Agent-Wiz icon indicating copy to clipboard operation
Agent-Wiz copied to clipboard
Published 1 month ago verified publisher icon Repello-AI

FEAT: Add STRIDE based threat modeling

Open staru09 opened this issue 2 months ago • 7 comments

Related to #43 .

STRIDE Model :- This framework enables developers to classify potential threats and ensure software systems maintain confidentiality, integrity, and availability. By assessing risks early in the development process, STRIDE allows for the implementation of effective security protections.

For more details refer this.

This is the sample report it created for the agentchat_graph.json

# STRIDE Analysis of Agentic Workflow

## 1. Mission Overview
The system is designed to facilitate automated information retrieval, analysis, and reporting through a network of agents. Primary roles include the Google Search Agent for web searches, the Stock Analysis Agent for financial data analysis, the Report Agent for generating reports, the Planning Agent for strategic planning, and the Web Search Agent for additional web-based queries. The Data Analyst Agent focuses on data processing and analysis tasks. These agents collaborate to streamline workflows and enhance decision-making processes.

## 2. Asset & Data Inventory
- **Agents:**
  - Google Search Agent
  - Stock Analysis Agent
  - Report Agent
  - Planning Agent
  - Web Search Agent
  - Data Analyst Agent
- **Tools:**
  - Google Search Tool
  - Stock Analysis Tool
  - Web Search Tool
  - Percentage Change Tool
- **External Systems:**
  - Google Search API
  - Stock Market Data Feeds
- **Sensitive Data:**
  - API keys and credentials
  - Financial analysis results
  - Internal reports and strategic plans

## 3. STRIDE Threat Assessment

| Category              | Threat Description                                                                 | Likelihood | Impact | Recommended Mitigations                                                                 |
|-----------------------|------------------------------------------------------------------------------------|------------|--------|-----------------------------------------------------------------------------------------|
| Spoofing              | Impersonation of agents to issue unauthorized commands.                            | Medium     | High   | Strong authentication, signed requests, mutual TLS, and secure agent identity attestation. |
| Tampering             | Unauthorized modification of data or prompts, leading to biased outputs.           | Medium     | High   | Integrity validation, immutable logs, sandboxed execution, and strict input validation.  |
| Repudiation           | Lack of audit trails allowing denial of actions performed by agents.               | Medium     | Medium | Comprehensive logging, tamper-evident audit trails, and non-repudiation through cryptographic signing. |
| Information Disclosure| Exposure of sensitive data through insecure storage or model leaks.                | High       | High   | Data minimization, strict access control, encryption, and context scrubbing.             |
| Denial of Service     | Overloading of system resources causing availability disruption.                   | Medium     | High   | Rate limiting, resource quota enforcement, redundancy, and continuous performance monitoring. |
| Elevation of Privilege| Unauthorized escalation of privileges through misconfiguration or chaining attacks.| Medium     | High   | Principle of Least Privilege, RBAC, segregation of duties, and privilege auditing.       |

## 4. Detailed Findings by Category

### Spoofing
In this workflow, spoofing threats could manifest through impersonation of agents such as the Google Search Agent or Stock Analysis Agent. Attackers might issue unauthorized commands or access restricted tools. This could lead to unauthorized control over workflows and data leakage. Mitigations include implementing strong authentication, signed requests, and secure agent identity attestation.

### Tampering
Tampering threats involve unauthorized modifications to data or prompts, potentially resulting in biased outputs or system instability. For example, altering the Stock Analysis Tool's input could skew financial analysis results. Mitigations include integrity validation through hashing, immutable logs, and sandboxed execution environments.

### Repudiation
Repudiation threats arise from insufficient audit trails, allowing agents to deny actions or attackers to obscure their activities. This could hinder incident response and forensic investigations. Comprehensive logging and tamper-evident audit trails are essential mitigations.

### Information Disclosure
Sensitive data exposure is a significant risk, particularly through model leaks or insecure storage. Agents like the Data Analyst Agent may inadvertently reveal API keys or financial data. Mitigations include data minimization, encryption, and context scrubbing before sending prompts to third-party APIs.

### Denial of Service
Denial of Service threats could disrupt system availability by overloading resources, such as flooding the Google Search Tool with excessive requests. This could paralyze workflows and increase operational costs. Mitigations include rate limiting, resource quota enforcement, and redundancy.

### Elevation of Privilege
Elevation of Privilege threats involve unauthorized escalation of capabilities, potentially through misconfigured environment variables or chaining attacks. This could lead to full system compromise. Mitigations include enforcing the Principle of Least Privilege, RBAC, and continuous privilege auditing.

## 5. Prioritized Recommendations
1. Implement strong authentication and signed requests for all agents and tools to prevent spoofing.
2. Establish comprehensive logging and tamper-evident audit trails to address repudiation threats.
3. Enforce strict access control and encryption to mitigate information disclosure risks.
4. Apply rate limiting and resource quotas to protect against Denial of Service attacks.
5. Conduct regular privilege audits and enforce the Principle of Least Privilege to prevent elevation of privilege.

staru09 avatar Oct 15 '25 19:10 staru09

@Aaditya-G please review

staru09 avatar Oct 16 '25 06:10 staru09

@staru09 please open an issue and link it to this PR

Aaditya-G avatar Oct 17 '25 03:10 Aaditya-G

keep all system prompts inside one folder rename system_prompt.txt to system_promot_maestro.txt for better understanding

Updated the file names based on the framework

additionally in the PR itself, have a reference to STRIDE.

Added a link for the same

also, update README.md to let end user know about using the new methodology.

Done, please review

staru09 avatar Oct 17 '25 08:10 staru09

Makes sense, let me go through it.

staru09 avatar Oct 20 '25 11:10 staru09

AgentChat_stride_report.md

Hi @CoderMayhem, please see if this report is any better, I'll update the PR if this one's fine.

staru09 avatar Oct 29 '25 09:10 staru09

looks better, need to test the system prompt for consistency across various agent frameworks. @staru09 can you do that? generate the report for different framework examples and see if the reports are consistent in format and content quality

CoderMayhem avatar Oct 30 '25 17:10 CoderMayhem

cool, I'll keep you posted with the results.

staru09 avatar Oct 30 '25 17:10 staru09