From 16e7704fc733f4f20e967c94c234e16e916f523f Mon Sep 17 00:00:00 2001 From: Jessie Wei Date: Mon, 15 Jul 2024 11:13:41 +1000 Subject: [PATCH] chore: Remove the unused file --- ...tadata.json => GenAIChatbot.metadata.json} | 0 .../src/data/threatPacks/generated/GenAI.json | 1094 ----------------- .../src/data/threatPacks/threatPacks.ts | 4 +- 3 files changed, 2 insertions(+), 1096 deletions(-) rename packages/threat-composer/src/data/threatPacks/{GenAI.metadata.json => GenAIChatbot.metadata.json} (100%) delete mode 100644 packages/threat-composer/src/data/threatPacks/generated/GenAI.json diff --git a/packages/threat-composer/src/data/threatPacks/GenAI.metadata.json b/packages/threat-composer/src/data/threatPacks/GenAIChatbot.metadata.json similarity index 100% rename from packages/threat-composer/src/data/threatPacks/GenAI.metadata.json rename to packages/threat-composer/src/data/threatPacks/GenAIChatbot.metadata.json diff --git a/packages/threat-composer/src/data/threatPacks/generated/GenAI.json b/packages/threat-composer/src/data/threatPacks/generated/GenAI.json deleted file mode 100644 index dbddadd..0000000 --- a/packages/threat-composer/src/data/threatPacks/generated/GenAI.json +++ /dev/null @@ -1,1094 +0,0 @@ -{ - "schema": 1, - "namespace": "threat-composer", - "type": "threat-pack", - "id": "GenAIChatBot", - "name": "GenAI ChatBot Threat Pack", - "description": "This Threat Pack contains all of the threat statements (and associated metadata) from the reference GenAI ChatBot threat model", - "threats": [ - { - "id": "26ae875e-296d-4151-99a9-dbd6287d851a", - "numericId": 32, - "displayOrder": 32, - "metadata": [ - { - "key": "Priority", - "value": "High" - }, - { - "key": "STRIDE", - "value": [ - "I" - ] - } - ], - "tags": [ - "Application Logging " - ], - "threatSource": "internal actor", - "prerequisites": "who has access to production logs", - "threatAction": "read sensitive customer information contained in chatbot conversation logs", - "threatImpact": "unauthorized exposure of personal customer details", - "impactedGoal": [ - "confidentiality" - ], - "impactedAssets": [ - "impacted individuals and sensitive data" - ], - "statement": "An internal actor who has access to production logs can read sensitive customer information contained in chatbot conversation logs, which leads to unauthorized exposure of personal customer details, resulting in reduced confidentiality of impacted individuals and sensitive data" - }, - { - "id": "12c09063-e456-445d-adee-5b84840fa213", - "numericId": 31, - "displayOrder": 31, - "metadata": [ - { - "key": "Priority", - "value": "High" - }, - { - "key": "STRIDE", - "value": [ - "T" - ] - } - ], - "tags": [ - "Knowledge Database" - ], - "threatSource": "internal actor", - "prerequisites": "who has access to deploy code changes", - "threatAction": "inject malicious logic into the chatbot code to corrupt or manipulate RAG knowledge-base (e.g. Amazon OpenSearch Serverless)", - "threatImpact": "providing incorrect information to customers", - "impactedGoal": [ - "integrity" - ], - "impactedAssets": [ - "knowledge database" - ], - "statement": "An internal actor who has access to deploy code changes can inject malicious logic into the chatbot code to corrupt or manipulate RAG knowledge-base (e.g. Amazon OpenSearch Serverless), which leads to providing incorrect information to customers, resulting in reduced integrity of knowledge database" - }, - { - "id": "ddb6a6d5-664e-4e34-bec0-09d4ff319f67", - "numericId": 30, - "displayOrder": 30, - "metadata": [ - { - "key": "Priority", - "value": "High" - }, - { - "key": "STRIDE", - "value": [ - "I", - "D" - ] - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLSEC-04: Secure data and modeling environment](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-04.html)" - } - ], - "tags": [ - "OWASP:LLM10", - "Model Theft" - ], - "threatSource": "threat actor", - "prerequisites": "who uses carefully crafted queries to call inference model APIs", - "threatAction": "retrieve sensitive information that they were not intended to access", - "impactedGoal": [ - "confidentiality" - ], - "impactedAssets": [ - "intellectual property" - ], - "statement": "A threat actor who uses carefully crafted queries to call inference model APIs can retrieve sensitive information that they were not intended to access, resulting in reduced confidentiality of intellectual property" - }, - { - "id": "463f80c0-9786-4cfb-a3fb-30cc07f47ae1", - "numericId": 29, - "displayOrder": 29, - "metadata": [ - { - "key": "Priority", - "value": "High" - }, - { - "key": "STRIDE", - "value": [ - "I", - "T" - ] - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLSEC-04: Secure data and modeling environment](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-04.html)" - } - ], - "tags": [ - "OWASP:LLM10", - "Model Theft" - ], - "threatSource": "internal actor", - "prerequisites": "with access to model artifact repositories (for example, fine tuning data, model stores)", - "threatAction": "exfiltrate proprietary LLM data", - "threatImpact": "competitive misuse or training of shadow models", - "impactedGoal": [ - "confidentiality", - "integrity" - ], - "impactedAssets": [ - "intellectual property" - ], - "statement": "An internal actor with access to model artifact repositories (for example, fine tuning data, model stores) can exfiltrate proprietary LLM data, which leads to competitive misuse or training of shadow models, resulting in reduced confidentiality and/or integrity of intellectual property" - }, - { - "id": "e746ae8d-2840-4dd0-96a2-5d9656f7a62b", - "numericId": 28, - "displayOrder": 28, - "metadata": [ - { - "key": "STRIDE", - "value": [ - "T", - "I", - "E" - ] - }, - { - "key": "Priority", - "value": "High" - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLSEC-04: Secure data and modeling environment](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-04.html)" - } - ], - "tags": [ - "OWASP:LLM10", - "Model Theft" - ], - "threatSource": "external threat actor", - "prerequisites": "that can infiltrate insecure environments", - "threatAction": "exfiltrate proprietary LLM models and artifacts", - "threatImpact": "unauthorized competitive use", - "impactedGoal": [ - "confidentiality" - ], - "impactedAssets": [ - "intellectual property" - ], - "statement": "An external threat actor that can infiltrate insecure environments can exfiltrate proprietary LLM models and artifacts, which leads to unauthorized competitive use, resulting in reduced confidentiality of intellectual property" - }, - { - "id": "3c86f26b-21c5-4a34-ae3d-521cdd2734ac", - "numericId": 26, - "displayOrder": 26, - "metadata": [ - { - "key": "Priority", - "value": "Medium" - }, - { - "key": "STRIDE", - "value": [ - "I", - "R" - ] - } - ], - "tags": [ - "OWASP:LLM09", - "Overreliance" - ], - "threatSource": "LLM-powered application user", - "prerequisites": "who is overly dependent on LLM outputs", - "threatAction": "make unsupported decisions based on incorrect data or recommendations", - "impactedGoal": [ - "integrity" - ], - "impactedAssets": [ - "connected and downstream systems and data" - ], - "statement": "A LLM-powered application user who is overly dependent on LLM outputs can make unsupported decisions based on incorrect data or recommendations, resulting in reduced integrity of connected and downstream systems and data" - }, - { - "id": "b89e6369-cca5-43a1-a756-3587e52cf263", - "numericId": 25, - "displayOrder": 25, - "metadata": [ - { - "key": "Priority", - "value": "High" - }, - { - "key": "STRIDE", - "value": [ - "I" - ] - } - ], - "tags": [ - "OWASP:LLM09", - "Overreliance" - ], - "threatSource": "end user", - "prerequisites": "who is over reliant on LLM recommendations", - "threatAction": "accept biased, unethical, or incorrect guidance and advice", - "threatImpact": "discriminatory outcomes, reputational damage, financial loss, legal issues or cyber risks, resulting in reduced", - "impactedGoal": [ - "integrity", - "confidentiality" - ], - "impactedAssets": [ - "LLM system and connected resources" - ], - "statement": "An end user who is over reliant on LLM recommendations can accept biased, unethical, or incorrect guidance and advice, which leads to discriminatory outcomes, reputational damage, financial loss, legal issues or cyber risks, resulting in reduced, resulting in reduced integrity and/or confidentiality of LLM system and connected resources" - }, - { - "id": "8b755706-59d2-41c4-9075-0013b92af39a", - "numericId": 24, - "displayOrder": 24, - "metadata": [ - { - "key": "Priority", - "value": "High" - }, - { - "key": "STRIDE", - "value": [ - "E", - "I" - ] - } - ], - "tags": [ - "OWASP:LLM08", - "Excessive Agency" - ], - "threatSource": "external or internal threat actor", - "prerequisites": "who has access to an LLM system with excessive functional capabilities", - "threatAction": "abuse those capabilities when operating under ambiguous instructions", - "impactedGoal": [ - "integrity", - "availability" - ], - "impactedAssets": [ - "connected and downstream systems and data" - ], - "statement": "An external or internal threat actor who has access to an LLM system with excessive functional capabilities can abuse those capabilities when operating under ambiguous instructions, resulting in reduced integrity and/or availability of connected and downstream systems and data" - }, - { - "id": "8c24eec4-40be-4f17-888d-f22d37b39724", - "numericId": 23, - "displayOrder": 23, - "metadata": [ - { - "key": "Priority", - "value": "High" - }, - { - "key": "STRIDE", - "value": [ - "I" - ] - } - ], - "tags": [ - "OWASP:LLM08", - "Excessive Agency" - ], - "threatSource": "unconstrained LLM outputs", - "prerequisites": "passed to downstream functions", - "threatAction": "trigger impactful actions or decisions based on incorrect data or recommendations", - "impactedGoal": [ - "integrity" - ], - "impactedAssets": [ - "business systems and workflows" - ], - "statement": "An unconstrained LLM outputs passed to downstream functions can trigger impactful actions or decisions based on incorrect data or recommendations, resulting in reduced integrity of business systems and workflows" - }, - { - "id": "c5119071-e818-4e18-82da-b1f9670cd138", - "numericId": 22, - "displayOrder": 22, - "metadata": [ - { - "key": "STRIDE", - "value": [ - "E" - ] - }, - { - "key": "Priority", - "value": "High" - } - ], - "tags": [ - "OWASP:LLM08", - "Excessive Agency" - ], - "threatSource": "external or internal threat actor who has access to LLM agents", - "prerequisites": "granted permissions to access external systems", - "threatAction": "abuse those permissions", - "threatImpact": "damage connected systems when operating under ambiguous instructions", - "impactedGoal": [ - "integrity", - "availability" - ], - "impactedAssets": [ - "connected and downstream systems and data" - ], - "statement": "An external or internal threat actor who has access to LLM agents granted permissions to access external systems can abuse those permissions, which leads to damage connected systems when operating under ambiguous instructions, resulting in reduced integrity and/or availability of connected and downstream systems and data" - }, - { - "id": "f86740d7-d4b4-407b-b394-29faf5cb434e", - "numericId": 21, - "displayOrder": 21, - "metadata": [ - { - "key": "STRIDE", - "value": [ - "E" - ] - }, - { - "key": "Priority", - "value": "Medium" - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLOE-13: Establish reliable packaging patterns to access approved public libraries](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mloe-13.html)" - } - ], - "tags": [ - "OWASP:LLM07", - "Insecure Plugin Design" - ], - "threatSource": "overprivileged LLM plugin", - "prerequisites": "granted excessive permissions", - "threatAction": "abuse those permissions to access unauthorized resources or functionality", - "impactedGoal": [ - "confidentiality", - "integrity", - "availability" - ], - "impactedAssets": [ - "connected and downstream systems and data" - ], - "statement": "An overprivileged LLM plugin granted excessive permissions can abuse those permissions to access unauthorized resources or functionality, resulting in reduced confidentiality, integrity and/or availability of connected and downstream systems and data" - }, - { - "id": "18307985-2313-4013-ba87-20659affb092", - "numericId": 20, - "displayOrder": 20, - "metadata": [ - { - "key": "Priority", - "value": "Medium" - }, - { - "key": "STRIDE", - "value": [ - "E" - ] - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLOE-13: Establish reliable packaging patterns to access approved public libraries](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mloe-13.html)" - } - ], - "tags": [ - "OWASP:LLM07", - "Insecure Plugin Design" - ], - "threatSource": "internal plugin or agent developer who", - "prerequisites": "is using insecure coding practices", - "threatAction": "introduce vulnerabilities through unsafe plugin code execution, input validation, access controls", - "impactedGoal": [ - "confidentiality", - "integrity", - "availability" - ], - "impactedAssets": [ - "connected and downstream systems and data" - ], - "statement": "An internal plugin or agent developer who is using insecure coding practices can introduce vulnerabilities through unsafe plugin code execution, input validation, access controls, resulting in reduced confidentiality, integrity and/or availability of connected and downstream systems and data" - }, - { - "id": "a991d803-5b77-4593-b159-3d3076119ea8", - "numericId": 19, - "displayOrder": 19, - "metadata": [ - { - "key": "STRIDE", - "value": [ - "E" - ] - }, - { - "key": "Priority", - "value": "Medium" - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLOE-13: Establish reliable packaging patterns to access approved public libraries](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mloe-13.html)" - } - ], - "tags": [ - "OWASP:LLM07", - "Insecure Plugin Design" - ], - "threatSource": "malicious user", - "prerequisites": "permitted to enable third-party LLM plugins", - "threatAction": "exploit plugin vulnerabilities", - "threatImpact": "emote code execution", - "impactedGoal": [ - "confidentiality", - "integrity", - "availability" - ], - "impactedAssets": [ - "connected and downstream systems and data" - ], - "statement": "A malicious user permitted to enable third-party LLM plugins can exploit plugin vulnerabilities, which leads to emote code execution, resulting in reduced confidentiality, integrity and/or availability of connected and downstream systems and data" - }, - { - "id": "9ca57e07-5d5b-43c6-87ae-c5bf6e7b4c2f", - "numericId": 18, - "displayOrder": 18, - "metadata": [ - { - "key": "Priority", - "value": "Medium" - }, - { - "key": "STRIDE", - "value": [ - "I" - ] - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLSEC-07: Keep only relevant data](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-07.html)" - } - ], - "tags": [ - "OWASP:LLM06", - "Sensitive Info Disclosure" - ], - "threatSource": "LLM developer or trainer", - "prerequisites": "who trains an LLM model on sparse training data without proper regularization techniques can overfit the model, which may allow an LLM to memorize and replicate unique data and", - "threatAction": "expose confidential information", - "impactedGoal": [ - "confidentiality" - ], - "impactedAssets": [ - "sensitive user and training data" - ], - "statement": "An LLM developer or trainer who trains an LLM model on sparse training data without proper regularization techniques can overfit the model, which may allow an LLM to memorize and replicate unique data and can expose confidential information, resulting in reduced confidentiality of sensitive user and training data" - }, - { - "id": "ec7ba485-8db3-46f9-bd74-8397503d0853", - "numericId": 17, - "displayOrder": 17, - "metadata": [ - { - "key": "STRIDE", - "value": [ - "I" - ] - }, - { - "key": "Priority", - "value": "Medium" - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLSEC-07: Keep only relevant data](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-07.html)" - } - ], - "tags": [ - "OWASP:LLM06", - "Sensitive Info Disclosure" - ], - "threatSource": "LLM developer or trainer", - "prerequisites": "who applies insufficient data anonymization to a LLM training or fine tuning dataset", - "threatAction": "allow sensitive data to remain identifiable", - "threatImpact": "exposing it via model outputs", - "impactedGoal": [ - "confidentiality" - ], - "impactedAssets": [ - "impacted individuals and sensitive data" - ], - "statement": "An LLM developer or trainer who applies insufficient data anonymization to an LLM training or fine tuning dataset can allow sensitive data to remain identifiable, which leads to exposing it via model outputs, resulting in reduced confidentiality of impacted individuals and sensitive data" - }, - { - "id": "f31ca02f-49a0-44df-8718-0e56d500ed4f", - "numericId": 16, - "displayOrder": 16, - "metadata": [ - { - "key": "Priority", - "value": "High" - }, - { - "key": "STRIDE", - "value": [ - "I" - ] - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLSEC-07: Keep only relevant data](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-07.html)" - } - ], - "tags": [ - "OWASP:LLM06", - "Sensitive Info Disclosure" - ], - "threatSource": "LLM developer or trainer", - "prerequisites": "who trains an LLM on confidential data without proper safeguards", - "threatAction": "expose that data", - "threatImpact": "unfiltered model outputs", - "impactedGoal": [ - "confidentiality" - ], - "impactedAssets": [ - "sensitive user and training data" - ], - "statement": "An LLM developer or trainer who trains an LLM on confidential data without proper safeguards can expose that data, which leads to unfiltered model outputs, resulting in reduced confidentiality of sensitive user and training data" - }, - { - "id": "a64f9026-b1a9-4835-8bb9-6fd7eeb2d4b4", - "numericId": 15, - "displayOrder": 15, - "metadata": [ - { - "key": "STRIDE", - "value": [ - "E", - "S" - ] - }, - { - "key": "Priority", - "value": "Medium" - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLOE-12: Automate operations through MLOps and CI/CD](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mloe-12.html)\n- [MLOE-13: Establish reliable packaging patterns to access approved public libraries](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mloe-13.html)" - } - ], - "tags": [ - "OWASP:LLM05", - "Supply Chain Vulnerabilities" - ], - "threatSource": "external or internal threat actor", - "prerequisites": "who has access to a LLM powered application using a deprecated third-party LLM inference API", - "threatAction": "introduce vulnerabilities", - "threatImpact": "allowing exploits compromising", - "impactedGoal": [ - "integrity", - "availability" - ], - "impactedAssets": [ - "connected and downstream systems and data" - ], - "statement": "An external or internal threat actor who has access to an LLM powered application using a deprecated third-party LLM inference API can introduce vulnerabilities, which leads to allowing exploits compromising, resulting in reduced integrity and/or availability of connected and downstream systems and data" - }, - { - "id": "7dc2a880-a3fa-4e34-ad0a-ae38e559e635", - "numericId": 14, - "displayOrder": 14, - "metadata": [ - { - "key": "Priority", - "value": "High" - }, - { - "key": "STRIDE", - "value": [ - "E", - "R" - ] - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLOE-12: Automate operations through MLOps and CI/CD](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mloe-12.html)\n- [MLOE-13: Establish reliable packaging patterns to access approved public libraries](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mloe-13.html)" - } - ], - "tags": [ - "OWASP:LLM05", - "Supply Chain Vulnerabilities" - ], - "threatSource": "third-party data supplier", - "prerequisites": "may intentionally or unintentionally provide poisoned training data", - "threatAction": "contain manipulation, bias or malicious content", - "impactedGoal": [ - "integrity", - "effectiveness" - ], - "impactedAssets": [ - "the LLM model" - ], - "statement": "A third-party data supplier may intentionally or unintentionally provide poisoned training data can contain manipulation, bias or malicious content, resulting in reduced integrity and/or effectiveness of the LLM model" - }, - { - "id": "e90160ad-413c-46aa-923e-9474be7f46ab", - "numericId": 13, - "displayOrder": 13, - "metadata": [ - { - "key": "Priority", - "value": "Medium" - }, - { - "key": "STRIDE", - "value": [ - "I", - "E" - ] - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLOE-12: Automate operations through MLOps and CI/CD](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mloe-12.html)\n- [MLOE-13: Establish reliable packaging patterns to access approved public libraries](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mloe-13.html)" - } - ], - "tags": [ - "OWASP:LLM05", - "Supply Chain Vulnerabilities" - ], - "threatSource": "external or internal threat actor", - "prerequisites": "who has access to a LLM powered application using compromised upstream open source dependencies", - "threatAction": "enable exploits through vulnerabilities", - "impactedGoal": [ - "confidentiality", - "integrity", - "availability" - ], - "impactedAssets": [ - "LLM system and connected resources" - ], - "statement": "A external or internal threat actor who has access to an LLM powered application using compromised upstream open source dependencies can enable exploits through vulnerabilities, resulting in reduced confidentiality, integrity and/or availability of LLM system and connected resources" - }, - { - "id": "1be9f710-a140-434b-acdc-598fd1b502d4", - "numericId": 12, - "displayOrder": 12, - "metadata": [ - { - "key": "Priority", - "value": "Medium" - }, - { - "key": "STRIDE", - "value": [ - "D" - ] - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLCOST-29: Monitor endpoint usage and right-size the instance fleet](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlcost-29.html)\n- [MLREL-12: Allow automatic scaling of the model endpoint](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlrel-12.html)\n- [MLREL-13: Ensure a recoverable endpoint with a managed version control strategy](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlrel-13.html)" - } - ], - "tags": [ - "OWASP:LLM04", - "Model Denial of Service" - ], - "threatSource": "malicious user", - "prerequisites": "who is able to access a LLM API", - "threatAction": "submit expensive requests", - "threatImpact": "high hosting costs", - "impactedGoal": [ - "incurring financial losses" - ], - "impactedAssets": [ - "the LLM service provider" - ], - "statement": "A malicious user who is able to access an LLM API can submit expensive requests, which leads to high hosting costs, resulting in reduced incurring financial losses of the LLM service provider" - }, - { - "id": "35847c8f-a4a4-481f-8ad2-fab684801eec", - "numericId": 11, - "displayOrder": 11, - "metadata": [ - { - "key": "Priority", - "value": "Medium" - }, - { - "key": "STRIDE", - "value": [ - "D" - ] - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLCOST-29: Monitor endpoint usage and right-size the instance fleet](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlcost-29.html)\n- [MLREL-12: Allow automatic scaling of the model endpoint](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlrel-12.html)\n- [MLREL-13: Ensure a recoverable endpoint with a managed version control strategy](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlrel-13.html)" - } - ], - "tags": [ - "OWASP:LLM04", - "Model Denial of Service" - ], - "threatSource": "malicious user", - "prerequisites": "with access to submit LLM requests", - "threatAction": "abuse request batching systems", - "threatImpact": "overwhelm resources with queued jobs", - "impactedGoal": [ - "availability" - ], - "impactedAssets": [ - "the LLM inference API" - ], - "statement": "A malicious user with access to submit LLM requests can abuse request batching systems, which leads to overwhelm resources with queued jobs, resulting in reduced availability of the LLM inference API" - }, - { - "id": "94328fbc-0ade-45b5-aae9-68075bd91a3d", - "numericId": 10, - "displayOrder": 10, - "metadata": [ - { - "key": "STRIDE", - "value": [ - "D" - ] - }, - { - "key": "Priority", - "value": "Medium" - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLCOST-29: Monitor endpoint usage and right-size the instance fleet](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlcost-29.html)\n- [MLREL-12: Allow automatic scaling of the model endpoint](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlrel-12.html)\n- [MLREL-13: Ensure a recoverable endpoint with a managed version control strategy](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlrel-13.html)" - } - ], - "tags": [ - "OWASP:LLM04", - "Model Denial of Service" - ], - "threatSource": "external threat actor", - "prerequisites": "able to submit requests to an LLM API", - "threatAction": "overwhelm it with expensive computing operations", - "threatImpact": "denying service to legitimate users", - "impactedGoal": [ - "availability" - ], - "impactedAssets": [ - "the LLM inference API" - ], - "statement": "An external threat actor able to submit requests to an LLM API can overwhelm it with expensive computing operations, which leads to denying service to legitimate users, resulting in reduced availability of the LLM inference API" - }, - { - "id": "c1ef6f15-be68-46ed-a724-1a8647f2439c", - "numericId": 9, - "displayOrder": 9, - "metadata": [ - { - "key": "STRIDE", - "value": [ - "T" - ] - }, - { - "key": "Priority", - "value": "High" - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLSEC-04: Secure data and modeling environment](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-04.html)\n- [MLSEC-06: Enforce data lineage](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-06.html)\n- [MLSEC-10: Protect against data poisoning threats](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-06.html)" - } - ], - "tags": [ - "OWASP:LLM03", - "Training Data Poisoning" - ], - "threatSource": "internal actor", - "prerequisites": "with access to manage training or fine tuning pipelines", - "threatAction": "inject malicious tools or processes", - "threatImpact": "tamper training data", - "impactedGoal": [ - "integrity" - ], - "impactedAssets": [ - "the LLM model" - ], - "statement": "An internal actor with access to manage training or fine tuning pipelines can inject malicious tools or processes, which leads to tamper training data, resulting in reduced integrity of the LLM model" - }, - { - "id": "4da54619-9e64-42c3-b5ce-3427cfea5ad7", - "numericId": 8, - "displayOrder": 8, - "metadata": [ - { - "key": "Priority", - "value": "High" - }, - { - "key": "STRIDE", - "value": [ - "I", - "T" - ] - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLSEC-04: Secure data and modeling environment](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-04.html)\n- [MLSEC-06: Enforce data lineage](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-06.html)\n- [MLSEC-10: Protect against data poisoning threats](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-06.html)" - } - ], - "tags": [ - "OWASP:LLM03", - "Training Data Poisoning" - ], - "threatSource": "external training data sources", - "prerequisites": "of questionable integrity", - "threatAction": "contain manipulated, biased or malicious data", - "threatImpact": "degrading", - "impactedGoal": [ - "integrity", - "effectiveness" - ], - "impactedAssets": [ - "the LLM model" - ], - "statement": "An external training data sources of questionable integrity can contain manipulated, biased or malicious data, which leads to degrading, resulting in reduced integrity and/or effectiveness of the LLM model" - }, - { - "id": "1696e6d2-1656-4f1f-8484-a4f0490e102e", - "numericId": 7, - "displayOrder": 7, - "metadata": [ - { - "key": "Priority", - "value": "High" - }, - { - "key": "STRIDE", - "value": [ - "T", - "I", - "S" - ] - }, - { - "key": "Comments", - "value": "**AWS Well-Architected Framework – ML Lens Recommendation mapping**\n\n- [MLSEC-04: Secure data and modeling environment](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-04.html)\n- [MLSEC-06: Enforce data lineage](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-06.html)\n- [MLSEC-10: Protect against data poisoning threats](https://docs.aws.amazon.com/wellarchitected/latest/machine-learning-lens/mlsec-06.html)" - } - ], - "tags": [ - "OWASP:LLM03", - "Training Data Poisoning" - ], - "threatSource": "internal actor", - "prerequisites": "with access to upload training or fine tuning data", - "threatAction": "intentionally introduce manipulated, biased or malicious data", - "impactedGoal": [ - "integrity", - "effectiveness" - ], - "impactedAssets": [ - "the LLM model" - ], - "statement": "An internal actor with access to upload training or fine tuning data can intentionally introduce manipulated, biased or malicious data, resulting in reduced integrity and/or effectiveness of the LLM model" - }, - { - "id": "9f5e358e-6ef8-42b1-9e99-7995db22839f", - "numericId": 6, - "displayOrder": 6, - "metadata": [ - { - "key": "STRIDE", - "value": [ - "E" - ] - }, - { - "key": "Priority", - "value": "Medium" - } - ], - "tags": [ - "OWASP:LLM02", - "Insecure Output Handling" - ], - "threatSource": "malicious user", - "prerequisites": "able to influence LLM outputs", - "threatAction": "craft malicious payloads", - "threatImpact": "unchecked to downstream function payloads", - "impactedGoal": [ - "achieving remote code execution or privilege escalation" - ], - "impactedAssets": [ - "connected and downstream systems and data" - ], - "statement": "A malicious user able to influence LLM outputs can craft malicious payloads, which leads to unchecked to downstream function payloads, resulting in reduced achieving remote code execution or privilege escalation of connected and downstream systems and data" - }, - { - "id": "5ac8c35d-0dad-4ec6-b35c-eae99b16ec85", - "numericId": 5, - "displayOrder": 5, - "metadata": [ - { - "key": "Priority", - "value": "Medium" - }, - { - "key": "STRIDE", - "value": [ - "I" - ] - } - ], - "tags": [ - "OWASP:LLM02", - "Insecure Output Handling" - ], - "threatSource": "LLM", - "prerequisites": "with insufficient safeguards against harmful content generation during prompting or inference", - "threatAction": "generate malicious outputs", - "threatImpact": "exploiting vulnerabilities like command injections in integrated downstream functions when malicious outputs are passed to them", - "impactedGoal": [ - "confidentiality", - "integrity", - "availability" - ], - "impactedAssets": [ - "LLM system and connected resources" - ], - "statement": "An LLM with insufficient safeguards against harmful content generation during prompting or inference can generate malicious outputs, which leads to exploiting vulnerabilities like command injections in integrated downstream functions when malicious outputs are passed to them, resulting in reduced confidentiality, integrity and/or availability of LLM system and connected resources" - }, - { - "id": "cfd06768-4276-4dc4-a9b2-0a13685c80fa", - "numericId": 4, - "displayOrder": 4, - "metadata": [ - { - "key": "Priority", - "value": "Medium" - }, - { - "key": "STRIDE", - "value": [ - "I" - ] - } - ], - "tags": [ - "OWASP:LLM02", - "Insecure Output Handling" - ], - "threatSource": "malicious user", - "prerequisites": "able to interact with an LLM system", - "threatAction": "exploit insufficient output encoding", - "threatImpact": "achieve XSS or code injection", - "impactedGoal": [ - "confidentiality", - "integrity" - ], - "impactedAssets": [ - "user data" - ], - "statement": "A malicious user able to interact with an LLM system can exploit insufficient output encoding, which leads to achieve XSS or code injection, resulting in reduced confidentiality and/or integrity of user data" - }, - { - "id": "0a054002-03d9-41cb-8b1d-1c9492c3fbb6", - "numericId": 3, - "displayOrder": 3, - "metadata": [ - { - "key": "STRIDE", - "value": [ - "I" - ] - }, - { - "key": "Priority", - "value": "High" - } - ], - "tags": [ - "OWASP:LLM01", - "Prompt Injection", - "Indirect" - ], - "threatSource": "malicious user", - "prerequisites": "who enables compromised LLM plugins or agents in a LLM system", - "threatAction": "manipulate it via indirect or direct prompt injection", - "threatImpact": "access unauthorized functionality or data", - "impactedGoal": [ - "confidentiality", - "integrity" - ], - "impactedAssets": [ - "connected and downstream systems and data" - ], - "statement": "A malicious user who enables compromised LLM plugins or agents in an LLM system can manipulate it via indirect or direct prompt injection, which leads to access unauthorized functionality or data, resulting in reduced confidentiality and/or integrity of connected and downstream systems and data" - }, - { - "id": "65ea8ac6-ec13-4c20-b88f-a9f5a35858f5", - "numericId": 2, - "displayOrder": 2, - "metadata": [ - { - "key": "Priority", - "value": "Medium" - }, - { - "key": "STRIDE", - "value": [ - "T" - ] - } - ], - "tags": [ - "OWASP:LLM01", - "Prompt Injection", - "Indirect" - ], - "threatSource": "malicious user", - "prerequisites": "able to submit content to an LLM system", - "threatAction": "embed malicious prompts in that content", - "threatImpact": "manipulate the LLM into undertaking harmful actions", - "impactedGoal": [ - " compromising integrity and availability" - ], - "impactedAssets": [ - "LLM system and connected resources" - ], - "statement": "A malicious user able to submit content to an LLM system can embed malicious prompts in that content, which leads to manipulate the LLM into undertaking harmful actions, resulting in reduced compromising integrity and availability of LLM system and connected resources" - }, - { - "id": "3c4b9ded-09ef-4bc1-8fdd-845009e1a273", - "numericId": 1, - "displayOrder": 1, - "metadata": [ - { - "key": "STRIDE", - "value": [ - "T" - ] - }, - { - "key": "Priority", - "value": "High" - } - ], - "tags": [ - "OWASP:LLM01", - "Prompt Injection", - "Direct" - ], - "threatSource": "malicious user", - "prerequisites": "with ability to interact with an LLM system", - "threatAction": "overwrite the system prompt with a crafted prompts", - "threatImpact": "force unintended actions from the LLM", - "impactedAssets": [ - "LLM system and connected resources" - ], - "statement": "A malicious user with ability to interact with an LLM system can overwrite the system prompt with a crafted prompts, which leads to force unintended actions from the LLM, negatively impacting LLM system and connected resources" - } - ] -} \ No newline at end of file diff --git a/packages/threat-composer/src/data/threatPacks/threatPacks.ts b/packages/threat-composer/src/data/threatPacks/threatPacks.ts index c694419..6709aa2 100644 --- a/packages/threat-composer/src/data/threatPacks/threatPacks.ts +++ b/packages/threat-composer/src/data/threatPacks/threatPacks.ts @@ -13,11 +13,11 @@ See the License for the specific language governing permissions and limitations under the License. ******************************************************************************************************************** */ -import GenAI from './generated/GenAI.json'; +import GenAIChatbot from './generated/GenAIChatbot.json'; import { ThreatPack } from '../../customTypes'; const threatPacks = [ - GenAI, + GenAIChatbot, ] as ThreatPack[]; export default threatPacks; \ No newline at end of file