4-6 November | Sheraton Grand Doha, Qatar

Evaluation of AI-Based Technology (A20a)

05 Nov 2024
9:00 am

Evaluation of AI-Based Technology (A20a)

A project on the evaluation of AI-based technology has been accepted in ISO/IEC JTC 1 SC 27 Information security, cybersecurity, and privacy protection WG3 – Security Evaluation, Testing and Specification. With the advent of ChatGPT, there has been a lot of focus on AI in the past year, worldwide and in ISO/IEC SC42 Artificial Intelligence. New regulations have emerged, such as the EU AI Act (a legal framework for AI adopted in March 2024) and the U.S. Executive Order on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (issued October 2023). The German Federal Office for Information Security (BSI) initiated a project to assess the integration of CC evaluation with AI video analysis (presented at EU Cyber Acts 2024). SGS Brightsight (Netherlands) has examined deep learning-based image classification functionality (presented at ICCC 2023). For both these Common Criteria AI evaluation projects, new SFRs were proposed. NIST Publications AI 100-2 E023 Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations provides a Predictive and Generative AI Taxonomy including types of attacks and mitigations. This talk will examine AI-specific threats and AI attack types to determine what might be required to extend the Common Criteria (ISO/IEC 15048 and 18045) for AI. It will also report on preliminary work for use cases for the Biometrics Security iTC. This effort would eventually be folded into the current cPP in the form of SFRs and SARs. ISO co-editors (alphabetical order): Heebong Choi, Naruki Kai, David Martin, Dr. Jade Stewart with WG3 Convenor Miguel Banon. Presenters: Jade Stewart and Naruki Kai.