Key Threat 2

Denial of Service or Cost Running Attacks on the LLM

An attacker could leverage the high compute costs of the PropScreen’s check and the LLM’s response against the organization by sending a large number of requests to drain organizational resources, or by requesting the LLM’s responses to be as large as possible. High compute loads may run up AWS costs of the organization deploying the solution and could potentially cause an aspect of PropScreen to crash.

STRIDE Model for LLM and PropScreen Modules

Threat	Possible Threat Scenarios
Spoofing Identity	No known threat scenarios at this time
Tampering	No known threat scenarios at this time
Repudiation	No known threat scenarios at this time
Information Disclosure	Undefined behavior in PropScreen could result in information disclosure
Denial of Service	Service degraded or failing for other users Organization incurs unnecessary and wasteful cloud computing costs
Elevation of Privilege	No known threat scenarios at this time

Potential Negative Impacts (Risks)

The primary risk found in this threat scenario is the risk of excessively high AWS costs to the organization deploying the model. A second risk is that of service outages or degraded service due to the attack.

Risk Rating - High/Medium-High

There is essentially no cost on the endpoint side to send requests, or requests crafted to invoke large responses so the overhead is relatively low for a malicious actor to perform such attacks. However the impact can be catastrophic financially for the organization, since PropScreen is handling the requests from the client, it needs to do so in a secure manner.

Appropriate Defenses and Security Controls

The deployment of a rate request limiter between PropScreen and the client would serve to prevent a denial of service attack against PropScreen by means of request flooding. If the preset model response token size is deemed large enough to be a denial of service risk to PropScreen, then a token size limiter could be implemented to reduce the total amount of tokens that can be returned in one response.

Prioritization Rationale (Threats and Security Mitigations from Solution Standpoint)

Input from the user can not be trusted and the asymmetric nature of DoS attacks should be considered. While this threat scenario may not directly relate to the primary use case of the solution, if this threat is not addressed then not only would PropScreen not be able to perform its function, but would actually be utilized as an attack surface against the target organization by the attacker. It is for this reason that this scenario has been determined to be a key threat.