大模型供應(yīng)鏈安全要求 Large Language Model Security Requirements for Supply Chain

WorldDigitalTechnologyAcademy(WDTA)

LargeLanguageModelSecurityRequirementsforSupplyChain

WorldDigitalTechnologyAcademyStandard

WDTAAI-STR-03

Edition:2024-09

2

?WDTA2024-Allrightsreserved.

TheWorldDigitalTechnologyStandardWDTAAI-STR-03isdesignatedasaWDTAnorm.ThisdocumentisthepropertyoftheWorldDigitalTechnologyAcademy(WDTA)andisprotectedbyinternationalcopyrightlaws.Anyuseofthisdocument,includingreproduction,modification,distribution,orre-publication,withoutthepriorwrittenpermissionofWDTA,isprohibited.WDTAisnotliableforanyerrorsoromissionsinthisdocument.

DiscovermoreWDTAstandardsandrelatedpublicationsa

t

/.

VersionHistory*

StandardIDVersionDateChanges

WDTAAI-STR-031.02024-09InitialRelease

3

Foreword

Asthedigitalageadvances,theintegrationofartificialintelligence,particularlylargelanguagemodels(LLMs),hasbecomeacornerstoneofmoderntechnologicalecosystems.Thesemodelsarenowpivotalinshapingindustries,drivinginnovation,andtransformingthewayweinteractwithtechnology.However,withthisrapidintegrationcomesanarrayofsecuritychallengesthatmustbeaddressedtoensurethesepowerfultools'safeandresponsibledeployment.

TheWorldDigitalTechnologyAcademy(WDTA)haslongbeenattheforefrontofsettingglobalstandardsfordigitaltechnologyandinnovation.Ourcommitmenttofosteringasecureandinclusivedigitalworldisreflectedintherigorousdevelopmentofstandardsthatguidethedeploymentandmanagementofcutting-edgetechnologies.TheAISTR(Security,Trust,Responsibility)series,towhichthisdocumentbelongs,isacollectionofstandardsdesignedtoensurethatAItechnologiesareinnovative,secure,trustworthy,andethicallymanaged.ThesestandardsprovidecomprehensiveframeworksforaddressingthecomplexchallengesassociatedwithAIdeployment,focusingoncriticalaspectslikesafety,integrity,andresponsibleuse.

AstheWDTAAI-STR-03standard,the"LargeLanguageModelSecurityRequirementsforSupplyChain"outlinescomprehensivemeasuresformanagingsecurityrisksacrossthesupplychainoflargelanguagemodels.Thisstandardcoverstheentirelifecycleofthesemodels,fromdevelopmentthroughdeployment,ensuringthateachphaseisrigorouslyscrutinizedforpotentialvulnerabilities.Byadheringtotheseguidelines,organizationscaneffectivelyprotecttheirAI-drivenoperationsfromemergingthreatsandcontributetoamoresecuredigitalecosystem.

Weextendourgratitudetotheexpertsandcontributorswhohaveworkeddiligentlytodevelopthisstandard.TheirexpertiseandcommitmenttoexcellenceensurethatWDTAcontinuestobealeaderinsettingthebenchmarkfordigitalsecurity.WeencourageallstakeholdersintheAIsupplychaintoadopttheseguidelines,helpingtobuildafuturewheretechnologicaladvancementgoeshandinhandwithsecurityandethicalresponsibility.

ExecutiveChairmanofWDTA

4

Acknowledgments

Co-ChairofWDTAAISTRWorkingGroup

KenHuang(CSAGCR)

JosiahBurke(Anthorphic)

LeadAuthors

JiashuiWang(AntGroup)

WeiqiangWang(AntGroup)LongLiu(AntGroup)

YuhaoJiang(AntGroup)KenHuang(CSAGCR)

AnyuWang(CSAGCR)

ZhengSong(AntGroup)

JiaweiTang(AntGroup)

YinWang(AntGroup)

ZhihuiJiang(AntGroup)LiangZheng(AntGroup)CongZhu(AntGroup)QingLuo(AntGroup)

ShiwenCui(AntGroup)

MiaoChen(ZhongguancunLaboratory)TianyuCui(ZhongguancunLaboratory)

Reviewers

LarsRuddigkeit(Microsoft)AshutoshChadha(Microsoft)AntonChuvakin(Google)

ApostolVassilev(NIST)

DongchenMa(TencentCloud)

5

ChenfuBao(Baidu)

FengLuo(ShenzhenNationalFinancialTechnologyTestingCenter)HaoshuoWang(ChinaMobileCloudCentre)

MelanXU(WorldDigitalTechnologyAcademy)TalShapira(RecoAI)

Dr.CariMiller(CenterforInclusiveChange)GovindarajPalanisamy(GlobalPaymentsInc.)Krystal(A)Jackson(FrontierModelForum)

SwapnilModak(Meta)

HeatherFrase(verAItech)

VishwasManral(PrecizeInc)PatriciaThaine(PrivateAI)

LimingZhang(Comcast)

VaibhavMalik(Cloudflare)

AshaHemrajani(NanyangTechnologicalUniversity)RonF.DelRosario(SAPISBN)

MadhaviNajana(FederalHomeLoanBankofCincinnati)GauravPuri(META)

BhuvaneswariSelvadurai(NorthwesternMutual)DanStocker(Coalfire)

MatteoMeucci(IMQMINDEDSECURITY)QiangZhang(Coalfire)

Joshuaanaguiar(Cohere)DaemonBehr(Nutanix)

6

TableofContents

1Scope 8

2NormativeReferences 8

3TermsandDefinitions 10

3.1ArtificialIntelligence 10

3.2LargeLanguageModel 10

3.3Supplier 10

3.4Softwaresupplychain 10

3.5Opensourcecommunity 11

3.6Third-partycomponent 11

3.7MachineLearningPlatform 11

3.8LargeLanguageModelInferenceFramework 11

3.9LargeLanguageModelApplicationFramework 11

3.10DistributedComputingFramework 11

3.11MachineLearningBillofMaterials 11

4OverviewofSupplyChainSecurityProtectionforLLMs 12

4.1SupplyChainSecurityforLLMs 12

4.2ObjectivesofSupplyChainSecurityManagementforLLMs 12

5SupplyChainSecurityManagementforLLMs 14

5.1RegulationManagement 14

5.2OrganizationandPersonnelManagement 14

5.3SupplierManagement 15

6SupplyChainSecurityRequirementsforLLMs 15

6.1NetworkLayer 15

6.2SystemLayerSecurityRequirements 16

6.2.1OperatingSystemSecurityRequirements 16

6.2.2SystemSoftwareSecurityRequirements 16

6.2.3RuntimeEnvironmentSecurityRequirements 17

6.3PlatformandApplicationLayerSecurityRequirements 17

6.3.1GeneralSecurityRequirementsforComponents 17

6.3.2MachineLearningPlatformandModelInferenceFrameworkSecurity

Requirements 18

6.3.3ModelApplicationFrameworkSecurityRequirements 18

7

6.3.4SecurityRequirementsforDistributedComputingFrameworks 19

6.4ModelLayerSecurityRequirements 19

6.4.1ModelAcquisitionSecurityRequirements 19

6.4.2ModelDeploymentandManagementSecurityRequirements 20

6.4.3ModelComplianceSecurityRequirements 20

6.5DataLayerSecurityRequirements 21

6.5.1DataSecurityRequirements 21

6.5.2DataComplianceSecurityRequirements 21

6.5.3DataMonitoringandManagement 22

7Summary 23

8

1Scope

Thisdocumentpresentstheframeworkofsupplychainsecurityprotectionforlargelanguagemodels(LLMs),proposesrequirementsformanagingsupplychainsecurityrisksandsupplyactivitiesinvolvedinthedevelopment,operation,andmaintenance(O&M)ofLLMs,andprovidesrelevantinformationsuchascommonsupplychainsecurityrisksandtypicalsecuritycases.

Thisdocumentcanguidesuppliersandconsumersinthesupplychainincarryingoutsecurityriskassessmentandmanagingsupplyactivities.Itcanalsoserveasafoundationforthird-partyorganizationsconductingsupplychainsecuritytestsandassessmentsforregulatoryauthorities.

2NormativeReferences

Thefollowingdocumentsconstituteessentialprovisionsofthisdocumentthroughnormativereferencesinthetext.Fordatedreferencedocuments,onlytheversioncorrespondingtothedateappliestothisdocument;forundatedreferencedocuments,thelatestversion(includingallamendments)appliestothisdocument.

ISO28001

Securitymanagementsystemsforthesupplychain-Bestpracticesforimplementingsupplychainsecurity,assessmentsandplans-Requirementsandguidance

ISO/IEC27036-2

Informationtechnology-Securitytechniques-Informationsecurityforsupplierrelationships-Part2:Requirement

ISO/IEC27036-3

Informationtechnology-Securitytechniques-Informationsecurityforsupplierrelationships-Part3:Guidelinesforinformationandcommunicationtechnologysupplychainsecurity

9

NIST800-161

SupplyChainRiskManagementPracticesforFederal

InformationSystemsandOrganizations

NISTAIRMF1.0

ArtificialIntelligenceRiskManagementFramework

ISO42001/IEC

ISO/IEC42001isaninternationalstandardthatspecifiesrequirementsforestablishing,implementing,maintaining,andcontinuallyimprovinganArtificialIntelligenceManagementSystem(AIMS)withinorganizations.ItisdesignedforentitiesprovidingorutilizingAI-basedproductsorservices,ensuringresponsibledevelopmentanduseofAIsystems.

ISO/IEC5338

Informationtechnology—Artificialintelligence—AIsystemlifecycleprocesses.

ItisaninternationalstandardthatdefinesasetofprocessesandassociatedconceptsfordescribingthelifecycleofAIsystems.ThisstandardisparticularlyfocusedonAIsystemsbasedonmachinelearningandheuristicmethods.

ItbuildsonexistingstandardslikeISO/IEC/IEEE15288andISO/IEC/IEEE12207,incorporatingAI-specificprocessesfromISO/IEC22989andISO/IEC230531.Thegoalistoprovideacomprehensiveframeworkforthedefinition,control,management,execution,andimprovementofAIsystemsthroughouttheirlifecycle.

GB/T36637-2018

Informationsecuritytechnology-Guidelinesfortheinformationandcommunicationtechnologysupplychainriskmanagement

GB/T43698-2024

Cybersecuritytechnology-Securityrequirementsforsoftwaresupplychain

10

GB/T24420-2009

Supplychainriskmanagementguideline

GB/T32921-2016

Informationsecuritytechnology-Securitycriteriononsupplierconductofinformationtechnologyproducts

3TermsandDefinitions

Thefollowingtermsanddefinitionsapplytothisdocument.

3.1ArtificialIntelligence

Artificialintelligence(AI)isamultifacetedfieldwithincomputersciencefocusedoncreatingsystemsthatcanperformtaskstypicallyrequiringhumanintelligence.AnAIsystemisamachine-basedsystemthat,forexplicitorimplicitobjectives,infers,fromtheinputitreceives,howtogenerateoutputssuchaspredictions,content,recommendations,ordecisionsthatcaninfluencephysicalorvirtualenvironments.DifferentAIsystemsvaryintheirlevelsofautonomyandadaptivenessafterdeployment.

3.2LargeLanguageModel

Large-scale,pre-trainedandfine-tunedAImodelsthatcanunderstandinstructionsandgenerateoutputsacrossmultiplemodalities,includingbutnotlimitedtohumanlanguages,programcodes,images,andaudio,basedonlargeamountsofdata.

3.3Supplier

Anorganizationorindividualdevelops,produces,augments,adapts,finetunes,provides,and/ordeployssoftwareproductsorservices.

3.4Softwaresupplychain

Anetworkchainsystemthatdeliverssoftwareproductsorservicesfromsupplierstoconsumersthroughresourcesandprocessesbasedontherelationship.

11

3.5Opensourcecommunity

Anorganizationandoperationmodefordevelopingandmaintainingopen-sourcecode.

3.6Third-partycomponent

Independentorcallablesoftwarecomponentsdevelopedbysoftwaredevelopmentorganizationsorpersonnelotherthansuppliersandconsumersusuallyconsistofbinaryorsourcecodeprogramfiles.

3.7MachineLearningPlatform

Anintegratedenvironmentthatprovidessupportandtoolsfordeveloping,training,anddeployingmachinelearningmodels.

3.8LargeLanguageModelInferenceFramework

Anintegratedenvironmentdedicatedtodeploymentandtheperformanceofmodelinference.

3.9LargeLanguageModelApplicationFramework

ApplicationdevelopmentframeworkbasedonLLMs.

3.10DistributedComputingFramework

Aframeworkforprocessinglargeamountsofdatainparallelonmultiplecomputers.

3.11MachineLearningBillofMaterials

Alistofstandardizedmodelcards,models,datasets,datacards,systemcards,andothermaterialsinvolvedinbuildinganLLMmodel.

12

4OverviewofSupplyChainSecurityProtectionforLLMs

Themainobjectiveofthisdocumentistoidentify,evaluate,andmanagethesupplychainsecurityrisksintheLLMsystemlifecycle.LLMsmaybeusedinservices,operatedinwholeorinpartbythirdparties,orasproducts,receivedfromthirdparties,butnotoperatedbythem.

4.1SupplyChainSecurityforLLMs

Thesupplychainusuallycoverstheprocurement,development,integration,andotherphasesofsoftwareandhardwareproducts.Itinvolvesproducers,suppliers,systemintegrators,serviceproviders,otherentities,andsoftenvironmentssuchastechnology,law,andstrategy.Unliketraditionalsupplychains,theLLMsupplychaincoverstheentirelifecycleoftheLLM,includingmodelandtrainingdataacquisition,trainingdatapreparation,modeltraining,fine-tuning,deployment,operationsandmaintenance(O&M),andotherstages.

SupplychainsecuritymanagementforLLMsinvolvestwotypesofsecurityrequirements.Oneisgeneralsecurityrequirementsthroughoutthelifecycle,calledSupplyChainSecurityManagementforLLMs,suchasrequirementsforprocedures,organizations,personnel,andinformationsystemsrelatedtosupplychainsecuritymanagement.TheotherissecurityrequirementsrelatedtothesystemstructureofLLMs,calledsupplychainsecurityrequirementsforLLMs,whichincluderequirementsforthenetworklayer,systemlayer,platformandapplicationlayer,modellayer,anddatalayer.

4.2ObjectivesofSupplyChainSecurityManagementforLLMs

a)Integrity:Ensurethattheproductanditssystems,components,frameworks,models,data,andusedtoolsareprotectedagainstimplantation,tampering,orunauthorizedreplacementthroughouttheentirelifecycleofLLMproducts.Thisinvolvestheimplementationofrigorouscontrolsandcontinuousmonitoringateverystageofthesupplychain.Including,addressingcommonvulnerabilitiesinmiddlewaresecuritytopreventunauthorizedaccess,safeguardingagainsttheriskofpoisoningtrainingdatausedbyengineers,andenforcingazero-trustarchitecturetomitigateinternalthreats.Bymaintainingtheintegrityofeverystage,fromdata

13

acquisitiontosupplierdeployment,consumersusingLLMscanensurethattheLLMproductsremainsecureandtrustworthy.

b)Availability:Ensurethesupplychain'savailabilityforconsumers.Suppliersmustsupplymaterialsbyagreementsconcludedandsignedwithconsumerswithoutinterruptionbyhumanornaturalfactors.Additionally,theyshouldensurethatthesupplycanbepredictablyrecoveredtoanacceptablestateundercertainconditionsifitweretopartiallyfail.

c)Confidentiality:Ensurethatinformationtransmittedalongthesupplychainisnotdisclosedtounauthorizedpersons,includinginformationabouttheconsumersthemselves.

d)Controllability:Guaranteeconsumers'meaningfulcontroloverthesupplychain.Ensureconsumershaveanunderstandingofinformationinallphasesofthesupplychain,transparencyandcredibilityofsuppliers/serviceprovidersatalllevels,managementofdataflow,andtraceabilityofthesupplychain.

e)Reliability:Ensurethesecurity,highavailability,andDisastertoleranceofLLMproductsandrelevantsystems,components,frameworks,models,anddata.

f)Visibility:Ensuresupplychainsteps,changes,updates,anddeletionswitheverystepofthechangearetrackable,haveclearownership,andcanbetracedbackasneeded.Forexample,ifamodelisupdatedwithnewtrainingdata,thetrainingdataandthemodelbeforeandafterthetrainingshouldbedocumentedandtraceable.

14

5SupplyChainSecurityManagementforLLMs

5.1RegulationManagement

a)Formulatesupplychainsecuritymanagementpoliciesandprocedures,includingbutnotlimitedtoriskmanagementregulations,processes,andmechanismsforsoftwaresupplyphasessuchasprocurement,delivery,andO&M.

b)Formulateregulationsforcontinuousriskmonitoring,riskassessment,andincidentresponseforthesoftwaresupplychain.Theseregulationscancontainemergencyresponseprocedures,operationhaltingprocedures,systemrecoveryprocedures,timelynoticestobackwardandforwardsupplychainmembers,andothercontent.

c)Conductsupplychainriskassessmentsregularly,formulateplans,andtakemeasurestoeliminateorreducerisks.TheseassessmentsshouldcoverallstagesoftheLLMsupplychain,identifyingpotentialvulnerabilitieslikethird-partyrisksordataintegrityissues.Usetheresultstodeveloptargetedmitigationstrategiesandupdatesecuritypolicies,ensuringcontinuousprotectionagainstemergingthreats.

d)EstablishgovernanceframeworksforLLMdevelopmentthatenforcecompliancewithsecuritystandardsandindustrybestpracticesthroughoutthesupplychain.

5.2OrganizationandPersonnelManagement

a)Proposesecurityrequirementsforsupplychainsecuritymanagementpersonnel,includingbutnotlimitedtoadministrators,architecturalengineers,AIengineers,DataScientists,ordinaryemployees,andthird-partypersonnel.

b)Formulatesecuritytrainingplansandcarryoutregularsupplychainsecuritytraining.Thetrainingshouldinclude,withoutbeinglimitedto,softwareassetidentificationandanalysis,integrityguarantee,guardrails,andsoftwarevulnerabilityandbackdooranalysis.

c)Conductsecurityawarenessandskilltrainingforallinternalemployeeswithadditionalspecializedtrainingforthoseinvolvedinsupplychainandsecuritymanagementsuchas

15

procurement,informationsystemdevelopmentandmanagement,andproductO&Mbasedoncorrespondingsecurityrequirements.

5.3SupplierManagement

a)Developsupplierselectionstrategiesandregulationsandconductsecurityassessmentsofsuppliersforself-developedsoftware,customizedsoftware,off-the-shelfsoftware,anddifferentaspectsofothersoftwareaswell,includingbutnotlimitedtothebackground,capability,qualification,andcontinuousandsecureprovisionofproductsorservices.MaintainaninventoryofallAIsolutionsandassets,includingbutnotlimitedtoAIsourcesuppliers,supplychainmembers,modeltypes,internalowners,lastsecurityreviews,etc.

b)Suppliersmustensureandattesttotheauthenticity,accuracy,andintegrityoftheinformationtransmittedalongthesoftwaresupplychainandtakemeasurestoavoidtamperingandleakage.

c)Requiresupplierstocooperateinsecuritymonitoringandinspectionofthesoftwaresupplychain,includingthroughperiodicoron-demandindependentaudits.

6SupplyChainSecurityRequirementsforLLMs

6.1NetworkLayer

a)Segmentnetworkstoisolatecriticaldataandsystemsfromexternalandinternalnetworks:Implementnetworksegmentationtoreduceattacksurfaces,ensuringthatsensitiveinformationisinaccessiblefromunauthorizednetworkzones/unauthorizedresources,aligningwiththeZeroTrustprincipleofleastprivilege.

b)Enforcesecureencryptionforallnetworkcommunications:Applyrobustencryptionprotocolsfordataintransittomaintainconfidentialityandintegrity,ensuringnocommunicationistrustedbydefault,evenwithininternalnetworks.

c)Implementstrictaccesscontrolswithcontinuousmonitoring:Deploysecurityaccesscontrolsthatenforcetheleastprivilegeforaccessingcriticalinformationandservices,with

16

continuousloggingandmonitoringofaccesseventstodetectandrespondtopotentialthreatsinrealtime.

d)Continuouslymonitorandanalyzenetworktrafficforanomalies:Utilizeadvancedmonitoringsolutionstoscrutinizenetworkactivitiescontinuously,swiftlyidentifyingandmitigatingabnormalbehaviorspertheMITREATT&CKandAtlasframework.

e)Regularlyauditandmaintainnetworksecurityconfigurations:Conductcontinuoussecurityauditsandproactivemaintenanceonnetworkdevicessuchasrouters,switches,andfirewalls,ensuringthatpatchesandupdatesarepromptlyappliedtomitigatevulnerabilities,inlinewithZeroTrust'semphasisonongoingsecuritypostureassessment.

6.2SystemLayerSecurityRequirements

ThesystemlayermainlytargetsthesupplychainsecurityrequirementsfortheunderlyingLLMoperatingsystem,systemsoftware,andruntimeenvironment.

6.2.1OperatingSystemSecurityRequirements

a)Updatetheoperatingsystemregularlyandinstallsecuritypatchespromptlytopreventsystemsecurityvulnerabilityattacks.

b)Establishasystemupdatemechanismandverificationprocesstoensurethatsecuritypatchesareinstalledpromptlyandaccurately.

c)Implementaccesscontrolmeasurestomanagetheaccessofusersandprogramstooperatingsystemfunctions,includingbutnotlimitedtouserauthentication,authorization,andauditing.

d)Establishoperatingsystemsecuritymonitoringandprotectioncapabilitiestomonitorandpreventsuspiciousactivitiesorsecurityincidentsontime.

6.2.2SystemSoftwareSecurityRequirements

a)Installsystemsoftwarefromtrustedsourcesandverifyitsintegrityandauthenticity.

b)Updatesystemsoftwareregularlyandinstallsecuritypatchesintimetopreventsecurityvulnerabilityattacks.

17

c)Digitalsignaturetechnologyshouldbeusedtoverifysoftwaresecurity.

d)Configuresystemsoftwareaccordingtosecuritybestpracticestoavoidsecurityrisksfromdefaultconfigurations.

e)Regularauditsandcompliancechecksofdevicesecurityconfigurationareconducted.

6.2.3RuntimeEnvironmentSecurityRequirements

a)Usevirtualizationorcontainertechnologytocreateasecure,independent,andisolatedoperatingenvironmentforeachapplicationtoreducepossiblesecurityrisksandimpact.

b)Deploycomprehensivemonitoringandanomalydetectionsystems,includingbutnotlimitedtoresourceusage,performancemetrics,andsecurityevents.

c)Recordallcriticalruntimeactivitylogsandconductregularauditstopreventunauthorizedaccessandtampering.

d)Audittheruntimeenvironmentregularlytoidentifyandfixsecurityconfigurationerrorspromptly.

e)Theprocessingandstorageofsensitivedatashallbeconductedinatrustedcomputingenvironment.

6.3PlatformandApplicationLayerSecurityRequirements

Theplatformandapplicationlayerincludesmachinelearningframeworksandotherthird-partycomponentsandisthecriticalsupportenvironmentforoperatinglargelanguagemodels.

6.3.1GeneralSecurityRequirementsforComponents

a)Managethird-partycomponentsstrictlyintermsoftheirsourceandversiontoensuretimelyupdatesandpropersecurity.

b)Conductregularsecuritychecksonthird-partycomponentsandupgradethempromptlytothelatestsecureversions.

18

c)Ensureimportedthird-partycomponentsundergosecurityreviews,includingcodeauditsanddependencyanalysis,topreventtheintroductionofcomponentswithsecurityrisks.

d)Performfileparsinginasandboxorsimilarlyisolatedenvironmenttopreventsecurityrisksfrompotentialmemorycorruptionvulnerabilitiesintextparsingcomponents.

e)Necessarylicensesandauthorizationsshouldbeobtainedbeforeusingthird-partycomponents.Ensurethatthecomponentsareusedlegallyandincompliancewithallrelevant

copyrightandusageagreements.

f)Establishandmaintainasoftwarebillofmaterialsregularly.

6.3.2MachineLearningPlatformandModelInferenceFrameworkSecurityRequirements

Modelinferenceframeworksneedtobeusedduringmodeldeploymentandruntime.Atthisstage,themodelshallbeconsideredasanexecutableprogramandattentionshallbepaidtocodeexecutionrisksduringmodelinference.

a)Conductsecurityanalysisandchecksonthemodelfilesbeforerunningthemodel.

b)Continuouslyvalidatemodelintegrityofaninferencingmodel.Anyauto-updatestomodelartifactsneedtobetracked.Implementatleastthetwo-personintegrityruletoanymodelartifactupdatestopreventunauthorizedactions.

c)Whenusingthird-partymodels,carefullyenableparametersthattrustremotecode,suchas'trust_remote_code'intransformerslibrary,toreducetheriskofmaliciouscodeexecution.

d)Usetrustedmodelfilestoavoidsecurityrisksarisingfromtheexecutionofmaliciouscode.

6.3.3ModelApplicationFrameworkSecurityRequirements

a)KeysforinvokingLLMinterfacesshallnotbestoredincode.

b)UseguardrailsandotherdetectivecontrolsinLLMapplicationstoimprovesteerabilityandreduceriskssuchaspromptinjection.

19

c)Whenusingcodeinterpretersorothercodeexecutiontools,employsecureisolationtechniquessuchascontainersorsandboxes.

d)Filepathchecksshouldbeperformedtopreventpathtraversalvulnerabilitieswhenusingfileprocessingtools.

e)Accesscontrolmeasuresshouldbetakentopreventunauthorizedoperationswhenusingdatabaseprocessingtools.

6.3.4SecurityRequirementsforDistributedComputingFrameworks

Theprimaryriskfordistributedcomputingframeworkscomesfromtheneedforpermissionchecksbetweenrootnodesandchildnodesinmanydistributedframeworks,allowingdevicesonthesamenetworktoconnectdirectlytonodesandsendcommands.

a)Establishnetworkisolationtopreventpotentialexternalattackersfromaccessingdistributedcomputingnodes.Usesfirewallsandintrusiondetectionsystemstomonitorandcontroltrafficfromchildnodes.Decryptdatareceivedfromtherootnodeandencryptanydatasentbacktotherootnode.

b)Employanauthorityverificationmechanismbetweentherootandchildnodestopreventmaliciousnodeconnectionsorcommandexecution.Userole-basedaccesscontroltoensurethatonlyauthorizedchildnodescancommunicatewiththerootnode.

c.)RootNodesensurethattheentiredistributedframeworkadherestocybersecuritystandardssuchasNIST,CIS,ISO,andothers.Childnodescomplywiththerootnode’ssecuritypoliciesandstandards.

6.4ModelLayerSecurityRequirements

6.4.1ModelAcquisitionSecurityRequirements

a)Obtainmodelfilesfromtrustedthirdpartiesandauthorizedmodelrepositories.

b)Conductintegritychecksonmodelfilesobtainedfromthirdpartiestoensuretheyhavenotbeentamperedwithduringstorageandtransmission.

20

c)Performsecuritychecks,includingpicklescanning,onmodelfilesobtainedfromthirdparties,topreventtheexecutionofmaliciouscodeorothersecurityrisks.

6.4.2ModelDeploymentandManagementSecurityRequirements

a)Deploytoolsto