{"id":"https://openalex.org/W4416961865","doi":"https://doi.org/10.1109/pst65910.2025.11268824","title":"G-STAR: A Threat Modeling Framework for General-Purpose AI Systems","display_name":"G-STAR: A Threat Modeling Framework for General-Purpose AI Systems","publication_year":2025,"publication_date":"2025-08-26","ids":{"openalex":"https://openalex.org/W4416961865","doi":"https://doi.org/10.1109/pst65910.2025.11268824"},"language":null,"primary_location":{"id":"doi:10.1109/pst65910.2025.11268824","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268824","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5069686395","display_name":"Pulei Xiong","orcid":"https://orcid.org/0000-0002-3460-6946"},"institutions":[{"id":"https://openalex.org/I4210159778","display_name":"National Research Council Canada","ror":"https://ror.org/04mte1k06","country_code":"CA","type":"government","lineage":["https://openalex.org/I4210159778"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Pulei Xiong","raw_affiliation_strings":["Cybersecurity, Digital Technologies Research Center National Research Council Canada,Ottawa,Canada"],"affiliations":[{"raw_affiliation_string":"Cybersecurity, Digital Technologies Research Center National Research Council Canada,Ottawa,Canada","institution_ids":["https://openalex.org/I4210159778"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120582312","display_name":"Saeedeh Lohrasbi","orcid":null},"institutions":[{"id":"https://openalex.org/I4210159778","display_name":"National Research Council Canada","ror":"https://ror.org/04mte1k06","country_code":"CA","type":"government","lineage":["https://openalex.org/I4210159778"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Saeedeh Lohrasbi","raw_affiliation_strings":["Cybersecurity, Digital Technologies Research Center National Research Council Canada,Ottawa,Canada"],"affiliations":[{"raw_affiliation_string":"Cybersecurity, Digital Technologies Research Center National Research Council Canada,Ottawa,Canada","institution_ids":["https://openalex.org/I4210159778"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120750617","display_name":"Prini Kotian","orcid":null},"institutions":[{"id":"https://openalex.org/I4210159778","display_name":"National Research Council Canada","ror":"https://ror.org/04mte1k06","country_code":"CA","type":"government","lineage":["https://openalex.org/I4210159778"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Prini Kotian","raw_affiliation_strings":["Cybersecurity, Digital Technologies Research Center National Research Council Canada,Ottawa,Canada"],"affiliations":[{"raw_affiliation_string":"Cybersecurity, Digital Technologies Research Center National Research Council Canada,Ottawa,Canada","institution_ids":["https://openalex.org/I4210159778"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5020247375","display_name":"Scott Buffett","orcid":null},"institutions":[{"id":"https://openalex.org/I4210159778","display_name":"National Research Council Canada","ror":"https://ror.org/04mte1k06","country_code":"CA","type":"government","lineage":["https://openalex.org/I4210159778"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Scott Buffett","raw_affiliation_strings":["Cybersecurity, Digital Technologies Research Center National Research Council Canada,Ottawa,Canada"],"affiliations":[{"raw_affiliation_string":"Cybersecurity, Digital Technologies Research Center National Research Council Canada,Ottawa,Canada","institution_ids":["https://openalex.org/I4210159778"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5069686395"],"corresponding_institution_ids":["https://openalex.org/I4210159778"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.21318143,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"12"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.36739999055862427,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.36739999055862427,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.1356000006198883,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.1151999980211258,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5569999814033508},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.5504999756813049},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.5501000285148621},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.4219000041484833},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.39399999380111694},{"id":"https://openalex.org/keywords/taxonomy","display_name":"Taxonomy (biology)","score":0.3709000051021576}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6251000165939331},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5569999814033508},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.5504999756813049},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.5501000285148621},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.4219000041484833},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.40560001134872437},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.39399999380111694},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3833000063896179},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.38190001249313354},{"id":"https://openalex.org/C58642233","wikidata":"https://www.wikidata.org/wiki/Q8269924","display_name":"Taxonomy (biology)","level":2,"score":0.3709000051021576},{"id":"https://openalex.org/C539667460","wikidata":"https://www.wikidata.org/wiki/Q2414942","display_name":"Management science","level":1,"score":0.36340001225471497},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.3192000091075897},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.31299999356269836},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.29510000348091125},{"id":"https://openalex.org/C2780966255","wikidata":"https://www.wikidata.org/wiki/Q5474306","display_name":"Foundation (evidence)","level":2,"score":0.2874999940395355},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.26910001039505005}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/pst65910.2025.11268824","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268824","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W2110086534","https://openalex.org/W2799194071","https://openalex.org/W2973049979","https://openalex.org/W2998702515","https://openalex.org/W3010336026","https://openalex.org/W3098267758","https://openalex.org/W3157651462","https://openalex.org/W3158360872","https://openalex.org/W3170572542","https://openalex.org/W4211223593","https://openalex.org/W4224215750","https://openalex.org/W4289792856","https://openalex.org/W4311887664","https://openalex.org/W4388623722","https://openalex.org/W4388886073","https://openalex.org/W4389518968","https://openalex.org/W4389519352","https://openalex.org/W4391129224","https://openalex.org/W4391377904","https://openalex.org/W4393147158","https://openalex.org/W4400315206","https://openalex.org/W4401043416","https://openalex.org/W4401691715","https://openalex.org/W4403007658","https://openalex.org/W4405181600","https://openalex.org/W4409166754","https://openalex.org/W4413146712","https://openalex.org/W4416037274"],"related_works":[],"abstract_inverted_index":{"This":[0,152],"research":[1,110],"presents":[2],"the":[3,12,109,117,133,145],"preliminary":[4],"findings":[5],"of":[6,14,27,34,58,166],"an":[7],"ongoing":[8],"project":[9],"focused":[10],"on":[11,131],"security":[13,35,106,158],"General-Purpose":[15],"AI":[16,157],"(GPAI)":[17],"applications.":[18],"We":[19],"introduce":[20],"three":[21],"key":[22,73],"contributions:":[23],"(i)":[24],"a":[25,31,44,51,55,65,83,121],"taxonomy":[26],"GPAI-specific":[28],"vulnerabilities,":[29],"offering":[30],"structured":[32,84],"classification":[33],"risks":[36],"unique":[37],"to":[38,155],"GPAI":[39,46,79,102,150,167],"models":[40],"and":[41,62,75,81,88,97,141,143,164],"applications;":[42],"(ii)":[43],"generalized":[45,134],"application":[47],"architecture,":[48,135],"serving":[49],"as":[50],"meta-model":[52],"for":[53,86,124],"analyzing":[54],"wide":[56],"range":[57],"real-world":[59,149],"use":[60],"cases;":[61],"(iii)":[63],"G-STAR,":[64],"novel":[66],"threat":[67],"modeling":[68],"reference":[69],"framework":[70,147],"that":[71],"identifies":[72],"entities":[74],"their":[76],"interrelationships":[77],"in":[78,101,113,139,148,160],"ecosystems,":[80],"provides":[82],"methodology":[85],"assessing":[87],"mitigating":[89],"potential":[90],"threats.":[91],"Our":[92],"study":[93],"addresses":[94],"both":[95],"data":[96],"model":[98],"vulnerabilities":[99],"inherent":[100],"systems,":[103],"highlighting":[104],"critical":[105],"challenges.":[107],"While":[108],"is":[111],"still":[112],"its":[114],"early":[115],"stages,":[116],"initial":[118],"results":[119],"provide":[120],"valuable":[122],"foundation":[123],"continued":[125],"investigation.":[126],"Future":[127],"work":[128,153],"will":[129],"focus":[130],"enhancing":[132],"exploring":[136],"mitigation":[137],"strategies":[138],"depth,":[140],"applying":[142],"refining":[144],"G-STAR":[146],"scenarios.":[151],"aims":[154],"support":[156],"practitioners":[159],"promoting":[161],"secure":[162],"development":[163],"deployment":[165],"systems":[168],"across":[169],"diverse":[170],"domains.":[171]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-12-03T00:00:00"}