ThreMoLIA: Threat Modeling for LLM-Integrated Applications
| Reference number | |
| Coordinator | Blekinge Tekniska Högskola - Blekinge tekniska högskola Inst f programvaruteknik DIPT |
| Funding from Vinnova | SEK 1 997 295 |
| Project duration | June 2024 - June 2026 |
| Status | Ongoing |
| Venture | Advanced digitalization - Enabling technologies |
| Call | Cyber security for advanced digitalization 2024 |
Purpose and goal
The project aims at developing a threat modeling methodology for RAG-based LLM-Integrated Applications (LIAs) and a tool powered by a specialized LLM capable of generating and continuously maintaining threat models.
Expected effects and result
The project outcomes will yield new knowledge necessary to utilize LLM technologies best to enhance threat modeling, specifically of applications using RAG-based LLM components. The technical solution and accompanying methodology will enable stakeholders lacking expertise in AI, such as developers and architects, to perform threat modeling of such applications.
Planned approach and implementation
To achieve the project´s objectives, the consortium will collaborate to develop technical solutions and new knowledge. The experts in AI and software security from BTH and Ericsson will adapt and refine a large language model (LLM) for threat modeling. Next, BTH will develop an approach for ongoing quality checks of the generated threat models. After that, the results will be evaluated at Ericsson using academic best practices. In the end, the tool should be ready for integration into Ericsson´s operational environment, becoming an industrially viable product.