Key Threats
Overview of the Three Key Threats
Starting Point on the System | Potential Type of Attack and/or Key Threat | Potential Negative Impacts (Risks) | Risk Rating | Appropriate Defenses/Security Controls |
Architecture - PropScreen in relation to all other systems | Tampering, Info Disclosure, Denial of Service from Insecure Software in PropScreen | Unauthorized data disclosure Privacy policy violation PropScreen Failing Open
| Critical | Develop software in accordance with the OWASP Developer Guide (focus on section 5, especially input sanitization and supply chain management) |
Asset - LLM | Denial of Service, Cost Running Attacks | Service degraded or failing for other users Organization incurs unnecessary and wasteful cloud computing costs
| High/Medium-High | Implement rate a limiting module for the requests made to PropScreen
Implement a size limiter on the maximum response size allowed by the model (covered by AWS) |
Asset - Client LLM Application | Spoofing, Tampering, Info Disclosure, Elevation of Priv, leading to unauthorized access | Unauthorized data disclosure or data theft Privacy policy violation | High | Implement a User Authentication Module before a user has the ability to interact with PropScreen |
Last updated