界: Environment

本节包括的所有内容均与源代码无关,但对所创建产品的安全性仍然至关重要。因为本节涉及的问题与源代码没有直接关系,所以我们将它与其他章节分开。

Unbounded Consumption Misconfiguration

Abstract
如果没有对查询数量或处理时间进行适当的限制,LLM API 可能会不堪重负,影响系统的稳定性和可用性,甚至可能导致拒绝服务攻击或资源耗尽。
Explanation
当 LLM API 在资源使用方面没有得到充分的速率限制、节流或其他限制时,就会出现无限制消耗。这可能包括过多的模型推理请求、无限制的查询大小或长时间运行的进程,这些都会给托管模型的服务器带来过度压力,导致延迟、中断甚至完全失去服务。

当 LLM API 未得到适当控制时,攻击者可以通过发送大量请求、大型数据查询或消耗资源的复杂任务来滥用系统。在多租户系统中,这个问题可能会变得更加严重,因为一个用户或进程的过度消耗会影响其他用户或进程,从而导致潜在的性能瓶颈或系统停机。
此外,当攻击者通过发起大量请求来利用基于云的 AI 服务的按使用量付费模型时,就会发生 Denial of Wallet (DoW) 攻击,这会给提供商带来难以承受的财务负担。这可能会导致提供商陷入财务困境,因为处理过多请求的成本变得难以控制。

示例 1:用户向 LLM API 提交一系列大型文本生成请求,但没有设置任何超时,这使得请求可以无限期地运行。这会导致系统处理过多的数据,耗尽可用的服务器资源。

import openai

# OpenAI GPT model setup
openai.api_key = "your-api-key"

def generate_large_response(prompt):
  response = openai.Completion.create(
      engine="text-davinci-003",
      prompt=prompt,
      max_tokens=1000
  )
  return response

# Submitting unbounded requests with high complexity and token count
prompt = "Generate an extensive article on AI."
response = generate_large_response(prompt)
print(response)
示例 2:当与 LLM 模型交互时,在没有配置 rate_limiter 参数的情况下使用聊天模型。


from langchain_anthropic import ChatAnthropic
model = ChatAnthropic(
	model_name="claude-3-opus-20240229",
# not using rate_limiter
)


这些示例展示了缺乏超时设置的无限制 API 调用将如何消耗大量资源。如果没有执行时间的限制,系统可能会超载。这会对服务的稳定性产生负面影响,并可能导致资源耗尽或拒绝服务风险。
References
[1] OWASP Top 10 for Large Language Model Applications OWASP
[2] Standards Mapping - Common Weakness Enumeration CWE ID 770
[3] Standards Mapping - Common Weakness Enumeration Top 25 2024 [24] CWE ID 400
[4] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[5] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[6] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[7] Standards Mapping - OWASP API 2023 API4 Unrestricted Resource Consumption, API8 Security Misconfiguration
[8] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[9] Standards Mapping - OWASP Top 10 2010 A6 Security Misconfiguration
[10] Standards Mapping - OWASP Top 10 2013 A5 Security Misconfiguration
[11] Standards Mapping - OWASP Top 10 2017 A6 Security Misconfiguration
[12] Standards Mapping - OWASP Top 10 2021 A05 Security Misconfiguration
[13] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[14] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6
[15] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6
[16] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6
[17] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6
[18] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0.1 Requirement 6.2.4
[20] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection
[21] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection
[22] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection, Control Objective C.3.3 - Web Software Attack Mitigation
[23] Standards Mapping - SANS Top 25 2009 Risky Resource Management - CWE ID 404
[24] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[45] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002400 CAT II
[46] Standards Mapping - Security Technical Implementation Guide Version 6.2 APSC-DV-002400 CAT II
[47] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[48] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.structural.python.unbounded_consumption_misconfiguration