Saife: Towards a Lightweight Threat Modeling Approach to Support Machine Learning Application Development.
Data
2024-12-13
Autores
Messas, Gabriel Esteves
Título da Revista
ISSN da Revista
Título de Volume
Editor
Resumo
With the growing popularization of the Artificial Intelligence (AI) field, the development of systems that rely on, at least, one of its subareas has also experienced a great increase. The recent adoption of AI techniques in common systems - such as mobile apps and household appliances - requires a higher level of attention, in order to ensure their safety and proper operation. In this scenario, assuring the adequate functioning of these solutions culminates, in most cases, in ensuring the security of the application and its data throughout the software development life cycle. Software developers, however, often find security-related tasks challenging to learn and execute, and frequently put them aside. Additionally, currently available threat modeling frameworks are difficult to integrate into software development life cycles, which prioritize agility and automation over extensive analysis and documentation. This work, therefore, proposes sAIfe, a new threat modeling method for security analysis of Machine Learning (ML) applications under development. sAIfe provides prescriptive steps, with graphical elements and results that include lists with threats and ready-made remediation suggestions for the analyzed system. This approach aims at simplifying the risk assessment process for the programmer, unveiling possible weaknesses and suggesting respective solutions in a practical way. Still in this work, sAIfe is tested on a real-world ML application, revealing positive results, with many potential issues and mitigation options detected by the method, which are registered in the form of a case study. Additionally, this study is compared to another one, carried out with an alternative method from the literature, highlighting sAIfe’s advantages. Finally, two validations are carried out: one with researchers in academia and another with developers in industry, returning great feedback on sAIfe’s ease of use and speed of application
Descrição
Palavras-chave
Artiacial Intelligence, Machine Learning, Security, Threat Modeling