2024
Conference article  Open Access

Can AI help with the formalization of railway cybersecurity requirements?

Ter Beek M. H., Fantechi A., Gnesi S., Lenzini G., Petrocchi M.

ChatGPT  AI  Moving block railway signalling  Requirements Engineering  Controlled natural language  Copilot 

Driven by and dependent on ICT, like almost everything today, railway transportation has become a critical infrastructure and, as such, is exposed to threats against communication of on-board and wayside components. The shift to cybersecurity brings up the need to comply with new security requirements, and once more security software engineers are confronted with a well-known problem: how to express informal requirements into unambiguous formal expressions that can be translated into enforceable policies or be used to verify the security of a system design. We have experience in translating natural language requirements from standards, regulations, and guidelines into Controlled Natural Language for Data Sharing Agreements (CNL4DSA), a formalism that serves the purpose of bridging natural and formal expressions. The translation of requirements is challenging, calling for a rigorous process of coding agreement between researchers. Following the trend of the time, in this paper, we question whether AI and, in particular, the novel Generative Language Models, can help us with this translation exercise. Previous work shows that AI can help in writing security code, although not always producing secure code; less studied is the quality of generative AI’s working with controlled natural languages in writing requirements for security compliance. Can AI be a valuable tool or companion in this endeavour too? To answer this question, we engage ChatGPT and Microsoft 365 Copilot with the same challenges that we faced when translating cybersecurity requirements for railway systems into CNL4DSA. Comparing our results from some time ago with those of the machine, we found surprising insights, showing the high potentiality of using AI in requirements engineering.

Source: LECTURE NOTES IN COMPUTER SCIENCE, vol. 15219, pp. 186-203. Crete, Greece, 27-31/10/2024

Publisher: Springer

Metrics



Back to previous page

Share

Cite as

BibTeX entry
@inproceedings{oai:iris.cnr.it:20.500.14243/507205,
	title = {Can AI help with the formalization of railway cybersecurity requirements?},
	author = {Ter Beek M.  H. and Fantechi A. and Gnesi S. and Lenzini G. and Petrocchi M.},
	publisher = {Springer},
	doi = {10.1007/978-3-031-73709-1_12},
	booktitle = {LECTURE NOTES IN COMPUTER SCIENCE, vol. 15219, pp. 186-203. Crete, Greece, 27-31/10/2024},
	year = {2024}
}

CNR authors and affiliations

Download

Privacy Policy