Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
38 tokens/sec
GPT-4o
59 tokens/sec
Gemini 2.5 Pro Pro
41 tokens/sec
o3 Pro
7 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Mapping LLM Security Landscapes: A Comprehensive Stakeholder Risk Assessment Proposal (2403.13309v1)

Published 20 Mar 2024 in cs.CR and cs.AI

Abstract: The rapid integration of LLMs across diverse sectors has marked a transformative era, showcasing remarkable capabilities in text generation and problem-solving tasks. However, this technological advancement is accompanied by significant risks and vulnerabilities. Despite ongoing security enhancements, attackers persistently exploit these weaknesses, casting doubts on the overall trustworthiness of LLMs. Compounding the issue, organisations are deploying LLM-integrated systems without understanding the severity of potential consequences. Existing studies by OWASP and MITRE offer a general overview of threats and vulnerabilities but lack a method for directly and succinctly analysing the risks for security practitioners, developers, and key decision-makers who are working with this novel technology. To address this gap, we propose a risk assessment process using tools like the OWASP risk rating methodology which is used for traditional systems. We conduct scenario analysis to identify potential threat agents and map the dependent system components against vulnerability factors. Through this analysis, we assess the likelihood of a cyberattack. Subsequently, we conduct a thorough impact analysis to derive a comprehensive threat matrix. We also map threats against three key stakeholder groups: developers engaged in model fine-tuning, application developers utilizing third-party APIs, and end users. The proposed threat matrix provides a holistic evaluation of LLM-related risks, enabling stakeholders to make informed decisions for effective mitigation strategies. Our outlined process serves as an actionable and comprehensive tool for security practitioners, offering insights for resource management and enhancing the overall system security.

PDF HTML Abstract
Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown Bookmark Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (33)
  1. Communications Security Establishment (Canada) Royal Canadian Mounted Police. “Harmonized threat and risk assessment (TRA) methodology .” Communications Security Establishment : Royal Canadian Mounted Police, 2007, 2007 URL: https://publications.gc.ca/site/eng/9.845156/publication.html
  2. NIST “NIST SP 800-30 Rev. 1 Guide for Conducting Risk Assessments” In NIST NIST, 2012 URL: https://csrc.nist.gov/pubs/sp/800/30/r1/final
  3. NIST “NIST Risk Management Framework (RMF)” In NIST NIST, 2016 URL: https://csrc.nist.gov/projects/risk-management/about-rmf
  4. “Deep reinforcement learning from human preferences” In Advances in neural information processing systems 30, 2017
  5. “Attention is all you need” In Advances in neural information processing systems 30, 2017
  6. “An architectural risk analysis of machine learning systems: Toward more secure machine learning” In Berryville Institute of Machine Learning, Clarke County, VA. Accessed on: Mar 23, 2020
  7. Carl Wilhjelm and Awad A Younis “A threat analysis methodology for security requirements elicitation in machine learning based systems” In 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C), 2020, pp. 426–433 IEEE
  8. “Lora: Low-rank adaptation of large language models” In arXiv preprint arXiv:2106.09685, 2021
  9. “Training a helpful and harmless assistant with reinforcement learning from human feedback” In arXiv preprint arXiv:2204.05862, 2022
  10. “Modeling threats to AI-ML systems using STRIDE” In Sensors 22.17 MDPI, 2022, pp. 6662
  11. “Training language models to follow instructions with human feedback” In Advances in Neural Information Processing Systems 35, 2022, pp. 27730–27744
  12. “Attacks on ML Systems: From Security Analysis to Attack Mitigation” In International Conference on Information Systems Security, 2022, pp. 119–138 Springer
  13. “Jailbreaker: Automated jailbreak across multiple large language model chatbots” In arXiv preprint arXiv:2307.08715, 2023
  14. “Bias and fairness in large language models: A survey” In arXiv preprint arXiv:2309.00770, 2023
  15. “More than you’ve asked for: A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models” In arXiv e-prints, 2023, pp. arXiv–2302
  16. “Catastrophic jailbreak of open-source llms via exploiting generation” In arXiv preprint arXiv:2310.06987, 2023
  17. “Mistral 7B” In arXiv preprint arXiv:2310.06825, 2023
  18. “Multi-step jailbreaking privacy attacks on chatgpt” In arXiv preprint arXiv:2304.05197, 2023
  19. MITRE “ATLAS Machine Learning Threat Matrix” In MITRE MITRE, 2023 URL: https://atlas.mitre.org/matrices/ATLAS/
  20. OWASP “OWASP Top 10 for Large Language Model Applications” In OWASP OWASP, 2023 URL: https://owasp.org/www-project-top-10-for-large-language-model-applications/
  21. Siladitya Ray “Samsung bans chatgpt among employees after sensitive code leak” In Forbes Forbes Magazine, 2023 URL: https://www.forbes.com/sites/siladityaray/2023/05/02/samsung-bans-chatgpt-and-other-chatbots-for-employees-after-sensitive-code-leak/?sh=3a06ed686078
  22. Schiffer “Amazon’s Q has “severe hallucinations” and leaks confidential data in public preview, employees warn” In Platformer Platformer, 2023 URL: https://www.platformer.news/amazons-q-has-severe-hallucinations/
  23. Ludwig-Ferdinand Stumpp “Achieving Code Execution in MathGPT via Prompt Injection” In MITRE MITRE, 2023 URL: https://atlas.mitre.org/studies/AML.CS0016/
  24. “Alpaca: A strong, replicable instruction-following model” In Stanford Center for Research on Foundation Models. https://crfm. stanford. edu/2023/03/13/alpaca. html 3.6, 2023, pp. 7
  25. “Llama 2: Open foundation and fine-tuned chat models” In arXiv preprint arXiv:2307.09288, 2023
  26. “Fundamental limitations of alignment in large language models” In arXiv preprint arXiv:2304.11082, 2023
  27. “Instructions as Backdoors: Backdoor Vulnerabilities of Instruction Tuning for Large Language Models” In arXiv preprint arXiv:2305.14710, 2023
  28. “Siren’s song in the ai ocean: A survey on hallucination in large language models” In arXiv preprint arXiv:2309.01219, 2023
  29. “Risk Taxonomy, Mitigation, and Assessment Benchmarks of Large Language Model Systems” In arXiv preprint arXiv:2401.05778, 2024
  30. Kapoor and Bommasani al. “On the Societal Impact of Open Foundation Models” In Stanford CRFM Stanford CRFM, 2024 URL: https://crfm.stanford.edu/open-fms/
  31. ENISA “ENISA Risk Assessment” In ENISA ENISA URL: https://www.enisa.europa.eu/topics/risk-management/current-risk/risk-management-inventory/rm-process/risk-assessment
  32. ISO “ISO 27001:2022 Information security management systems” In ISO ISO URL: https://www.iso.org/standard/27001
  33. OWASP “OWASP Risk Rating Methodology” In OWASP OWASP URL: https://owasp.org/www-community/OWASP_Risk_Rating_Methodology
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (4)
  1. Rahul Pankajakshan (2 papers)
  2. Sumitra Biswal (1 paper)
  3. Yuvaraj Govindarajulu (8 papers)
  4. Gilad Gressel (5 papers)
Citations (10)
View on Semantic Scholar
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets