familienarchiv/.specify/templates/threat-model.md

Threat Model —

Feature spec: ./spec.md Date: Author:

Data Flow Diagram (text)

Actors

• <e.g. Anonymous visitor, Authenticated reader, Authenticated transcriber, Admin, OCR sidecar>

Trust boundaries

• TB-1: Browser ⇄ Caddy (public internet ⇄ DMZ)
• TB-2: Caddy ⇄ Backend (:8080) (DMZ ⇄ app)
• TB-3: Backend ⇄ PostgreSQL / MinIO / sidecars (app ⇄ data plane)

Data flows (source → [boundary] → sink : data)

• F-1: Browser → [TB-1,TB-2] → Backend :
• F-2: Backend → [TB-3] → MinIO :
• <…>

STRIDE

Threat Category	Asset / Flow	Threat Description	Mitigation	Likelihood × Impact	Status
Spoofing		<e.g. unauthenticated caller forges a request>	<session auth + @RequirePermission>	Low × High	<Open/Mitigated/Accepted>
Tampering		<e.g. mass-assignment of createdBy>	<server-set audit fields, no body binding>	Med × High
Repudiation		<e.g. no record of who changed what>	<NOT NULL createdBy/updatedBy audit trail>	Low × Med
Information disclosure		<e.g. entity leaks email/hash; raw 500 leaks Hibernate internals>	<view not entity; DomainException.conflict>	Med × High
Denial of service		<e.g. oversized upload / unbounded list>	<size limit, batch cap, pagination>	Med × Med
Elevation of privilege		<e.g. reader reaches a write endpoint / IDOR>	<least-privilege Permission, ownership check>	Low × High

ASTRIDE (only if the feature invokes an AI agent / tool — OCR, NLP, LLM)

Threat	Asset / Flow	Threat Description	Mitigation	Likelihood × Impact	Status
Prompt Injection			<treat model output as untrusted; no auto-exec>
Context Poisoning	<retrieved/shared context>		<scope/provenance of context; validation>
Unsafe Tool Invocation			<allow-list tools; human-in-loop on mutations>
Reasoning Subversion		<crafted input flips a classification/decision>	<confidence threshold; deterministic guardrail>

Residual Risk

<Threats marked Accepted, who accepted them, and why the residual risk is tolerable.>