Risks of ignoring uncertainty propagation in AI-augmented security pipelines
This addresses a fundamental research challenge for safety-critical software systems by highlighting risks ignored in prior work, though it is incremental in extending uncertainty analysis to AI pipelines.
The paper tackles the problem of uncertainty propagation in AI-augmented security pipelines, which threatens safety-critical domains, by providing formal underpinnings and a simulator to quantify uncertainty, with evaluation through a case study.
The use of AI technologies is being integrated into the secure development of software-based systems, with an increasing trend of composing AI-based subsystems (with uncertain levels of performance) into automated pipelines. This presents a fundamental research challenge and seriously threatens safety-critical domains. Despite the existing knowledge about uncertainty in risk analysis, no previous work has estimated the uncertainty of AI-augmented systems given the propagation of errors in the pipeline. We provide the formal underpinnings for capturing uncertainty propagation, develop a simulator to quantify uncertainty, and evaluate the simulation of propagating errors with one case study. We discuss the generalizability of our approach and its limitations and present recommendations for evaluation policies concerning AI systems. Future work includes extending the approach by relaxing the remaining assumptions and by experimenting with a real system.