Security and privacy
Privacy
Local Regression Studio processes CSV data, preprocessing, training, diagnostics, monitoring, and predictions in the user’s browser. It has no analytics, account service, cloud storage, remote model execution, or data-upload endpoint.
The Full Studio may load pinned Plotly and CSV parser assets from jsDelivr when deliberately started in hybrid mode. Those requests are for application libraries, not user CSV data. The local launchers default to bundled libraries. Strict-offline and Prediction-only editions force bundled assets and use a CSP that disallows remote script and connection sources.
The original CSV is not embedded in saved projects, models, experiment records, approved prediction packages, governance reports, or recovery snapshots. Derived artifacts can nevertheless reveal sensitive information through feature names, ranges, categories, coefficients, stored rows, predictions, residuals, approval notes, and monitoring outcomes. Treat downloads as potentially sensitive.
Local browser storage is used only for an optional recovery snapshot and user interface state. The recovery snapshot excludes the original CSV. Users can discard it from the recovery panel or clear site storage through the browser.
Security Policy
Supported release
The supported reference release is Local Regression Studio v1.0.11. Security corrections should be distributed as a new signed or checksum-verifiable release rather than by replacing files silently.
Reporting a vulnerability
Report suspected vulnerabilities privately to the application owner or deployment administrator. Include the application version, edition, browser, steps to reproduce, affected artifact type, and whether raw user data are required. Do not attach sensitive datasets unless an approved secure channel is available.
Security properties
- Browser-local model development and prediction
- No analytics, remote training, cloud-storage, or CSV-upload endpoint
- Strict-offline editions with no permitted remote script or connection sources
- SHA-256 artifact integrity for approved prediction packages
- Optional ECDSA P-256 organizational signature verification against administrator-pinned public keys
- Import file-size and structural-complexity limits
- CSV row/column limits and duplicate-header rejection
- Spreadsheet-formula injection protection in generated CSV files
- HTML escaping of user-controlled labels and governance text
- Bounded model and tuning workloads
Organizational signatures
The app does not create organizational signatures or store private
keys. A deployment may configure trusted public JWK values in
js/build-config.js under trustedSigningKeys.
Signed packages are accepted only when the declared keyId
exists in that trusted map and the ECDSA signature verifies over the
package SHA-256 digest.
An embedded public key is not treated as organizational trust. Key distribution, rotation, revocation, custody, and signer identity are deployment responsibilities.
Known security boundaries
- Prediction-only mode is a workflow restriction, not authentication or authorization.
- Governance names and roles are recorded metadata, not verified identities.
- A malicious user with permission to replace application files can also replace configuration and trusted keys; protect the deployment directory with ordinary hosting and operating-system controls.
- Browser memory exhaustion cannot be eliminated completely. The app validates documented limits and refuses oversized structures, but administrators should set web-server upload limits as an additional control.
- The Full Studio hybrid edition permits pinned jsDelivr sources through its CSP when hybrid mode is enabled. Use Strict-offline for controlled environments.
Security update process
- Reproduce and classify the issue.
- Correct it on a new maintenance branch.
- Add a regression test.
- Run numerical, migration, security, and browser checks.
- Publish a new version, checksum, manifest, SBOM, test report, and release notes.
- Inform operators whether approved model packages need reissue or revalidation.
Threat Model
Protected assets
- Training and prediction CSV data
- Fitted model and preprocessing state
- Approved prediction packages
- Governance and monitoring records
- Trusted organizational public keys
- Release files and manifests
Primary threats and controls
| Threat | Controls | Residual risk |
|---|---|---|
| Sensitive data sent externally | Local processing; no upload endpoint; strict-offline CSP | Browser extensions, compromised host, or custom modifications remain outside app control |
| Malicious/oversized CSV | File, row, and column limits; duplicate-header checks; bounded workloads | Complex but within-limit data can still consume substantial memory |
| Malformed/oversized JSON | File, depth, node, array, type, schema, and hash checks | Novel semantic corruption may require additional model-specific checks |
| Spreadsheet formula injection | Prefix dangerous exported cells with an apostrophe | Users can manually remove protection after download |
| HTML/script injection | Escaping and CSP | Deployment modifications can weaken CSP |
| Package tampering | SHA-256 integrity and embedded self-test vectors | Hash alone does not prove organizational origin |
| False signer identity | Administrator-pinned trusted keys | Key custody, rotation, and revocation are organizational responsibilities |
| Unauthorized Studio access | Separate prediction edition and deployment guidance | Static editions do not provide authentication |
| Model misuse outside scope | Intended/prohibited uses, applicability warnings, approval status | Human process can ignore warnings |
| Stale model | Review dates, monitoring, revalidation triggers, suspension/expiry | Monitoring data can be late or incomplete |
| Supply-chain compromise | Bundled libraries, version inventory, SBOM, manifest, strict-offline edition | Reference build is checksum-verifiable but not signed by a private release key |
Trust boundaries
The browser, operating system, hosting environment, installed extensions, and organizational identity system are outside the JavaScript application’s control. The app assumes its own static files and configured trusted keys have not been replaced by an attacker with deployment access.