Cybersecurity requirements identification using LLMs - A design science study
Ladda ner
Typ
Examensarbete för masterexamen
Master's Thesis
Master's Thesis
Program
Software engineering and technology (MPSOF), MSc
Publicerad
2024
Författare
Linde, Filip
Sanner, Oscar
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Context: Threat analysis and risk assessment (TARA) is a widely used approach
for conducting cybersecurity analysis in the automotive industry. The process is
initiated early in the development process and continuously iterated.
Problems: Automotive systems continue to rely more on software. Additionally,
the National Vulnerability Database (NVD) show that more vulnerabilities are found
each year. As a result, much time has to be spent continuously ensuring that systems
have updated TARA analysis.
Method: We designed a Large Language Model (LLM) based artifact to help security
engineers by automatically identifying attack paths and security requirements.
The artifact achieved this via a combination of prompt engineering and grounding
in both the Common Vulnerabilities and Exposures (CVE) database, and the Automotive
Information Sharing and Analysis Center (Automotive-ISAC) Automotive
Threat Matrix (ATM).
Result: The artifact could define security requirements which met the expected
standards of practitioners and were correct based on the attacks they were generated
to mitigate. However, challenges were identified in the generation of attacks
paths, where the generated output was less consistent in how well it met expectations.
Experts perceived it to be able to generate appropriate requirements for
an initial TARA analysis, however future work is needed to determine how more
complex paths and requirements could be identified automatically.
Beskrivning
Ämne/nyckelord
requirements engineering , threat analysis and risk assessment , large language models , automotive industry , cybersecurity , attack elicitation , RAG , prompt engineering