Key Threats

Overview of the Three Key Threats

Starting Point on the System

Potential Type of Attack and/or Key Threat

Potential Negative Impacts (Risks)

Risk Rating

Appropriate Defenses/Security Controls

Architecture - PropScreen in relation to all other systems

Tampering, Info Disclosure, Denial of Service from Insecure Software in PropScreen

Unauthorized data disclosure

Privacy policy violation

PropScreen Failing Open

Critical

Develop software in accordance with the OWASP Developer Guide (focus on section 5, especially input sanitization and supply chain management)

Asset - LLM

Denial of Service, Cost Running Attacks

Service degraded or failing for other users

Organization incurs unnecessary and wasteful cloud computing costs

High/Medium-High

Implement rate a limiting module for the requests made to PropScreen

Implement a size limiter on the maximum response size allowed by the model (covered by AWS)

Asset - Client LLM Application

Spoofing, Tampering, Info Disclosure, Elevation of Priv, leading to unauthorized access

Unauthorized data disclosure or data theft

Privacy policy violation

High

Implement a User Authentication Module before a user has the ability to interact with PropScreen

PreviousThreat ModelingNextKey Threat 1

Last updated