Accelerate your threat modeling with GenAI
This blog explores using Amazon Bedrock to automatically analyse threats of your applications, with proposed remediations to accelerate your application threat modeling process.
Jerry Chen
Amazon Employee
Published Oct 14, 2024
For those audiences who want to implement the solution right away to experiment automatic threat modeling baseline, visit this Github repo: https://github.com/build-on-aws/threat-model-accelerator-with-genai
Here's a quick video to show the Web App implementation process, and how does the GUI look like:
I’ve been working with AWS customers to build and run applications with Well-Architected security best practices for the past 5 years. One thing I found customers normally missed (or started to think about when things go wrong) is threat modeling. There might be various reasons for this, including other business requirements taking priority, lacking expertise to conduct the threat modeling, or simply being not aware of its criticality. All these factors lead to a suboptimal security design for your applications, introducing risks to your business.
This blog proposes a solution for your application teams to accelerate threat modeling by using Generative AI backed by Amazon Bedrock. The idea is NOT to position the solution as one-stop shop for your threat modeling exercise, but to use it as a starting point to quickly give you a baseline of your application risk posture. It will also presents you relevant remediations to enforce security controls and guardrails for your applications.
Before we dive into the solution, let’s take a step back to understand why threat modeling is important.
Threat modeling is a structured approach that aims to identify, analyse and mitigate potential threats associated with vulnerabilities of your application.
Here are some key reasons why threat modeling is crucial:
- Risk identification: It lets you spot risks before they become real problems. You can't fix what you can't see, so threat modeling gives you that visibility.
- Prioritization of security efforts: With limited resources, it helps you prioritize the biggest threats first. You can't boil the ocean, so focus on the vital areas.
- Secure system design: Baking security in from the start is way easier than trying to bolt it on later. Threat modeling guides secure design principles.
- Compliance and regulatory requirements: Many industries require threat modeling to prove you're taking security seriously.
- Continuous improvement: Threats keep evolving, so your defences need to evolve too. Regularly revisiting threat models keeps you ahead of the curve.
- Incident response and risk management: In case a breach happens, good threat models provide a baseline for containment and recovery. They're invaluable for incident response.
Essentially building a comprehensive threat modeling requires a lot of security knowledge and domain expertise to understand the business functions of your application, relevant stakeholders, data workflow between your users and various tiers of your applications, etc. Hence it might go beyond the current generative AI capability for building an end-to-end threat modeling process.
However, this shouldn’t stop you exploring the potentials of using GenAI to analyse template files that describe the structure of your applications, and generate a baseline of the application threat models in minutes (or even seconds) rather than hours. With an automatically generated threat analysis baseline, it becomes much more easier to iterate towards a comprehensive threat model for your applications. Based on my experiments, the following strength of generative AI makes it a good fit to accelerate threat modeling exercise:
- Strong analysis capability on text based file: In this solution, we are not starting from scratch but to use existing template files (e.g. json or yaml files of CloudFormation, Terraform templates, or even OpenAPI template files) that describe the application architecture and relevant security settings (e.g. security groups of EC2, IAM permission definitions, ...). This aligns with GenAI’s native strength backed by large language models.
- Automatic threats discovery: GenAI is capable to identify common security threat patterns from the application template files, which accelerates threat discovery, as well as remediation recommendations. With Amazon Bedrock, you can receive an automatically generated threat model in seconds once you’ve set up this solution.
- Customization with your data: You are able to customize the system prompt of the solution, or even consider to build additional RAG (Retrival-Augmented Generation) based on the solution to utilise existing threat modeling documentations within your organization to allow GenAI to generate a more precise and relevant threat models for your applications.
There are various ways to adopt GenAI capability in your threat modeling exercise. In this solution, I took a simple but user friendly approach to use Streamlit to build a web app for threat modeling visualization. Following is the architecture view:
Steps:
- [1] User launches the Streamlit web app
- [2] User uploads an application template file to the web app
- [3] Web app interacts with Amazon Bedrock to automatically generate a threat model based on the application template
- [4] Web App presents a stats of the threat model that aligns with the STRIDE model, with relevant remediations to mitigate those threats. User can also download the threat model data into a json file.
Interested to get your hands dirty to implement this solution? You can refer to the following Github repository:
https://github.com/build-on-aws/threat-model-accelerator-with-genai
https://github.com/build-on-aws/threat-model-accelerator-with-genai
You can also follow this video to set up the Streamlit webapp on your laptop:
Note:
You need to use the AWS API access keys (e.g. ‘aws_access_key_id’ and ‘aws_secret_access_key’) from an IAM user with sufficient permissions to interact with Amazon Bedrock service. (You will also need ‘aws_session_token’ if you are using an IAM role rather than an IAM user).
You need to use the AWS API access keys (e.g. ‘aws_access_key_id’ and ‘aws_secret_access_key’) from an IAM user with sufficient permissions to interact with Amazon Bedrock service. (You will also need ‘aws_session_token’ if you are using an IAM role rather than an IAM user).
In this blog, we’ve walked you through how to leverage GenAI powered by Amazon Bedrock, which can accelerate threat modeling process by automatically analyzing your application templates, and generating a threat model baseline with proposed remediations.
This solution provides a starting point for your team to iterate on and build a comprehensive threat model efficiently. By harnessing the power of generative AI, you can streamline your threat modeling efforts, prioritize security efforts, and stay ahead of evolving threats, ultimately enhancing the overall security posture of your applications.
If you want to know more about threat modeling best practices, refer to AWS blog: How to approach threat modeling, as well as threat composer, which is a visualization tool to help you build comprehensive threat models.
Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.