FSE 2025
Mon 23 - Fri 27 June 2025 Trondheim, Norway
co-located with ISSTA 2025
Mon 23 Jun 2025 10:50 - 11:10 at Andromeda - RE and Design Chair(s): Ipek Ozkaya

In the current software-driven era, ensuring privacy and security is critical. Despite this, the specification of security requirements for software is still largely a manual and labor-intensive process. Engineers are tasked with analyzing potential security threats based on functional requirements (FRs), a procedure prone to omissions and errors due to the expertise gap between cybersecurity experts and software engineers. To bridge this gap, we introduce F2SRD ( Function-to-S ecurity Requirement Derivation), an automated approach that proactively derives security requirements (SRs) from functional specifications under the guidance of relevant security verification requirements (VRs) drawn from the well recognized OWASP Application Security Verification Standard (ASVS). F2SRD operates in two main phases: Initially, we develop a VR retriever trained on a custom database of FR-VR pairs, enabling it to adeptly select applicable VRs from ASVS. This targeted retrieval informs the precise and actionable formulation of SRs. Subsequently, these VRs are used to construct structured prompts that direct GPT-4 in generating SRs. Our comparative analysis against two established models demonstrates F2SRD’s enhanced performance in producing SRs that excel in inspiration, diversity, and specificity—essential attributes for effective security requirement generation. By leveraging security verification standards, we believe that the generated SRs are not only more focused but also resonate stronger with the needs of engineers.

Mon 23 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

10:30 - 12:30
RE and DesignResearch Papers / Demonstrations / Journal First / Industry Papers at Andromeda
Chair(s): Ipek Ozkaya Carnegie Mellon University
10:30
10m
Talk
PF2UML:A Tool for Problem-Oriented Requirements Modeling and Transformation
Demonstrations
Hongbin Xiao Guangxi Key Lab of Multi-Source Information Mining and Securit(Guangxi Normal University), Zhi Li Guangxi Normal University, Yilong Yang Beihang University, Fei Tang Huawei Technologies Co., Ltd, Dongming Jin Peking University, China
Media Attached
10:40
10m
Talk
DReM: Efficiently Generating Domain-Specific Requirements Modeling Tool
Demonstrations
Ruixin Geng Beihang University, Jiahao Weng Beihang University, Ning Ge School of Software, Beihang University, Jingyao Li Beihang University, Chunming Hu Beihang University
10:50
20m
Talk
Incorporating Verification Standards for Security Requirements Generation from Functional Specifications
Research Papers
Xiaoli Lian Beihang University, China, Shuaisong Wang Beihang University, Hanyu Zou Beihang University, Fang Liu Beihang University, Jiajun Wu Beihang University, Li Zhang Beihang University
DOI
11:10
10m
Talk
Theano: A Tool for Verifying the Consistency and Completeness in Tabular Requirements
Demonstrations
Aurora Francesca Zanenga University of Bergamo, Bergamo, Italy, Nunzio Marco Bisceglia University of Bergamo, Bergamo, Italy, Benedetta Ippoliti University of Bergamo, Bergamo, Italy, Andrea Bombarda University of Bergamo, Angelo Gargantini University of Bergamo, Akshay Rajhans Mathworks, Claudio Menghi University of Bergamo; McMaster University
11:20
20m
Talk
Evaluating Large Language Models for Requirements Question Answering in Industrial Aerospace Software
Industry Papers
Longxing Yang Beijing Institute of Control Engineering, Yixing Luo Beijing Institute of Control Engineering, Hao Gao Beijing Institute of Control Engineering, Yingshuang Fan Beijing Institute of Control Engineering, Jingru Zhang Beijing Institute of Control Engineering, Xiaofeng Li Beijing Institute of Control Engineering, Xiaogang Dong Beijing Institute of Control Engineering, Bin Gu Beijing Institute of Control Engineering, Zhi Jin Peking University, Mengfei Yang China Academy of Space Technology
11:40
20m
Talk
To Do or Not to Do: Semantics and Patterns for Do Activities in UML PSSM State Machines
Journal First
Márton Elekes Budapest University of Technology and Economics, Vince Molnár Budapest University of Technology and Economics, Zoltán Micskei Budapest University of Technology and Economics
Link to publication DOI Pre-print
12:00
10m
Talk
Merlin-A: A tool to engineer adaptive modelling languages
Demonstrations
Esther Guerra Universidad Autónoma de Madrid, Juan de Lara Autonomous University of Madrid
Pre-print Media Attached
12:10
20m
Talk
Unlocking Optimal ORM Database Designs: Accelerated Tradeoff Analysis with Transformers
Research Papers
Md Rashedul Hasan University of Nebraska-Lincoln, Mohammad Rashedul Hasan University of Nebraska-Lincoln, Hamid Bagheri University of Nebraska-Lincoln
DOI Pre-print File Attached

Information for Participants
Mon 23 Jun 2025 10:30 - 12:30 at Andromeda - RE and Design Chair(s): Ipek Ozkaya
Info for room Andromeda:

Andromeda is located close to the restaurant and the bar, at the end of the corridor on the side of the bar.

From the registration desk, go towards the restaurant, turn left towards the bar, walk until the end of the corridor.

:
:
:
: