Bachelor and Master Theses

Background

Smart systems are complicated and require robust security measures. Data Flow Diagrams (DFDs) are essential for visualizing data movement within these systems and identifying potential security vulnerabilities. However, the manual creation of DFDs is time-consuming and prone to human error. This thesis aims to investigate whether AI can streamline the creation of accurate DFDs, improve efficiency, and support security analysis in smart systems. The input for the LLM model will consist of detailed textual descriptions of smart system configurations and security requirements. These descriptions will outline information such as system components, their interactions, data flows, and security considerations. By training the model on a dataset that pairs these descriptions with their corresponding Data Flow Diagrams (DFDs), the LLM will learn to translate textual specifications into visual representations. The goal is for the AI model to generate DFDs based on input descriptions, accurately mapping out the data flows, processes, and entities within the smart system to facilitate security analysis.

Research Question

How can AI tools, such as Large Language Models (LLMs), be used to create Data Flow Diagrams (DFDs) for smart room systems to support security analysis?

Methodology

1. Data Collection: Collect a data set of 20-25 DFDs for smart systems and corresponding system descriptions. These descriptions will include detailed information about system components, interactions, data flows, and security considerations.
2. Model Training: Train an AI model (e.g. GPT-3) on these DFDs and descriptions to understand the DFD structure and data flow relationships. The model will learn to translate textual specifications into visual representations.
3. AI-Generated DFDs: Use the trained AI model to create DFDs for 10 different smart system configurations based on input descriptions.
4. Comparative Analysis: Compare AI-generated DFDs with manually created ones to evaluate accuracy, completeness and quality.
5. Usability Testing: Test the compatibility of the AI-generated DFDs with the Microsoft Threat Modeling Tool to evaluate their effectiveness in real-world security assessments.

Expected Results

1. Development of an AI-based DFD Tool: An AI tool capable of generating DFDs for smart systems to support security analysis, translating textual descriptions into accurate visual representations.
2. Comparative Insights: An evaluation of the quality and accuracy of AI-generated diagrams compared to human-generated diagrams.
3. Practical Application in Security Planning: Recommendations for incorporating AI-generated diagrams into security planning and threat modeling processes in a controlled smart room lab environment.

This thesis could advance automated security diagrams and make threat analysis in smart systems more accessible and efficient by leveraging AI to translate complex system descriptions into visual DFDs, potentially reducing human error and improving the speed of security analysis.

• Understanding of Data Flow Diagrams (DFDs) and their role in security analysis of systems.
• Knowledge of smart systems architecture and components, particularly in the context of smart homes or buildings.
• Experience with AI and machine learning techniques, especially Large Language Models (LLMs) like GPT-3.
• Familiarity with cybersecurity principles and common vulnerabilities in smart systems.

For further information, please contact sara.abbaspour at mdu.se