Cybersecurity requirements identification using LLMs - A design science study
| dc.contributor.author | Linde, Filip | |
| dc.contributor.author | Sanner, Oscar | |
| dc.contributor.department | Chalmers tekniska högskola / Institutionen för data och informationsteknik | sv |
| dc.contributor.department | Chalmers University of Technology / Department of Computer Science and Engineering | en |
| dc.contributor.examiner | Horkoff, Jennifer | |
| dc.contributor.supervisor | Fotrousi, Farnaz | |
| dc.date.accessioned | 2025-01-13T09:37:25Z | |
| dc.date.available | 2025-01-13T09:37:25Z | |
| dc.date.issued | 2024 | |
| dc.date.submitted | ||
| dc.description.abstract | Context: Threat analysis and risk assessment (TARA) is a widely used approach for conducting cybersecurity analysis in the automotive industry. The process is initiated early in the development process and continuously iterated. Problems: Automotive systems continue to rely more on software. Additionally, the National Vulnerability Database (NVD) show that more vulnerabilities are found each year. As a result, much time has to be spent continuously ensuring that systems have updated TARA analysis. Method: We designed a Large Language Model (LLM) based artifact to help security engineers by automatically identifying attack paths and security requirements. The artifact achieved this via a combination of prompt engineering and grounding in both the Common Vulnerabilities and Exposures (CVE) database, and the Automotive Information Sharing and Analysis Center (Automotive-ISAC) Automotive Threat Matrix (ATM). Result: The artifact could define security requirements which met the expected standards of practitioners and were correct based on the attacks they were generated to mitigate. However, challenges were identified in the generation of attacks paths, where the generated output was less consistent in how well it met expectations. Experts perceived it to be able to generate appropriate requirements for an initial TARA analysis, however future work is needed to determine how more complex paths and requirements could be identified automatically. | |
| dc.identifier.coursecode | DATX05 | |
| dc.identifier.uri | http://hdl.handle.net/20.500.12380/309077 | |
| dc.language.iso | eng | |
| dc.setspec.uppsok | Technology | |
| dc.subject | requirements engineering | |
| dc.subject | threat analysis and risk assessment | |
| dc.subject | large language models | |
| dc.subject | automotive industry | |
| dc.subject | cybersecurity | |
| dc.subject | attack elicitation | |
| dc.subject | RAG | |
| dc.subject | prompt engineering | |
| dc.title | Cybersecurity requirements identification using LLMs - A design science study | |
| dc.type.degree | Examensarbete för masterexamen | sv |
| dc.type.degree | Master's Thesis | en |
| dc.type.uppsok | H | |
| local.programme | Software engineering and technology (MPSOF), MSc |