Threat modeling of AI Nutrition-Pro

[xvnpw]

Architecture

This document outlines the architecture of the AI Nutrition-Pro application, including system context, containers, and deployment views. The architecture is depicted using C4 diagrams for enhanced clarity..

System Context diagram

C4Context
  title System Context diagram for AI Nutrition-Pro
  Enterprise_Boundary(b0, "AI Nutrition-Pro boundary") {
    System(anps1, "AI Nutrition-Pro API Service")
  }
  Enterprise_Boundary(b1, "OpenAI") {
    System_Ext(ChatGPT, "ChatGPT", "LLM")
  }
  Enterprise_Boundary(b2, "Meal Planner A") {
    Person_Ext(n1, "Dietitian A")
    System_Ext(apa, "Meal Planner A System")
  }
  Rel(anps1, ChatGPT, "Uses for LLM featured content creation", "REST")
  Rel(n1, apa, "Uses for diet creation")
  Rel(apa, anps1, "Uses for AI content generation", "REST")

• AI Nutrition-Pro is API backend application that uses OpenAI ChatGPT as LLM solution. It connects to OpenAI server using REST.
• Meal Planner A is one of many Meal Planner applications that can be integrated with AI Nutrition-Pro. It connects to AI Nutrition-Pro using REST.
• Dietitian A uses Meal Planner A for making diets. For example, dietitian can generate new diet introductions based on existing ones. LLMs can create this content following personal style of dietitian.

Containers Context diagram

C4Container
    title Container diagram for AI Nutrition-Pro

    Container_Boundary(c0, "AI Nutrition-Pro") {
        Container(api_gateway, "API Gateway", "Kong", "Authentication of clients, filtering of input, rate limiting")
        Container(app_control_plane, "Web Control Plane", "Golang, AWS Elastic Container Service", "Provides control plane to onboard and manage clients, configuration and check billing data")
        ContainerDb(control_plan_db, "Control Plane Database", "Amazon RDS", "Stores all data related to control plan, tenants, billing")
        Container(backend_api, "API Application", "Golang, AWS Elastic Container Service", "Provides AI Nutrition-Pro functionality via API")
        ContainerDb(api_db, "API database", "Amazon RDS", "Stores dietitian' content samples, request and responses to LLM.")
        Person(admin, "Administrator", "Administrator of AI Nutrition-Pro application")
        Person(onboard_manager, "App Onboarding Manager", "Employee that is onboarding new Meal Planner applications to AI Nutrition-Pro application")
    }

    Person(ce1, "Meal Planner application manager", "Meal Planner employee designated to manage AI Nutrition-Pro integration")

    System_Ext(mealApp, "Meal Planner", "Application to create diets by dietitians")
    Person_Ext(n1, "Dietitian")

    System_Ext(chatgpt, "ChatGPT-3.5", "LLM")

    Rel(n1, mealApp, "Uses for diet creation")
    Rel(mealApp, api_gateway, "Uses for AI content generation", "HTTPS/REST")
    Rel(api_gateway, backend_api, "Uses for AI content generation", "HTTPS/REST")
    Rel(ce1, app_control_plane, "Manage billings, onboard new dietitians")
    Rel(admin, app_control_plane, "Configure system properties")
    Rel(onboard_manager, app_control_plane, "Creates new tenant. Onboarding new meal planner applications")
    Rel(backend_api, chatgpt, "Utilizes ChatGPT for LLM-featured content creation", "HTTPS/REST")

    Rel(app_control_plane, control_plan_db, "read/write data", "TLS")
    Rel(backend_api, api_db, "read/write data", "TLS")

External systems and persons

Name	Type	Description	Responsibilities
Meal Planner application	External system, web application	One of many Meal Planner applications that can be integrated with AI Nutrition-Pro. It connects to AI Nutrition-Pro using REST and HTTPS.	- uploads samples of dietitians' content to AI Nutrition-Pro - fetches AI generated results, e.g. diet introduction, from AI Nutrition-Pro
Dietitian	External person	It's a customer of Meal Planner application. It's using Meal Planner to create diets for patients. It will see AI generated content directly in Meal Planner.	- creates diets - consents to AI processing of data
ChatGPT-3.5	External system, API	It's OpenAI product, an LLM solution	It will be used to generate content based on provided samples.

AI Nutrition-Pro container context systems and persons

Name	Type	Description	Responsibilities
Web Control Plane	Internal system, Web application	It's written using Golang and deployed as Docker container into AWS Elastic Container Service. It uses Control Plane Database to store data. It's used in 3 roles: Administrator, App Onboarding Manager, and Meal Planner application manager.	Provide control plane to onboard and manage clients, configuration and check billing data
Control Plane Database	Internal database, Amazon RDS instance	Database	storing data for Web Control Plane
API Gateway	Internal system, API Gateway	Kong API Gateway	- authentication - rate limiting - filtering of input
API Application	Internal system, API application	It's written using Golang and deployed as Docker container into AWS Elastic Container Service	Provides AI Nutrition-Pro functionality via API.
API database	Internal database, Amazon RDS instance	Stored data: samples of dietitians' content, requests, and responses to LLM.	Storing data for API Application
Administrator	Internal Person	Administrator of AI Nutrition-Pro application.	- manage server configuration - resolve problems
App Onboarding Manager	Internal Person	Employee that is onboarding new Meal Planner applications to AI Nutrition-Pro application.	- manage configuration of integrated Meal Planner application
Meal Planner application manager	Internal Person	Employee of Meal Planner	Manages AI Nutrition-Pro integration, e.g. configuration, api keys, billings.

Deployment diagram

For deployment, we will use Amazon AWS Cloud.

C4Deployment
  title AI Nutrition-Pro deployment to AWS Cloud diagram
  Deployment_Node(aws, "AWS account") {
    Deployment_Node(vpc, "VPC", "App VPC") {
      Deployment_Node(ecs, "AWS ECS", "App ECS") {
        Container(api_gateway, "API Gateway", "Kong")
        Container(api_app, "API Application", "Golang")
        Container(web_control_plane, "Web Control Plane", "Golang")
      }
    }
    ContainerDb(api_db, "API Database", "AWS RDS")
    ContainerDb(control_plane_db, "Control Plane Database", "AWS RDS")
  }

  Rel(api_gateway, api_app, "REST/HTTPS")
  Rel(api_app, api_db, "Native/TLS")
  Rel(web_control_plane, control_plane_db, "Native/TLS")

• API Gateway - deployed into AWS ECS service and into App VPC. It's Kong. Accessing API Application using REST/HTTPS protocol.
• API Application - deployed as Docker container into AWS ECS service and into App VPC. It's application created in Golang. Accessing API Database using Native/TLS protocol.
• Web Control Plane - deployed as Docker container into AWS ECS service and into App VPC. It's application created in Golang. Accessing Control Plane Database using Native/TLS protocol.
• API Database - instance of AWS RDS.
• Control Plane Database - instance of AWS RDS.

[xvnpw]

/fabric create stride threat model:

[github-actions[bot]]

ASSETS

1. AI Nutrition-Pro API Service: Provides AI content generation functionality.
2. Control Plane Database: Stores data related to control plane, tenants, and billing.
3. API Database: Stores dietitian content samples, requests, and responses to LLM.
4. API Gateway: Manages authentication, rate limiting, and input filtering.
5. Web Control Plane: Manages client onboarding, configuration, and billing data.
6. Meal Planner Application: Integrates with AI Nutrition-Pro for diet creation.
7. ChatGPT-3.5: External LLM used for content generation.

TRUST BOUNDARIES

1. Boundary between AI Nutrition-Pro and OpenAI (ChatGPT-3.5): Communication via REST.
2. Boundary between Meal Planner Applications and AI Nutrition-Pro: Communication via REST/HTTPS.
3. Boundary between API Gateway and Backend API: Internal communication via REST/HTTPS.
4. Boundary between Web Control Plane and Control Plane Database: Internal communication via TLS.
5. Boundary between Backend API and API Database: Internal communication via TLS.

DATA FLOWS

1. Meal Planner Application to API Gateway: Uses AI content generation (crosses trust boundary).
2. API Gateway to Backend API: Uses AI content generation (crosses trust boundary).
3. Backend API to ChatGPT-3.5: Utilizes LLM for content creation (crosses trust boundary).
4. Web Control Plane to Control Plane Database: Read/write data (crosses trust boundary).
5. Backend API to API Database: Read/write data (crosses trust boundary).

THREAT MODEL

THREAT ID	COMPONENT NAME	THREAT NAME	STRIDE CATEGORY	WHY APPLICABLE	HOW MITIGATED	MITIGATION	LIKELIHOOD EXPLANATION	IMPACT EXPLANATION	RISK SEVERITY
0001	API Gateway	Unauthorized access to API Gateway	Spoofing	API Gateway handles authentication for external requests.	Authentication is managed by Kong API Gateway.	Implement multi-factor authentication and IP whitelisting.	Medium - Depends on strength of authentication mechanisms.	High - Unauthorized access could lead to data breaches.	High
0002	Backend API	Injection of malicious data	Tampering	Backend API processes input data from external sources.	Input filtering is performed by API Gateway.	Implement additional input validation and sanitization in Backend API.	Medium - Input filtering reduces risk, but not entirely mitigated.	High - Could lead to data corruption or unauthorized actions.	High
0003	Control Plane Database	Data exfiltration through compromised credentials	Information Disclosure	Stores sensitive billing and client data.	Access is controlled via AWS IAM policies.	Implement database encryption and regular access audits.	Low - AWS IAM policies provide strong access control.	High - Compromised data could lead to financial and reputational damage.	Medium
0004	API Database	Unauthorized data access	Information Disclosure	Stores sensitive dietitian content and LLM interactions.	Access is controlled via AWS IAM policies.	Implement database encryption and regular access audits.	Low - AWS IAM policies provide strong access control.	High - Unauthorized access could lead to data breaches and privacy violations.	Medium
0005	Web Control Plane	Unauthorized configuration changes	Elevation of Privilege	Manages client onboarding and configuration.	Role-based access control is implemented.	Implement logging and monitoring of configuration changes.	Medium - Role-based access control reduces risk, but insider threats remain.	High - Unauthorized changes could disrupt service and compromise data integrity.	High
0006	ChatGPT-3.5	Manipulation of AI-generated content	Tampering	AI-generated content is used for diet creation.	Content is generated based on provided samples.	Implement content validation and review processes.	Medium - Content manipulation is possible but requires specific knowledge.	Medium - Manipulated content could mislead users or violate compliance standards.	Medium

QUESTIONS & ASSUMPTIONS

1. Questions:

   • What specific authentication mechanisms are in place for the API Gateway?
   • Are there any existing logging and monitoring solutions for the Web Control Plane?
   • How often are access audits conducted for the databases?

2. Assumptions:

   • AWS IAM policies are correctly configured to restrict unauthorized access.
   • Kong API Gateway is configured with up-to-date security patches.
   • All data in transit is encrypted using TLS.

The threat model highlights realistic threats based on the architecture and provides mitigation strategies to address them. The focus is on defending against high-likelihood and high-impact threats while considering the difficulty of implementation.

[xvnpw]

/fabric create summary of stride threat model

[github-actions[bot]]

ONE SENTENCE SUMMARY:

The document outlines a threat model for AI Nutrition-Pro, detailing assets, trust boundaries, data flows, and mitigation strategies.

MAIN POINTS:

1. AI Nutrition-Pro API Service generates content using external LLM, ChatGPT-3.5.
2. Control Plane and API Databases store sensitive client, billing, and dietitian data.
3. API Gateway manages authentication, rate limiting, and input filtering.
4. Meal Planner Application integrates with AI Nutrition-Pro for diet creation.
5. Trust boundaries exist between various components, primarily using REST/HTTPS and TLS.
6. Data flows involve multiple trust boundary crossings, necessitating secure communication.
7. Threats include unauthorized access, data tampering, and information disclosure.
8. Mitigation strategies involve authentication, input validation, encryption, and access audits.
9. Risk severity is assessed based on likelihood and impact, with high-risk areas prioritized.
10. Questions and assumptions address authentication, logging, and access control configurations.

TAKEAWAYS:

1. Implement multi-factor authentication and IP whitelisting for API Gateway security.
2. Enhance input validation and sanitization in Backend API to prevent data tampering.
3. Regularly conduct access audits and encrypt databases to protect sensitive information.
4. Role-based access control and monitoring are crucial for Web Control Plane security.
5. Content validation and review processes are necessary to ensure AI-generated content integrity.

[xvnpw]

/fabric take the architecture from issue body and create threat scenarios

[github-actions[bot]]

THREAT SCENARIOS

• Unauthorized access to API Gateway through credential theft or brute force.
• Data breach from API Database exposing sensitive dietitian content.
• Compromise of Web Control Plane leading to unauthorized configuration changes.
• Denial of Service (DoS) attack on API Gateway causing service disruption.
• Exploitation of vulnerabilities in Golang applications leading to unauthorized access.
• Insider threat from App Onboarding Manager misusing access privileges.
• Data interception during transmission between API and ChatGPT.
• Unauthorized access to Control Plane Database through misconfiguration.
• Malicious actor gaining access to AWS account through phishing.
• API abuse by Meal Planner applications exceeding rate limits.
• Data leakage from API responses due to improper filtering.
• Compromise of ChatGPT API leading to unauthorized content generation.
• Misuse of AI-generated content by dietitians leading to legal issues.
• Failure of AWS ECS leading to application downtime.
• Inadequate logging and monitoring leading to delayed threat detection.

THREAT MODEL ANALYSIS

• Focus on realistic, high-impact scenarios for prioritization.
• Consider likelihood and impact of each threat scenario.
• Evaluate existing controls and identify gaps in protection.
• Assess insider threats and implement access controls.
• Prioritize threats based on potential business impact.
• Consider external threats like phishing and DoS attacks.
• Evaluate data protection during transmission and storage.
• Analyze potential misuse of AI-generated content.
• Ensure AWS account security against unauthorized access.
• Implement robust monitoring for timely threat detection.

RECOMMENDED CONTROLS

• Implement multi-factor authentication for all access points.
• Encrypt data in transit and at rest to protect confidentiality.
• Regularly update and patch Golang applications to mitigate vulnerabilities.
• Establish strict access controls and audit trails for sensitive data.
• Deploy Web Application Firewall (WAF) to protect against DoS attacks.
• Conduct regular security training for employees to prevent insider threats.
• Monitor API usage and enforce rate limiting to prevent abuse.
• Implement comprehensive logging and monitoring for threat detection.
• Secure AWS account with strong password policies and MFA.
• Review and update security policies regularly to address new threats.

NARRATIVE ANALYSIS

The AI Nutrition-Pro application architecture presents several potential threat scenarios, ranging from unauthorized access to data breaches and insider threats. While some scenarios, such as a DoS attack on the API Gateway, are more likely and have a significant impact, others, like the compromise of ChatGPT API, are less probable but still warrant consideration. The recommended controls focus on mitigating high-impact and likely threats, such as implementing multi-factor authentication, encrypting data, and enforcing strict access controls. Additionally, regular security training and monitoring are crucial for detecting and responding to threats promptly. By prioritizing realistic threats and implementing robust controls, the application can maintain a secure environment while delivering its intended functionality.

CONCLUSION

Prioritize realistic, high-impact threats and implement robust controls to ensure AI Nutrition-Pro's security and functionality.

[xvnpw]

COMMENT TO FABRIC RESULTS:

• ✅ /fabric create stride threat model
• ✅ /fabric create summary of stride threat model
• ✅ /fabric take the architecture from issue body and create threat scenarios