Logo PTI Logo FedCSIS

Communication Papers of the 19th Conference on Computer Science and Intelligence Systems (FedCSIS)

Annals of Computer Science and Information Systems, Volume 41

Smart Assistants for Enhancing System Security and Resilience

, , , , , ,

DOI: http://dx.doi.org/10.15439/2024F8384

Citation: Communication Papers of the 19th Conference on Computer Science and Intelligence Systems (FedCSIS), M. Bolanowski, M. Ganzha, L. Maciaszek, M. Paprzycki, D. Ślęzak (eds). ACSIS, Vol. 41, pages 151158 ()

Full text

Abstract. Security and resilience have become paramount concerns for integrated system manufacturers as the number of vulnerabilities continues to increase annually. Cyber threats pose significant risks with substantial potential impacts on both manufacturers and end users. New regulations, such as the EU Cybersecurity Act and EU Cyber Resilience Act, mandate stricter practices and thorough verification throughout development and operations. Implementing a holistic DevSecOps process encompassing threat analysis, requirements engineering, development practices, verification, and operations management is challenging for large enterprises and SMEs. This complexity arises from the need for specialized expertise, knowledge of various techniques and tools, rigorous principle application, and thorough verification at each step, making the process costly, time-consuming, and potentially stifling to innovation and time-to-market.

References

  1. M. Cankar et al. Security in devsecops: Applying tools and machine learning to verification and monitoring steps. In M. Vieira et al., editors, Companion of the 2023 ACM/SPEC International Conference on Performance Engineering, ICPE 2023, Coimbra, Portugal, April 15-19, 2023, pp. 201–205. ACM, 2023. 10.1145/3578245.3584943.
  2. Y. He et al. Towards security threats of deep learning systems: A survey. IEEE Trans. Software Eng., 48(5):1743–1770, 2022.
  3. D. Bassi and H. Singh. A systematic literature review on software vulnerability prediction models. IEEE Access, 11:110289–110311, 2023.
  4. A. Freund. backdoor in upstream xz/liblzma leading to ssh server compromise. post on mailing list oss-security@openwall. https://openwall.com/lists/oss-security/2024/03/29/4, 2024. Accessed: 2024-04-25.
  5. A. Sadovykh et al. VeriDevOps: Automated Protection and Prevention to Meet Security Requirements in DevOps. In 2021 Design, Automation Test in Europe Conference Exhibition (DATE), pp. 1330–1333, February 2021.
  6. J. Jia et al. Software approaches for resilience of high performance computing systems: a survey. Frontiers Comput. Sci., 17(4):174105, 2023.
  7. S. M. Alhidaifi et al. A survey on cyber resilience: Key strategies, research challenges, and future directions. ACM Comput. Surv., 56(8):196:1–196:48, 2024.
  8. E. P. Enoiu et al. VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices. In Proceedings of the 18th International Conference on Availability, Reliability and Security, ARES ’23, pp. 1–9, New York, NY, USA, August 2023. Association for Computing Machinery.
  9. M. Savary-Leblanc et al. Software assistants in software engineering: A systematic mapping study. Software: Practice and Experience, 53(3):856–892, 2023.
  10. S. Santhanam et al. Bots in software engineering: a systematic mapping study. PeerJ Comput Sci, 8:e866, February 2022.
  11. R. Moguel-Sánchez et al. Bots and their uses in software development: A systematic mapping study. In 2022 10th International Conference in Software Engineering Research and Innovation (CONISOFT), pp. 140–149, 2022.
  12. A. Svyatkovskiy et al. Intellicode compose: code generation using transformer. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2020, pp. 1433–1443, New York, NY, USA, 2020. Association for Computing Machinery.
  13. A. Fontes and G. Gay. The integration of machine learning into automated test generation: A systematic mapping study. Software Testing, Verification and Reliability, 33(4):e1845, 2023.
  14. M. Ciniselli et al. An empirical study on the usage of transformer models for code completion. IEEE Transactions on Software Engineering, 48(12):4818–4837, 2022.
  15. D. Drain et al. Generating bug-fixes using pretrained transformers. In Proceedings of the 5th ACM SIGPLAN International Symposium on Machine Programming, MAPS 2021, pp. 1–8, New York, NY, USA, 2021. Association for Computing Machinery.
  16. B. Berabi et al. Tfix: Learning to fix coding errors with a text-to-text transformer. In M. Meila and T. Zhang, editors, Proceedings of the 38th International Conference on Machine Learning, volume 139 of Proceedings of Machine Learning Research, pp. 780–791. PMLR, 18–24 Jul 2021.
  17. Z. Li et al. Automating code review activities by large-scale pretraining. In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2022, pp. 1035–1047, New York, NY, USA, 2022. Association for Computing Machinery.
  18. P. Thongtanunam et al. Autotransform: Automated code transformation to support modern code review process. In 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE), pp. 237–248, 2022.
  19. R. Tufano et al. Using pre-trained models to boost code review automation. In Proceedings of the 44th International Conference on Software Engineering, ICSE ’22, pp. 2291–2302, New York, NY, USA, 2022. Association for Computing Machinery.
  20. A. Fan et al. Large language models for software engineering: Survey and open problems. In 2023 IEEE/ACM International Conference on Software Engineering: Future of Software Engineering (ICSE-FoSE), pp. 31–53, Los Alamitos, CA, USA, may 2023. IEEE Computer Society.
  21. X. Huang et al. Understanding the planning of llm agents: A survey, 2024.
  22. R. Kaur et al. Artificial intelligence for cybersecurity: Literature review and future research directions. Information Fusion, 97:101804, 2023.
  23. N. Mahmud et al. Resa: An ontology-based requirement specification language tailored to automotive systems. In 10th IEEE International Symposium on Industrial Embedded Systems (SIES), pp. 1–10, 2015.
  24. N. Mahmud et al. Resa tool: Structured requirements specification and sat-based consistency-checking. In 2016 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 1737–1746, 2016.
  25. N. Mahmud et al. Specification and semantic analysis of embedded systems requirements: From description logic to temporal logic. In Software Engineering and Formal Methods (SEFM), pp. 332–348, Cham, 2017. Springer.
  26. M. E. Salari et al. An experiment in requirements engineering and testing using EARS notation for PLC systems. In IEEE International Conference on Software Testing, Verification and Validation, ICST 2023 - Workshops, Dublin, Ireland, April 16-20, 2023, pp. 10–17. IEEE, 2023.
  27. H. Bruneliere et al. AIDOaRt: AI-augmented Automation for DevOps, a model-based framework for continuous development in Cyber–Physical Systems. Microprocessors and Microsystems, 94:104672, October 2022.