machine and PropScreen's interface. In other words the attack surface is smaller due to containerization. * Containerization allows for PropScreen enjoy a greater level of portability between different operating environments and enables an instance to be quickly deployed or redeployed. These two traits allow for PropScreen to be quickly redeployed in the event of a failure or outage. ## Database Security When interacting with the databases required for its function, PropScreen principles of Zero Trust and Least Privilege. It is worth noting that all databases are assumed to be encrypted and configured in such a way that only authorized users and PropScreen have the ability to access them. * **Context String Database** * This is a read only database to PropScreen that contains non-sensitive information. * **Hashed Organizational Sensitive Information Database** * This is a read only database to PropScreen that only hashes of the information and nothing in the clear. * **Interdiction Log Database** * This is a write only database to PropScreen. * A current consideration is obfuscating the sensitive information found in the response even from the security analysts view. ## Vulnerability Assessment [Docker Scout ](https://docs.docker.com/scout/)was used to determine the existence of vulnerabilities in the PropScreen container. Based off of the results a vulnerability remediation plan can be developed and implemented in order to harden PropScreen's security posture. Docker Scout will be a tool that will be continuously used for both vulnerability and supply chain management. The [CATS](https://github.com/Endava/cats) API fuzzer was utilized to test the security posture of the client web application in the PropScreen PoC. While in an actual deployment, this web interface would not exist in the same form, REST API calls would probably be made. Therefore testing the security posture of the API calls made to PropScreen is justified and necessary. ## PropScreen Fails Closed If PropScreen fails, it fails closed. What this means is that the user is not longer able to access the Company LLM. This ensures that the Company LLM does not have the opportunity to disclose sensitive information while PropScreen is not operational. This approach dramatically reduces the likelihood of sensitive information disclosure occurring during an unexpected outage of PropScreen. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://propscreen.gitbook.io/propscreen/project-considerations/secure-by-design.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.