A Proposal of a Supply Chain Security Model for Generative AI

A Proposal of a Supply Chain Security Model for Generative AI

연구 분야: Verification

학회: International Conference on Information Security Applications

As technology continues to evolve and integrate into every aspect of our lives, effective technology management is becoming increasingly critical. Among the latest significant topics in this field is supply chain security management. The growing complexity of technology and the expansion of open-source platforms, cloud services, and other technologies have amplified the roles and authorizations of various third parties involved in the technology supply chain. This has led to a rise in supply chain attacks leveraging these third parties, as such attacks are relatively accessible for attackers and highly efficient; a single successful attack can compromise similar systems. Generative AI systems are particularly vulnerable to supply chain attacks due to their complex and interconnected nature. These systems comprise various elements such as data, models, and infrastructure that continuously evolve, forming a dynamic system ecosystem. As a result, compromising even a minor component of the generative AI system ecosystem can jeopardize the entire system. In this paper, we emphasize the importance of supply chain security for generative AI. We define supply chain security for generative AI through an analysis of the structure of these systems and propose a security model for managing supply chain security. This model is based on a comprehensive examination of major security standards and guidelines related to generative AI. We conceptualize generative AI supply chain security as the implementation of strategies, processes, and controls to secure the entire lifecycle of a generative AI system—from source, design, and development to deployment and maintenance. Our aim is to protect data preprocessing, source code, learning algorithms, third-party libraries, and related components such as prompts and infrastructure from potential vulnerabilities, threats, and attacks. This includes securing the AI system development process, ensuring the reliability of service providers, and implementing continuous surveillance and vulnerability management techniques, and more.