Cybersecurity Threat Modeling for Machine Learning Systems: An Asset-centric Approach with Trust Boundaries and Ownership Roles
Keywords:
Asset management, Cybersecurity frameworks, ISO 27001, ML security, Open Worldwide Application Security Project (OWASP), Threat modeling, Trust boundariesAbstract
Cybersecurity systems increasingly integrate machine learning (ML) models, yet threat modeling practices lag in addressing ML-specific vulnerabilities and operational complexities. This study proposes a comprehensive, standardized framework for documenting cybersecurity assets with essential fields reflecting trust boundaries and ownership responsibilities. The framework facilitates rigorous threat identification, supports cloud adoption, and enhances accountability through dual roles of owners and custodians. An implementation on an ML-powered intrusion detection prototype demonstrated a 35% reduction in threat identification time and a 33% improvement in security coverage compared to baseline documentation. Our findings indicate practicality and scalability for both academic research and industry applications, advancing the state-of-the-art in ML cybersecurity governance.
