Saife: Towards a Lightweight Threat Modeling Approach to Support Machine Learning Application Development.

Messas, Gabriel Esteves

Saife: Towards a Lightweight Threat Modeling Approach to Support Machine Learning Application Development.

Detalhes bibliográficos
Ano de defesa:	2024
Autor(a) principal:	Messas, Gabriel Esteves
Orientador(a):	Zarpelão, Bruno Bogaz
Banca de defesa:	Não Informado pela instituição
Tipo de documento:	Dissertação
Tipo de acesso:	Acesso aberto
Idioma:	eng
Instituição de defesa:	Não Informado pela instituição
Programa de Pós-Graduação:	Não Informado pela instituição
Departamento:	Não Informado pela instituição
País:	Não Informado pela instituição
Palavras-chave em Português:	Artiacial Intelligence Machine Learning Security Threat Modeling
Área do conhecimento CNPq:	Ciências Exatas e da Terra - Ciência da Computação
Link de acesso:	https://repositorio.uel.br/handle/123456789/18541
Resumo:	With the growing popularization of the Artificial Intelligence (AI) field, the development of systems that rely on, at least, one of its subareas has also experienced a great increase. The recent adoption of AI techniques in common systems - such as mobile apps and household appliances - requires a higher level of attention, in order to ensure their safety and proper operation. In this scenario, assuring the adequate functioning of these solutions culminates, in most cases, in ensuring the security of the application and its data throughout the software development life cycle. Software developers, however, often find security-related tasks challenging to learn and execute, and frequently put them aside. Additionally, currently available threat modeling frameworks are difficult to integrate into software development life cycles, which prioritize agility and automation over extensive analysis and documentation. This work, therefore, proposes sAIfe, a new threat modeling method for security analysis of Machine Learning (ML) applications under development. sAIfe provides prescriptive steps, with graphical elements and results that include lists with threats and ready-made remediation suggestions for the analyzed system. This approach aims at simplifying the risk assessment process for the programmer, unveiling possible weaknesses and suggesting respective solutions in a practical way. Still in this work, sAIfe is tested on a real-world ML application, revealing positive results, with many potential issues and mitigation options detected by the method, which are registered in the form of a case study. Additionally, this study is compared to another one, carried out with an alternative method from the literature, highlighting sAIfe’s advantages. Finally, two validations are carried out: one with researchers in academia and another with developers in industry, returning great feedback on sAIfe’s ease of use and speed of application

Metadados do item

id	UEL_e4d15fdca8a799d5c8f613ceb21e5931
oai_identifier_str	oai:repositorio.uel.br:123456789/18541
network_acronym_str	UEL
network_name_str	Repositório Institucional da UEL
repository_id_str
spelling	Messas, Gabriel EstevesMenolli, André Luís Andrade7e4a3df5-e65d-48fc-957f-3727180682ca-1Meneguette, Rodolfo Ipolito895bcf08-a7ef-419b-8b8e-44f7f64d990d-15b4be1b9-6614-4657-b275-73a9b2e78360185d873c-996a-4746-ab7f-3fc3ccf3c82cZarpelão, Bruno BogazLondrina, Paraná75 p.2025-02-04T13:03:11Z2025-02-04T13:03:11Z2024-12-13https://repositorio.uel.br/handle/123456789/18541With the growing popularization of the Artificial Intelligence (AI) field, the development of systems that rely on, at least, one of its subareas has also experienced a great increase. The recent adoption of AI techniques in common systems - such as mobile apps and household appliances - requires a higher level of attention, in order to ensure their safety and proper operation. In this scenario, assuring the adequate functioning of these solutions culminates, in most cases, in ensuring the security of the application and its data throughout the software development life cycle. Software developers, however, often find security-related tasks challenging to learn and execute, and frequently put them aside. Additionally, currently available threat modeling frameworks are difficult to integrate into software development life cycles, which prioritize agility and automation over extensive analysis and documentation. This work, therefore, proposes sAIfe, a new threat modeling method for security analysis of Machine Learning (ML) applications under development. sAIfe provides prescriptive steps, with graphical elements and results that include lists with threats and ready-made remediation suggestions for the analyzed system. This approach aims at simplifying the risk assessment process for the programmer, unveiling possible weaknesses and suggesting respective solutions in a practical way. Still in this work, sAIfe is tested on a real-world ML application, revealing positive results, with many potential issues and mitigation options detected by the method, which are registered in the form of a case study. Additionally, this study is compared to another one, carried out with an alternative method from the literature, highlighting sAIfe’s advantages. Finally, two validations are carried out: one with researchers in academia and another with developers in industry, returning great feedback on sAIfe’s ease of use and speed of applicationCom a crescente popularização do campo da Inteligência Artificial (IA), o desenvolvimento de sistemas que empregam, pelo menos, uma de suas subáreas também tem experimentado um grande aumento. A recente adoção de técnicas de IA em sistemas comuns - como aplicativos para celular e equipamentos domésticos - requer um maior nível de atenção, a fim de garantir sua segurança e funcionamento adequado. Neste cenário, garantir o funcionamento adequado destas soluções culmina, na maioria dos casos, em garantir a segurança da aplicação e dos seus dados durante todo o ciclo de vida de desenvolvimento do software. Desenvolvedores de software, no entanto, muitas vezes consideram as tarefas relacionadas à segurança difíceis de aprender e executar, e frequentemente as deixam de lado. Além disso, os frameworks de modelagem de ameaças atualmente disponíveis são difíceis de integrar nos ciclos de vida de desenvolvimento de software, que priorizam a agilidade e a automação em detrimento de análises e documentação extensas. Este trabalho, portanto, propõe o sAIfe, um novo método de modelagem de ameaças para análise de segurança de aplicações de Machine Learning (ML) em desenvolvimento. O sAIfe fornece etapas prescritivas, com elementos gráficos e resultados que incluem listas com ameaças e sugestões de remediação já prontas para o sistema analizado. Esta abordagem visa simplificar e agilizar o processo de avaliação de risco para o programador, revelando possíveis fragilidades e sugerindo respectivas soluções de forma prática. Ainda neste trabalho, o sAIfe é testado numa aplicação de IA do mundo real, revelando resultados positivos, com muitos problemas potenciais e opções de mitigação detectados pelo método, que são registados na forma de um estudo de caso. Adicionalmente, este estudo é comparado a outro, realizado com um método alternativo da literatura, evidenciando as vantagens do sAIfe. Por último, são realizadas duas validações: uma com pesquisadores na academia e outra com desenvolvedores na indústria, retornando ótimos feedbacks sobre a facilidade de uso e a velocidade de aplicação do sAIfeengCiências Exatas e da Terra - Ciência da ComputaçãoCiências Exatas e da Terra - Ciência da ComputaçãoInteligência ArtiacialAprendizado de MáquinaSegurançaModelagem de AmeaçasArtiacial IntelligenceMachine LearningSecurityThreat ModelingSaife: Towards a Lightweight Threat Modeling Approach to Support Machine Learning Application Development.Saife: rumo a uma abordagem leve de modelagem de ameaças para apoiar o desenvolvimento de aplicativos de Aprendizado de Máquina.info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisCCE - Departamento de ComputaçãoPrograma de Pós-Graduação em Ciência da ComputaçãoUniversidade Estadual de Londrina - UEL-1-1reponame:Repositório Institucional da UELinstname:Universidade Estadual de Londrina (UEL)instacron:UELinfo:eu-repo/semantics/openAccessMestrado AcadêmicoCentro de Ciências ExatasORIGINALCE_COM_Me_2024_Messas_Gabriel_E.pdfCE_COM_Me_2024_Messas_Gabriel_E.pdftexto completo ID: 193069application/pdf977260https://repositorio.uel.br/bitstreams/862be64d-87bd-4ad0-b19b-5202d53f1495/download87893979c0ddf5ab654472679b82bc1cMD51CE_COM_Me_2024_Messas_Gabriel_E_Termo.pdfCE_COM_Me_2024_Messas_Gabriel_E_Termo.pdftermo de autorizaçãoapplication/pdf137083https://repositorio.uel.br/bitstreams/6e2b318d-6b03-4556-9408-756b83bbc857/download0d6bdc520ec3094154153cd1444e230eMD52LICENSElicense.txtlicense.txttext/plain; charset=utf-8555https://repositorio.uel.br/bitstreams/e15ef84e-d31a-46bd-8224-83c90e63b81b/downloadb0875caec81dd1122312ab77c11250f1MD53TEXTCE_COM_Me_2024_Messas_Gabriel_E.pdf.txtCE_COM_Me_2024_Messas_Gabriel_E.pdf.txtExtracted texttext/plain148019https://repositorio.uel.br/bitstreams/1c4d5a62-392a-40cd-8bf4-60d7a7342a0f/downloadc508aacd65bdaa67c78298983c9b5e6bMD54CE_COM_Me_2024_Messas_Gabriel_E_Termo.pdf.txtCE_COM_Me_2024_Messas_Gabriel_E_Termo.pdf.txtExtracted texttext/plain2144https://repositorio.uel.br/bitstreams/f85fe0a5-0544-4263-ab41-a652930cd6e3/download6ccbb71e7ef8db1f39ed4eb6583e5a1dMD56THUMBNAILCE_COM_Me_2024_Messas_Gabriel_E.pdf.jpgCE_COM_Me_2024_Messas_Gabriel_E.pdf.jpgGenerated Thumbnailimage/jpeg3438https://repositorio.uel.br/bitstreams/e79171c0-fc86-426f-82b6-f8e55a12945b/download526eb7221dd5e44e9e296a92d6ed0be7MD55CE_COM_Me_2024_Messas_Gabriel_E_Termo.pdf.jpgCE_COM_Me_2024_Messas_Gabriel_E_Termo.pdf.jpgGenerated Thumbnailimage/jpeg4899https://repositorio.uel.br/bitstreams/684ac6e7-2305-4a9b-a9fa-6e671f834a58/downloada253ad0771f85ab291920ef165a4637bMD57123456789/185412025-02-05 03:07:33.379open.accessoai:repositorio.uel.br:123456789/18541https://repositorio.uel.brBiblioteca Digital de Teses e Dissertaçõeshttp://www.bibliotecadigital.uel.br/PUBhttp://www.bibliotecadigital.uel.br/OAI/oai2.phpbcuel@uel.br\|\|opendoar:2025-02-05T06:07:33Repositório Institucional da UEL - Universidade Estadual de Londrina (UEL)falseQXV0b3Jpem8gYSBkaXZ1bGdhw6fDo28gbm8gUmVwb3NpdMOzcmlvIGRhIFVuaXZlcnNpZGFkZSBFc3RhZHVhbCBkZSBMb25kcmluYSAocmVwb3NpdG9yaW8udWVsLmJyKSwgZSBwZXJtaXRvIGEgcmVwcm9kdcOnw6NvIHRvdGFsIHBvciBtZWlvIGVsZXRyw7RuaWNvLCBzZW0gcmVzc2FyY2ltZW50byBkb3MgZGlyZWl0b3MgYXV0b3JhaXMgZGEgT2JyYSwgYSBwYXJ0aXIgZGEgZGF0YSBpbmRpY2FkYSBubyBhcnF1aXZvIChiaXRzdHJlYW0pLCBvdSBhdMOpIHF1ZSBtYW5pZmVzdGHDp8OjbyBlbSBzZW50aWRvIGNvbnRyw6FyaW8gZGUgbWluaGEgcGFydGUgZGV0ZXJtaW5lIGEgY2Vzc2HDp8OjbyBkZXN0YSBhdXRvcml6YcOnw6NvLiBEZWNsYXJvLCB0YW1iw6ltLCBxdWUgbWUgcmVzcG9uc2FiaWxpem8gcGVsbyBjb250ZcO6ZG8gZGEgb2JyYSBvYmpldG8gZGVzdGEgYXV0b3JpemHDp8Ojbywgc2VuZG8gZGUgbWluaGEgcmVzcG9uc2FiaWxpZGFkZSBxdWFpc3F1ZXIgbWVkaWRhcyBqdWRpY2lhaXMgb3UgZXh0cmFqdWRpY2lhaXMgY29uY2VybmVudGVzIGFvIGNvbnRlw7pkby4K
dc.title.none.fl_str_mv	Saife: Towards a Lightweight Threat Modeling Approach to Support Machine Learning Application Development.
dc.title.alternative.none.fl_str_mv	Saife: rumo a uma abordagem leve de modelagem de ameaças para apoiar o desenvolvimento de aplicativos de Aprendizado de Máquina.
title	Saife: Towards a Lightweight Threat Modeling Approach to Support Machine Learning Application Development.
spellingShingle	Saife: Towards a Lightweight Threat Modeling Approach to Support Machine Learning Application Development. Messas, Gabriel Esteves Ciências Exatas e da Terra - Ciência da Computação Artiacial Intelligence Machine Learning Security Threat Modeling Ciências Exatas e da Terra - Ciência da Computação Inteligência Artiacial Aprendizado de Máquina Segurança Modelagem de Ameaças
title_short	Saife: Towards a Lightweight Threat Modeling Approach to Support Machine Learning Application Development.
title_full	Saife: Towards a Lightweight Threat Modeling Approach to Support Machine Learning Application Development.
title_fullStr	Saife: Towards a Lightweight Threat Modeling Approach to Support Machine Learning Application Development.
title_full_unstemmed	Saife: Towards a Lightweight Threat Modeling Approach to Support Machine Learning Application Development.
title_sort	Saife: Towards a Lightweight Threat Modeling Approach to Support Machine Learning Application Development.
author	Messas, Gabriel Esteves
author_facet	Messas, Gabriel Esteves
author_role	author
dc.contributor.banca.none.fl_str_mv	Menolli, André Luís Andrade Meneguette, Rodolfo Ipolito
dc.contributor.author.fl_str_mv	Messas, Gabriel Esteves
dc.contributor.authorID.fl_str_mv	5b4be1b9-6614-4657-b275-73a9b2e78360
dc.contributor.advisor1ID.fl_str_mv	185d873c-996a-4746-ab7f-3fc3ccf3c82c
dc.contributor.advisor1.fl_str_mv	Zarpelão, Bruno Bogaz
contributor_str_mv	Zarpelão, Bruno Bogaz
dc.subject.cnpq.fl_str_mv	Ciências Exatas e da Terra - Ciência da Computação
topic	Ciências Exatas e da Terra - Ciência da Computação Artiacial Intelligence Machine Learning Security Threat Modeling Ciências Exatas e da Terra - Ciência da Computação Inteligência Artiacial Aprendizado de Máquina Segurança Modelagem de Ameaças
dc.subject.por.fl_str_mv	Artiacial Intelligence Machine Learning Security Threat Modeling
dc.subject.capes.none.fl_str_mv	Ciências Exatas e da Terra - Ciência da Computação
dc.subject.keywords.none.fl_str_mv	Inteligência Artiacial Aprendizado de Máquina Segurança Modelagem de Ameaças
description	With the growing popularization of the Artificial Intelligence (AI) field, the development of systems that rely on, at least, one of its subareas has also experienced a great increase. The recent adoption of AI techniques in common systems - such as mobile apps and household appliances - requires a higher level of attention, in order to ensure their safety and proper operation. In this scenario, assuring the adequate functioning of these solutions culminates, in most cases, in ensuring the security of the application and its data throughout the software development life cycle. Software developers, however, often find security-related tasks challenging to learn and execute, and frequently put them aside. Additionally, currently available threat modeling frameworks are difficult to integrate into software development life cycles, which prioritize agility and automation over extensive analysis and documentation. This work, therefore, proposes sAIfe, a new threat modeling method for security analysis of Machine Learning (ML) applications under development. sAIfe provides prescriptive steps, with graphical elements and results that include lists with threats and ready-made remediation suggestions for the analyzed system. This approach aims at simplifying the risk assessment process for the programmer, unveiling possible weaknesses and suggesting respective solutions in a practical way. Still in this work, sAIfe is tested on a real-world ML application, revealing positive results, with many potential issues and mitigation options detected by the method, which are registered in the form of a case study. Additionally, this study is compared to another one, carried out with an alternative method from the literature, highlighting sAIfe’s advantages. Finally, two validations are carried out: one with researchers in academia and another with developers in industry, returning great feedback on sAIfe’s ease of use and speed of application
publishDate	2024
dc.date.issued.fl_str_mv	2024-12-13
dc.date.accessioned.fl_str_mv	2025-02-04T13:03:11Z
dc.date.available.fl_str_mv	2025-02-04T13:03:11Z
dc.type.status.fl_str_mv	info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv	info:eu-repo/semantics/masterThesis
format	masterThesis
status_str	publishedVersion
dc.identifier.uri.fl_str_mv	https://repositorio.uel.br/handle/123456789/18541
url	https://repositorio.uel.br/handle/123456789/18541
dc.language.iso.fl_str_mv	eng
language	eng
dc.relation.confidence.fl_str_mv	-1 -1
dc.relation.departament.none.fl_str_mv	CCE - Departamento de Computação
dc.relation.ppgname.none.fl_str_mv	Programa de Pós-Graduação em Ciência da Computação
dc.relation.institutionname.none.fl_str_mv	Universidade Estadual de Londrina - UEL
dc.rights.driver.fl_str_mv	info:eu-repo/semantics/openAccess
eu_rights_str_mv	openAccess
dc.coverage.spatial.none.fl_str_mv	Londrina, Paraná
dc.coverage.extent.none.fl_str_mv	75 p.
dc.source.none.fl_str_mv	reponame:Repositório Institucional da UEL instname:Universidade Estadual de Londrina (UEL) instacron:UEL
instname_str	Universidade Estadual de Londrina (UEL)
instacron_str	UEL
institution	UEL
reponame_str	Repositório Institucional da UEL
collection	Repositório Institucional da UEL
bitstream.url.fl_str_mv	https://repositorio.uel.br/bitstreams/862be64d-87bd-4ad0-b19b-5202d53f1495/download https://repositorio.uel.br/bitstreams/6e2b318d-6b03-4556-9408-756b83bbc857/download https://repositorio.uel.br/bitstreams/e15ef84e-d31a-46bd-8224-83c90e63b81b/download https://repositorio.uel.br/bitstreams/1c4d5a62-392a-40cd-8bf4-60d7a7342a0f/download https://repositorio.uel.br/bitstreams/f85fe0a5-0544-4263-ab41-a652930cd6e3/download https://repositorio.uel.br/bitstreams/e79171c0-fc86-426f-82b6-f8e55a12945b/download https://repositorio.uel.br/bitstreams/684ac6e7-2305-4a9b-a9fa-6e671f834a58/download
bitstream.checksum.fl_str_mv	87893979c0ddf5ab654472679b82bc1c 0d6bdc520ec3094154153cd1444e230e b0875caec81dd1122312ab77c11250f1 c508aacd65bdaa67c78298983c9b5e6b 6ccbb71e7ef8db1f39ed4eb6583e5a1d 526eb7221dd5e44e9e296a92d6ed0be7 a253ad0771f85ab291920ef165a4637b
bitstream.checksumAlgorithm.fl_str_mv	MD5 MD5 MD5 MD5 MD5 MD5 MD5
repository.name.fl_str_mv	Repositório Institucional da UEL - Universidade Estadual de Londrina (UEL)
repository.mail.fl_str_mv	bcuel@uel.br\|\|
_version_	1856675830069985280

Saife: Towards a Lightweight Threat Modeling Approach to Support Machine Learning Application Development.

Registros relacionados