On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis

Luis Ruhländer; Emilian Popp; Maria Stylidou; Sajjad Khan; Davor Svetinovic

doi:10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102

On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis

Luis Ruhländer, Emilian Popp, Maria Stylidou, Sajjad Khan^*, Davor Svetinovic

^*Corresponding author for this work

Institute for Distributed Ledgers and Token Economy

Publication: Chapter in book/Conference proceeding › Contribution to conference proceedings

Abstract

Large Language Models (LLMs) have gained popularity since the release of ChatGPT in 2022. These systems utilize Artificial Intelligence (AI) algorithms to analyze natural language, enabling users to have sophisticated real-time conversations with them. The existing literature on LLMs is mostly focused on system design and lacks dedicated research on investigating privacy and security issues. To safeguard the interests of various stakeholders, it is crucial to understand the associated security and privacy risks of these models. Our study utilized STRIDE and LINDDUN methodologies to investigate security and privacy threats of LLMs. We presented a detailed system model of LLMs and analyzed the potential threats, vulnerabilities, security considerations, and mitigation tactics intrinsic to the design and deployment of various system components. Our comprehensive threat assessment showcases potential threats …

Original language	English
Title of host publication	2024 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics
Subtitle of host publication	Copenhagen, Denmark, 2024
Publisher	IEEE
Pages	543-550
ISBN (Electronic)	979-8-3503-5163-7
DOIs	https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102
Publication status	Published - 2024

Austrian Classification of Fields of Science and Technology (ÖFOS)

202022 Information technology

Keywords

LLMs
STRIDE
LINDDUN
Threat Modeling
cybersecurity
privacy

Access to Document

10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102Licence: Unspecified

Cite this

Ruhländer, L., Popp, E., Stylidou, M., Khan, S., & Svetinovic, D. (2024). On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis. In 2024 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics: Copenhagen, Denmark, 2024 (pp. 543-550). IEEE. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102

Ruhländer, Luis ; Popp, Emilian ; Stylidou, Maria et al. / On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis. 2024 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics: Copenhagen, Denmark, 2024. IEEE, 2024. pp. 543-550

@inproceedings{66c506baeb0c48ee92ce54df787b523e,

title = "On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis",

abstract = "Large Language Models (LLMs) have gained popularity since the release of ChatGPT in 2022. These systems utilize Artificial Intelligence (AI) algorithms to analyze natural language, enabling users to have sophisticated real-time conversations with them. The existing literature on LLMs is mostly focused on system design and lacks dedicated research on investigating privacy and security issues. To safeguard the interests of various stakeholders, it is crucial to understand the associated security and privacy risks of these models. Our study utilized STRIDE and LINDDUN methodologies to investigate security and privacy threats of LLMs. We presented a detailed system model of LLMs and analyzed the potential threats, vulnerabilities, security considerations, and mitigation tactics intrinsic to the design and deployment of various system components. Our comprehensive threat assessment showcases potential threats …",

keywords = "LLMs, STRIDE, LINDDUN, Threat Modeling, cybersecurity, privacy",

author = "Luis Ruhl{\"a}nder and Emilian Popp and Maria Stylidou and Sajjad Khan and Davor Svetinovic",

year = "2024",

doi = "10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102",

language = "English",

pages = "543--550",

booktitle = "2024 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing \& Communications (GreenCom) and IEEE Cyber, Physical \& Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics",

publisher = "IEEE",

}

Ruhländer, L, Popp, E, Stylidou, M, Khan, S & Svetinovic, D 2024, On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis. in 2024 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics: Copenhagen, Denmark, 2024. IEEE, pp. 543-550. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102

On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis. / Ruhländer, Luis; Popp, Emilian; Stylidou, Maria et al.
2024 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics: Copenhagen, Denmark, 2024. IEEE, 2024. p. 543-550.

Publication: Chapter in book/Conference proceeding › Contribution to conference proceedings

TY - GEN

T1 - On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis

AU - Ruhländer, Luis

AU - Popp, Emilian

AU - Stylidou, Maria

AU - Khan, Sajjad

AU - Svetinovic, Davor

PY - 2024

Y1 - 2024

N2 - Large Language Models (LLMs) have gained popularity since the release of ChatGPT in 2022. These systems utilize Artificial Intelligence (AI) algorithms to analyze natural language, enabling users to have sophisticated real-time conversations with them. The existing literature on LLMs is mostly focused on system design and lacks dedicated research on investigating privacy and security issues. To safeguard the interests of various stakeholders, it is crucial to understand the associated security and privacy risks of these models. Our study utilized STRIDE and LINDDUN methodologies to investigate security and privacy threats of LLMs. We presented a detailed system model of LLMs and analyzed the potential threats, vulnerabilities, security considerations, and mitigation tactics intrinsic to the design and deployment of various system components. Our comprehensive threat assessment showcases potential threats …

AB - Large Language Models (LLMs) have gained popularity since the release of ChatGPT in 2022. These systems utilize Artificial Intelligence (AI) algorithms to analyze natural language, enabling users to have sophisticated real-time conversations with them. The existing literature on LLMs is mostly focused on system design and lacks dedicated research on investigating privacy and security issues. To safeguard the interests of various stakeholders, it is crucial to understand the associated security and privacy risks of these models. Our study utilized STRIDE and LINDDUN methodologies to investigate security and privacy threats of LLMs. We presented a detailed system model of LLMs and analyzed the potential threats, vulnerabilities, security considerations, and mitigation tactics intrinsic to the design and deployment of various system components. Our comprehensive threat assessment showcases potential threats …

KW - LLMs

KW - STRIDE

KW - LINDDUN

KW - Threat Modeling

KW - cybersecurity

KW - privacy

U2 - 10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102

DO - 10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102

M3 - Contribution to conference proceedings

SP - 543

EP - 550

BT - 2024 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics

PB - IEEE

ER -

Ruhländer L, Popp E, Stylidou M, Khan S, Svetinovic D. On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis. In 2024 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics: Copenhagen, Denmark, 2024. IEEE. 2024. p. 543-550 doi: 10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00102