Key Threat 1

Deployment of Insecure Software in the PropScreen

Software that lacks secure implementation can be exploited by malicious actors. Since PropScreen processes the prompt sent by a user (which is considered an untrusted input), it could be vulnerable to inputs causing undefined or unintended behavior. For example, an attacker might attempt command injection attacks by sending injection strings.

STRIDE Model for Propscreen PropScreen Module

Threat	Possible Threat Scenarios
Spoofing Identity	No known threat scenarios at this time
Tampering	Insecure third party libraries being used Command injections attacks against the client application that will be passed to PropScreen
Repudiation	No known threat scenarios at this time
Information Disclosure	PropScreen fails to interdict the sensitive information in the model response Attackers begin to infer PropScreen's interdiction behavior based on whether or not model responses are returned to them Command injections attacks against PropScreen
Denial of Service	Threat actor causes PropScreen to crash via command injection
Elevation of Privilege	Insecure third party libraries being used Command injections attacks against PropScreen

Potential Negative Impacts (Risks)

There are several risks associated with this key threat, including unauthorized disclosure of sensitive information to unauthorized individuals (whether intentional or accidental), violations of privacy policies or other confidential information protocols due to such disclosures, and the risk of PropScreen failing to operate correctly, thereby allowing clients to access and use the LLM without PropScreen scanning the output responses.

Risk Rating - Critical

The risk rating of this key threat is deemed to be critical because a failure would result in the failure of the entire solution. Established and credible threats, such as command injection, supply chain compromise, or the use of insecure libraries, pose significant risks to any software being developed.

Appropriate Defenses and Security Controls

The primary security control to be used to address this key threat is to develop software in a secure manner and follow best practices. The group has elected to use the accordance with the OWASP Developer Guide as their fulcrum for best practices, especially input sanitization and supply chain management.

Prioritization Rationale (Threats and Security Mitigations from Solution Standpoint):

As stated before PropScreen is the central component of the solution, there is no solution if the PropScreen is not secure. If threat actors are able to either hijack or bypass PropScreen, or if PropScreen fails in a way that allows users to still communicate with the LLM then the LLM would exist on the network undefended. Thus, the secure development of PropScreen is considered a top priority.