<a href="https://colab.research.google.com/github/RicardoCastelhano/ai-assisted-security-stride-threat-modeling/blob/main/ai_assisted_security_stride_threat_modeling.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# AI-Driven Threat Modeling with STRIDE

This notebook demonstrates how Artificial Intelligence and Prompt Engineering
can be used to generate a STRIDE-based threat modeling analysis from an
application architecture diagram.

The focus is on:
- Learning and experimentation
- Clear documentation
- Applying security concepts using AI


## Environment Setup

In this step, we clone the project repository to ensure reproducibility
and access to prompts, images, and documentation.


In [None]:
# Clone the GitHub repository
!git clone https://github.com/SEU_USUARIO/architecture-threat-modeling-ai.git

# Navigate to project folder
import os
os.chdir("architecture-threat-modeling-ai")

# List project files
os.listdir()


## Loading the STRIDE Prompt

The STRIDE prompt is stored as a separate Markdown file.
This makes the prompt engineering strategy explicit and reusable.


In [None]:
# Load STRIDE prompt
with open("prompts/stride_prompt.md", "r") as file:
    stride_prompt = file.read()

print(stride_prompt[:500])  # preview


## Architecture Input

The architecture diagram represents an application hosted in a cloud
environment with components such as APIs, virtual machines, and databases.

The image is used as contextual reference, while the analysis is driven
by a textual description.


In [None]:
from IPython.display import Image, display

# Display sample architecture image
display(Image(filename="images/sample_architecture.png"))


## Architecture Description

Since full image understanding is outside the scope of this notebook,
a textual description is provided to guide the AI analysis.


In [None]:
architecture_description = """
The architecture consists of a web client communicating with a public API.
The API runs on a virtual machine hosted in a cloud environment.
The API accesses a backend database containing sensitive user data.
Authentication is handled via a centralized identity service.
"""
print(architecture_description)


## Prompt Assembly

The final prompt combines:
- The STRIDE instructions
- The architecture description

This ensures the AI behaves as a security analyst.


In [None]:
final_prompt = f"""
{stride_prompt}

Architecture description:
{architecture_description}
"""

print(final_prompt[:800])


## STRIDE Threat Analysis

In this learning project, the AI response is simulated.
In a real-world scenario, this step would call Azure OpenAI.


In [None]:
# Simulated AI output
stride_analysis = """
Spoofing:
- Weak authentication mechanisms may allow identity impersonation.

Tampering:
- Data exchanged between API and database could be modified if not encrypted.

Repudiation:
- Lack of centralized logging may prevent tracing user actions.

Information Disclosure:
- Sensitive data stored in the database could be exposed due to misconfigurations.

Denial of Service:
- The public API may be vulnerable to traffic flooding attacks.

Elevation of Privilege:
- Improper role configuration could allow unauthorized privilege escalation.
"""

print(stride_analysis)


## Results and Discussion

The generated STRIDE analysis highlights common security risks
associated with cloud-based architectures.

This approach demonstrates how AI can assist security professionals
during early design phases, improving awareness and consistency.


In [None]:
## Conclusion and Future Work

Key takeaways:
- STRIDE provides a structured threat modeling approach
- Prompt engineering strongly influences AI output quality
- AI can accelerate architectural security reviews

Future improvements may include:
- Integration with Azure OpenAI
- Automated image interpretation
- Exporting reports in standardized formats
