Artifact viewer
Redacted threat model excerpt
Sample artifact showing boundary, adversaries, findings, and closure criteria.
# Redacted Threat Model Excerpt (Sample) Status: Example artifact format used in audits. Scope: Authentication and export pipeline for a sensitive-data workflow. ## Boundary Statement - Protect user-authored records from unauthorized disclosure and silent tampering. - Prioritize user recoverability during outages and interrupted sessions. - Assume coercive access attempts are plausible in real operations. ## Adversaries (Top) 1. Opportunistic external attacker probing auth and session controls. 2. Insider with accidental over-privilege in support/admin paths. 3. Coercive actor with partial device access and social leverage. ## High-Risk Paths - Session fixation through weak token rotation on privilege changes. - Export endpoint over-broad defaults leaking adjacent records. - Recovery flow exposing account existence through response timing. ## Example Finding - ID: CC-AUD-07 - Surface: Export API - Severity: High - Repro: Request export with wildcard parameter under scoped token. - Impact: User can receive records outside intended boundary. - Fix: Enforce server-side ownership checks + explicit export scopes. - Verification: Integration test `export_scope_enforced` must pass in CI. ## Closure Criteria - Patch merged and reviewed. - Regression test added and green. - Monitoring alert for anomalous export scope requests enabled. - Runbook updated with rollback and incident response steps. ## Notes This sample is intentionally redacted and generalized. It demonstrates output shape and verification discipline, not client-specific details.
Continue inspection
Move from the single artifact back to the surrounding proof surface, dossier, and writing trail.