An LLM-based Approach to Recover Traceability Links between Security Requirements and Goal Models

Jameleddine Hassine

doi:10.1145/3661167.3661261

An LLM-based Approach to Recover Traceability Links between Security Requirements and Goal Models

Jameleddine Hassine^*

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Scopus citations

Abstract

The recovery of requirements traceability links between goal models and requirements is crucial for ensuring alignment between stakeholder objectives and system specifications. Large Language Models (LLMs) show potential to transform automated traceability significantly, addressing challenges such as accurately capturing diverse relationships between requirements artifacts, and ensuring scalability and efficiency in large-scale software projects. In this paper, we propose an LLM-based approach to generate security-related traceability links between requirements (expressed in natural language) and goals (described as part of GRL models). We employ a Zero-Shot (0S) approach utilizing GPT-3.5-turbo, enhanced by employing a meticulously crafted prompt. The approach is implemented in a prototype tool, tailored for the textual GRL (TGRL) language. We evaluate the approach and tool using a GRL model describing the objectives of a Virtual Interior Designer application along with a set of 42 requirements addressing both security and non-security aspects. The approach and tool yielded positive results, demonstrating a precision of 100%, a recall of 78.5%, and an F1-score of 87.9%.

Original language	English
Title of host publication	Proceedings of 2024 28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024
Publisher	Association for Computing Machinery
Pages	643-651
Number of pages	9
ISBN (Electronic)	9798400717017
DOIs	https://doi.org/10.1145/3661167.3661261
State	Published - 18 Jun 2024
Event	28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024 - Salerno, Italy Duration: 18 Jun 2024 → 21 Jun 2024

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024
Country/Territory	Italy
City	Salerno
Period	18/06/24 → 21/06/24

Bibliographical note

Publisher Copyright:
© 2024 ACM.

Keywords

Goal-oriented Language (GRL)
GPT-3.5-turbo
Large Language Model (LLM)
security requirements
traceability link

ASJC Scopus subject areas

Human-Computer Interaction
Computer Networks and Communications
Computer Vision and Pattern Recognition
Software

Access to Document

10.1145/3661167.3661261

Cite this

Hassine, J. (2024). An LLM-based Approach to Recover Traceability Links between Security Requirements and Goal Models. In Proceedings of 2024 28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024 (pp. 643-651). (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3661167.3661261

@inproceedings{b91df16e4fa7400dac52eb04bf1e8ab4,

title = "An LLM-based Approach to Recover Traceability Links between Security Requirements and Goal Models",

abstract = "The recovery of requirements traceability links between goal models and requirements is crucial for ensuring alignment between stakeholder objectives and system specifications. Large Language Models (LLMs) show potential to transform automated traceability significantly, addressing challenges such as accurately capturing diverse relationships between requirements artifacts, and ensuring scalability and efficiency in large-scale software projects. In this paper, we propose an LLM-based approach to generate security-related traceability links between requirements (expressed in natural language) and goals (described as part of GRL models). We employ a Zero-Shot (0S) approach utilizing GPT-3.5-turbo, enhanced by employing a meticulously crafted prompt. The approach is implemented in a prototype tool, tailored for the textual GRL (TGRL) language. We evaluate the approach and tool using a GRL model describing the objectives of a Virtual Interior Designer application along with a set of 42 requirements addressing both security and non-security aspects. The approach and tool yielded positive results, demonstrating a precision of 100%, a recall of 78.5%, and an F1-score of 87.9%.",

keywords = "Goal-oriented Language (GRL), GPT-3.5-turbo, Large Language Model (LLM), security requirements, traceability link",

author = "Jameleddine Hassine",

note = "Publisher Copyright: {\textcopyright} 2024 ACM.; 28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024 ; Conference date: 18-06-2024 Through 21-06-2024",

year = "2024",

month = jun,

day = "18",

doi = "10.1145/3661167.3661261",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "643--651",

booktitle = "Proceedings of 2024 28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024",

}

Hassine, J 2024, An LLM-based Approach to Recover Traceability Links between Security Requirements and Goal Models. in Proceedings of 2024 28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024. ACM International Conference Proceeding Series, Association for Computing Machinery, pp. 643-651, 28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024, Salerno, Italy, 18/06/24. https://doi.org/10.1145/3661167.3661261

An LLM-based Approach to Recover Traceability Links between Security Requirements and Goal Models. / Hassine, Jameleddine.
Proceedings of 2024 28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024. Association for Computing Machinery, 2024. p. 643-651 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An LLM-based Approach to Recover Traceability Links between Security Requirements and Goal Models

AU - Hassine, Jameleddine

PY - 2024/6/18

Y1 - 2024/6/18

N2 - The recovery of requirements traceability links between goal models and requirements is crucial for ensuring alignment between stakeholder objectives and system specifications. Large Language Models (LLMs) show potential to transform automated traceability significantly, addressing challenges such as accurately capturing diverse relationships between requirements artifacts, and ensuring scalability and efficiency in large-scale software projects. In this paper, we propose an LLM-based approach to generate security-related traceability links between requirements (expressed in natural language) and goals (described as part of GRL models). We employ a Zero-Shot (0S) approach utilizing GPT-3.5-turbo, enhanced by employing a meticulously crafted prompt. The approach is implemented in a prototype tool, tailored for the textual GRL (TGRL) language. We evaluate the approach and tool using a GRL model describing the objectives of a Virtual Interior Designer application along with a set of 42 requirements addressing both security and non-security aspects. The approach and tool yielded positive results, demonstrating a precision of 100%, a recall of 78.5%, and an F1-score of 87.9%.

AB - The recovery of requirements traceability links between goal models and requirements is crucial for ensuring alignment between stakeholder objectives and system specifications. Large Language Models (LLMs) show potential to transform automated traceability significantly, addressing challenges such as accurately capturing diverse relationships between requirements artifacts, and ensuring scalability and efficiency in large-scale software projects. In this paper, we propose an LLM-based approach to generate security-related traceability links between requirements (expressed in natural language) and goals (described as part of GRL models). We employ a Zero-Shot (0S) approach utilizing GPT-3.5-turbo, enhanced by employing a meticulously crafted prompt. The approach is implemented in a prototype tool, tailored for the textual GRL (TGRL) language. We evaluate the approach and tool using a GRL model describing the objectives of a Virtual Interior Designer application along with a set of 42 requirements addressing both security and non-security aspects. The approach and tool yielded positive results, demonstrating a precision of 100%, a recall of 78.5%, and an F1-score of 87.9%.

KW - Goal-oriented Language (GRL)

KW - GPT-3.5-turbo

KW - Large Language Model (LLM)

KW - security requirements

KW - traceability link

UR - http://www.scopus.com/inward/record.url?scp=85197433521&partnerID=8YFLogxK

U2 - 10.1145/3661167.3661261

DO - 10.1145/3661167.3661261

M3 - Conference contribution

AN - SCOPUS:85197433521

T3 - ACM International Conference Proceeding Series

SP - 643

EP - 651

BT - Proceedings of 2024 28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024

PB - Association for Computing Machinery

T2 - 28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024

Y2 - 18 June 2024 through 21 June 2024

ER -

An LLM-based Approach to Recover Traceability Links between Security Requirements and Goal Models

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this