Skip to content

Security Threat Model (Baseline)

Method

STRIDE-aligned baseline for public-facing GPUaaS control plane.

Assets

  • User identity and access tokens
  • Node access credentials and SSH materials
  • Billing ledger and payment events
  • Allocation and usage records
  • Admin operations and audit trails

Key Threats and Mitigations

Spoofing

  • Threat: token theft/session replay
  • Controls: short-lived tokens, rotation, device/session anomaly checks

Tampering

  • Threat: modification of billing/ledger records
  • Controls: immutable ledger entries, transactional writes, audit logs

Repudiation

  • Threat: admin action denial
  • Controls: signed/immutable audit logs with actor and correlation IDs

Information Disclosure

  • Threat: secret leakage, over-broad API response
  • Controls: secret manager, least-privilege data access, response minimization

Denial of Service

  • Threat: API abuse/websocket floods
  • Controls: WAF, rate limits, backpressure, autoscaling thresholds

Elevation of Privilege

  • Threat: bypassing tenant/role checks
  • Controls: centralized authorization policy enforcement + service-side checks

Priority Threat Areas (MVP)

  1. Payment/webhook replay and tampering
  2. Provisioning privilege abuse
  3. Multi-tenant data boundary leakage
  4. Secret exfiltration via logs/config