SALUS

Secure by design has quickly become an industry standard when building any type of application. Many organizations leverage various factors such as processes, reviews, controls, etc. to design systems securely. However, there can be thousands of security controls based on industry standards (i.e. NIST, CISA, CIS, etc.) that could be relevant for any given application.

SALUS aims to reduce the attack surface of applications that are built to be used internally within organizations by automating the processes around security architecture reviews. A Solution Owner can leverage the tool to define their architecture and scan against the controls data. An LLM is used to produce a report outlining security design flaws and how to mitigate them based on the applicable controls. This report can then be shared with the organization’s security architect to obtain a final review and approval of the design.

The SALUS tool will encourage cross-functional collaboration across the organization, giving people the opportunity to leverage and understand the mitigation techniques behind security risk.

Solution Architecture

UI Sample

Acknowledgements

We would like to thank our instructors Ryan Liu and Sekhar Sarukkai for their guidance and support throughout our project. Thank you to the CLTC committee members for funding our solution design.