STRIDE is a well-known threat modeling framework initially developed by Microsoft and widely used in cybersecurity to identify and mitigate potential threats. This tutorial focuses on STRIDE-AI, an approach which adapts the STRIDE threat modeling framework to identify vulnerabilities in Machine Learning (ML) assets. The methodology is based on the concept of failure mode, i.e., the specific manner or way in which a system, component, or process can fail to perform its intended function. In the ML context, failure modes are the various ways an ML model can go wrong or produce incorrect results. Understanding and identifying failure modes is crucial in threat modeling and improving the security and reliability of ML systems. STRIDE-AI supports defining key security properties of ML assets, identifying threats, and selecting, testing, and verifying security controls.

Key Points about STRIDE-AI:

• Conceptually Simple: Like the original STRIDE, STRIDE-AI methodology maps potential ML failure modes to threats and (violation of) desired security properties;
• Asset-Centered: Focuses on ML assets and their failure modes;
• Industrial Case Studies: STRIDE-AI is illustrated through real-world use cases;
• Ready to Deploy: STRIDE-AI is supported by ready-to-use material.

Tutorial Program

1. Introduction to Threat Modeling
   • Overview of Threat Modeling: What it is and why it is essential
   • Key Concepts: Trust Boundaries, Attack Vectors, Threat Agents, etc
2. Understanding ML Models and Their Vulnerabilities
   • Basics of Machine Learning: How ML models work
   • Common Vulnerabilities: Data poisoning, adversarial attacks, model extraction, etc
3. Threat Modeling for ML Models
   • Step-by-Step Guide: How to perform threat modeling specifically for ML models
   • Tools and Techniques: Using STRIDE-AI. Comparison with tools like IriusRisk, Microsoft’s SDL, etc
4. Case Studies and Real-World Examples
   • Case Studies: Analysis of real-world incidents involving ML threats
   • Discussion: What went wrong and how it could have been prevented
5. Mitigation Strategies
   • Best Practices: How to secure ML models against identified threats
   • Implementation: Practical steps to implement these strategies
6. Hands-On Workshop
   • Practical Exercises: Participants work in groups on a threat modeling exercise
   • Group Activities: Comparison threat modeling sessions
7. Advanced Topics
   • Adversarial Machine Learning: Deep dive into adversarial attacks and defenses
   • Future Trends: Emerging threats and future directions in ML security
8. Q&A and Wrap-Up
   • Open Discussion: Addressing participant questions
   • Summary: Recap of key takeaways and next steps

A basic understanding of key Machine Learning concepts such as supervised and unsupervised learning, model evaluation metrics, overfitting, data preprocessing, and common algorithms will be helpful for participants to grasp the threat modeling techniques presented in the STRIDE-AI tutorial.