🗃️
PropScreen
  • PropScreen Overview
  • Introduction
    • The Problem
    • Problem Importance and Impact
    • Solution Overview
      • How Propscreen Addresses the Problem
      • Use Cases
      • User Personas
  • System Architecture
    • Core Components of Propscreen
      • PropScreen's Checks
      • Context Strings Database
      • Hashed Organizational Sensitive Information
      • Interdiction Log Database (Reports)
    • Architecture Overview
    • Sequence Diagrams by Use Case
      • Use Case 1 Sensitive Information Disclosure Interdiction
      • Use Case 2 Logging of Interdiction Events
  • Project Considerations
    • Threat Modeling
      • Key Threats
      • Key Threat 1
      • Key Threat 2
      • Key Threat 3
    • Secure by Design
    • Alternative Solutions
      • NER and Regex Based Scans
      • Traditional Data Loss Prevention
    • PropScreen's LLM Implementation
  • The Proof of Concept
    • Demo Video
    • Try the Proof of Concept
  • Going Forward...
    • SIEM Integration
    • Role Based Access Control Dependent Response Filtering
    • The Good, The Bad, and the Learning
Powered by GitBook
On this page
  1. Project Considerations
  2. Threat Modeling

Key Threats

Overview of the Three Key Threats

Starting Point on the System

Potential Type of Attack and/or Key Threat

Potential Negative Impacts (Risks)

Risk Rating

Appropriate Defenses/Security Controls

Architecture - PropScreen in relation to all other systems

Tampering, Info Disclosure, Denial of Service from Insecure Software in PropScreen

Unauthorized data disclosure

Privacy policy violation

PropScreen Failing Open

Critical

Develop software in accordance with the OWASP Developer Guide (focus on section 5, especially input sanitization and supply chain management)

Asset - LLM

Denial of Service, Cost Running Attacks

Service degraded or failing for other users

Organization incurs unnecessary and wasteful cloud computing costs

High/Medium-High

Implement rate a limiting module for the requests made to PropScreen

Implement a size limiter on the maximum response size allowed by the model (covered by AWS)

Asset - Client LLM Application

Spoofing, Tampering, Info Disclosure, Elevation of Priv, leading to unauthorized access

Unauthorized data disclosure or data theft

Privacy policy violation

High

Implement a User Authentication Module before a user has the ability to interact with PropScreen

PreviousThreat ModelingNextKey Threat 1

Last updated 10 months ago