STRIDE-AI: An Approach to Identifying Vulnerabilities of Machine Learning Assets

Contributo in Atti di convegno
Data di Pubblicazione:
2021
Citazione:
STRIDE-AI: An Approach to Identifying Vulnerabilities of Machine Learning Assets / L. Mauri, E. Damiani - In: 2021 IEEE International Conference on Cyber Security and Resilience (CSR)[s.l] : IEEE, 2021. - ISBN 978-1-6654-0285-9. - pp. 147-154 (( convegno IEEE International Conference on Cyber Security and Resilience tenutosi a Rhodes nel 2021 [10.1109/CSR51186.2021.9527917].
Abstract:
We propose a security methodology for Machine Learning (ML) pipelines, supporting the definition of key security properties of ML assets, the identification of threats to them as well as the selection, test and verification of security controls. Our proposal is based on STRIDE, a widely used approach to threat modeling originally developed by Microsoft. We adapt STRIDE to the Artificial Intelligence domain by taking a security property-driven approach that also provides guidance in selecting the security controls needed to alleviate the identified threats. Our proposal is illustrated via an industrial case study.
Tipologia IRIS:
03 - Contributo in volume
Keywords:
Artificial Intelligence security; Threat modeling; Vulnerability assessment
Elenco autori:
L. Mauri, E. Damiani
Autori di Ateneo:
DAMIANI ERNESTO ( autore )
MAURI LARA ( autore )
Link alla scheda completa:
https://air.unimi.it/handle/2434/866875
Link al Full Text:
Titolo del libro:
2021 IEEE International Conference on Cyber Security and Resilience (CSR)
Progetto:
THREAT-ARREST Cyber Security Threats and Threat Actors Training - Assurance Driven Multi-Layer, end-to-end Simulation and Training (THREAT-ARREST)

Aree Di Ricerca