Formal Trust and Threat Modeling Using Large Language Models

Document Type

Conference Proceeding

Publication Date

1-1-2024

Abstract

Security modeling, including trust and threat modeling, is a critical process of modern system design and analysis. However, the models are often described in imprecise natural languages, and their inconsistent interpretations and implementations can lead to cybersecurity incidents. In this work, we first introduce an extended Linear Temporal Logic to model the multi-faceted security model of a system to capture its temporal and spatial properties and security guarantees. Then, we manually write 10 security model formulas of real-world systems and attack scenarios. Finally, we fine-Tune a large language model with our manually written models. We evaluate the fine-Tuned model with another set of 9 recent system designs to validate its capability in accurately capturing their security models. Our work provides a formal approach to system security modeling, and it demonstrates the benefits of using large language models in capturing the models of real-world systems.

Identifier

105001674351 (Scopus)

ISBN

[9798331532819]

Publication Title

Proceeding - 2024 Annual Computer Security Applications Conference Workshops, ACSACW 2024

External Full Text Location

https://doi.org/10.1109/ACSACW65225.2024.00033

First Page

232

Last Page

239

This document is currently not available here.

Share

COinS