TY - GEN
T1 - Formal Trust and Threat Modeling Using Large Language Models
AU - Yao, Zhihao
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Security modeling, including trust and threat modeling, is a critical process of modern system design and analysis. However, the models are often described in imprecise natural languages, and their inconsistent interpretations and implementations can lead to cybersecurity incidents. In this work, we first introduce an extended Linear Temporal Logic to model the multi-faceted security model of a system to capture its temporal and spatial properties and security guarantees. Then, we manually write 10 security model formulas of real-world systems and attack scenarios. Finally, we fine-Tune a large language model with our manually written models. We evaluate the fine-Tuned model with another set of 9 recent system designs to validate its capability in accurately capturing their security models. Our work provides a formal approach to system security modeling, and it demonstrates the benefits of using large language models in capturing the models of real-world systems.
AB - Security modeling, including trust and threat modeling, is a critical process of modern system design and analysis. However, the models are often described in imprecise natural languages, and their inconsistent interpretations and implementations can lead to cybersecurity incidents. In this work, we first introduce an extended Linear Temporal Logic to model the multi-faceted security model of a system to capture its temporal and spatial properties and security guarantees. Then, we manually write 10 security model formulas of real-world systems and attack scenarios. Finally, we fine-Tune a large language model with our manually written models. We evaluate the fine-Tuned model with another set of 9 recent system designs to validate its capability in accurately capturing their security models. Our work provides a formal approach to system security modeling, and it demonstrates the benefits of using large language models in capturing the models of real-world systems.
KW - Formal Methods
KW - Large Language Models
KW - Threat Modeling
KW - Trust Modeling
UR - https://www.scopus.com/pages/publications/105001674351
UR - https://www.scopus.com/pages/publications/105001674351#tab=citedBy
U2 - 10.1109/ACSACW65225.2024.00033
DO - 10.1109/ACSACW65225.2024.00033
M3 - Conference contribution
AN - SCOPUS:105001674351
T3 - Proceeding - 2024 Annual Computer Security Applications Conference Workshops, ACSACW 2024
SP - 232
EP - 239
BT - Proceeding - 2024 Annual Computer Security Applications Conference Workshops, ACSACW 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 40th Annual Computer Security Applications Conference Workshops, ACSACW 2024
Y2 - 9 December 2024 through 13 December 2024
ER -