Taxonomy of AISecOps Threat Modeling for Cloud Based Medical Chatbots. (arXiv:2305.11189v1 [cs.DC])

Artificial Intelligence (AI) is playing a vital role in all aspects of
technology including cyber security. Application of Conversational AI like the
chatbots are also becoming very popular in the medical field to provide timely
and immediate medical assistance to patients in need. As medical chatbots deal
with a lot of sensitive information, the security of these chatbots is crucial.
To secure the confidentiality, integrity, and availability of cloud-hosted
assets like these, medical chatbots can be monitored using AISecOps (Artificial
Intelligence for Secure IT Operations). AISecOPs is an emerging field that
integrates three different but interrelated domains like the IT operation, AI,
and security as one domain, where the expertise from all these three domains
are used cohesively to secure the cyber assets. It considers cloud operations
and security in a holistic framework to collect the metrics required to assess
the security threats and train the AI models to take immediate actions. This
work is focused on applying the STRIDE threat modeling framework to model the
possible threats involved in each component of the chatbot to enable the
automatic threat detection using the AISecOps techniques. This threat modeling
framework is tailored to the medical chatbots that involves sensitive data
sharing but could also be applied for chatbots used in other sectors like the
financial services, public sector, and government sectors that are concerned
with security and compliance.