Incorporating Verification Standards for Security Requirements Generation from Functional Specifications
In the current software-driven era, ensuring privacy and security is critical. Despite this, the specification of security requirements for software is still largely a manual and labor-intensive process. Engineers are tasked with analyzing potential security threats based on functional requirements (FRs), a procedure prone to omissions and errors due to the expertise gap between cybersecurity experts and software engineers. To bridge this gap, we introduce F2SRD ( Function-to-S ecurity Requirement Derivation), an automated approach that proactively derives security requirements (SRs) from functional specifications under the guidance of relevant security verification requirements (VRs) drawn from the well recognized OWASP Application Security Verification Standard (ASVS). F2SRD operates in two main phases: Initially, we develop a VR retriever trained on a custom database of FR-VR pairs, enabling it to adeptly select applicable VRs from ASVS. This targeted retrieval informs the precise and actionable formulation of SRs. Subsequently, these VRs are used to construct structured prompts that direct GPT-4 in generating SRs. Our comparative analysis against two established models demonstrates F2SRD’s enhanced performance in producing SRs that excel in inspiration, diversity, and specificity—essential attributes for effective security requirement generation. By leveraging security verification standards, we believe that the generated SRs are not only more focused but also resonate stronger with the needs of engineers.
Mon 23 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 12:30 | RE and DesignResearch Papers / Demonstrations / Journal First / Industry Papers at Andromeda Chair(s): Ipek Ozkaya Carnegie Mellon University | ||
10:30 10mTalk | PF2UML:A Tool for Problem-Oriented Requirements Modeling and Transformation Demonstrations Hongbin Xiao Guangxi Key Lab of Multi-Source Information Mining and Securit(Guangxi Normal University), Zhi Li Guangxi Normal University, Yilong Yang Beihang University, Fei Tang Huawei Technologies Co., Ltd, Dongming Jin Peking University, China Media Attached | ||
10:40 10mTalk | DReM: Efficiently Generating Domain-Specific Requirements Modeling Tool Demonstrations Ruixin Geng Beihang University, Jiahao Weng Beihang University, Ning Ge School of Software, Beihang University, Jingyao Li Beihang University, Chunming Hu Beihang University | ||
10:50 20mTalk | Incorporating Verification Standards for Security Requirements Generation from Functional Specifications Research Papers Xiaoli Lian Beihang University, China, Shuaisong Wang Beihang University, Hanyu Zou Beihang University, Fang Liu Beihang University, Jiajun Wu Beihang University, Li Zhang Beihang University DOI | ||
11:10 10mTalk | Theano: A Tool for Verifying the Consistency and Completeness in Tabular Requirements Demonstrations Aurora Francesca Zanenga University of Bergamo, Bergamo, Italy, Nunzio Marco Bisceglia University of Bergamo, Bergamo, Italy, Benedetta Ippoliti University of Bergamo, Bergamo, Italy, Andrea Bombarda University of Bergamo, Angelo Gargantini University of Bergamo, Akshay Rajhans Mathworks, Claudio Menghi University of Bergamo; McMaster University | ||
11:20 20mTalk | Evaluating Large Language Models for Requirements Question Answering in Industrial Aerospace Software Industry Papers Longxing Yang Beijing Institute of Control Engineering, Yixing Luo Beijing Institute of Control Engineering, Hao Gao Beijing Institute of Control Engineering, Yingshuang Fan Beijing Institute of Control Engineering, Jingru Zhang Beijing Institute of Control Engineering, Xiaofeng Li Beijing Institute of Control Engineering, Xiaogang Dong Beijing Institute of Control Engineering, Bin Gu Beijing Institute of Control Engineering, Zhi Jin Peking University, Mengfei Yang China Academy of Space Technology | ||
11:40 20mTalk | To Do or Not to Do: Semantics and Patterns for Do Activities in UML PSSM State Machines Journal First Márton Elekes Budapest University of Technology and Economics, Vince Molnár Budapest University of Technology and Economics, Zoltán Micskei Budapest University of Technology and Economics Link to publication DOI Pre-print | ||
12:00 10mTalk | Merlin-A: A tool to engineer adaptive modelling languages Demonstrations Pre-print Media Attached | ||
12:10 20mTalk | Unlocking Optimal ORM Database Designs: Accelerated Tradeoff Analysis with Transformers Research Papers Md Rashedul Hasan University of Nebraska-Lincoln, Mohammad Rashedul Hasan University of Nebraska-Lincoln, Hamid Bagheri University of Nebraska-Lincoln DOI Pre-print File Attached |
Andromeda is located close to the restaurant and the bar, at the end of the corridor on the side of the bar.
From the registration desk, go towards the restaurant, turn left towards the bar, walk until the end of the corridor.