Saved in:
Bibliographic Details
Main Authors: Ling, Chen, Ghashami, Mina, Gao, Vianne, Torkamani, Ali, Vaulin, Ruslan, Mangam, Nivedita, Jain, Bhavya, Diwan, Farhan, SS, Malini, Cheng, Mingrui, Kumar, Shreya Tarur, Candelario, Felix
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2411.04284
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910687167512576
author Ling, Chen
Ghashami, Mina
Gao, Vianne
Torkamani, Ali
Vaulin, Ruslan
Mangam, Nivedita
Jain, Bhavya
Diwan, Farhan
SS, Malini
Cheng, Mingrui
Kumar, Shreya Tarur
Candelario, Felix
author_facet Ling, Chen
Ghashami, Mina
Gao, Vianne
Torkamani, Ali
Vaulin, Ruslan
Mangam, Nivedita
Jain, Bhavya
Diwan, Farhan
SS, Malini
Cheng, Mingrui
Kumar, Shreya Tarur
Candelario, Felix
contents Security controls are mechanisms or policies designed for cloud based services to reduce risk, protect information, and ensure compliance with security regulations. The development of security controls is traditionally a labor-intensive and time-consuming process. This paper explores the use of Generative AI to accelerate the generation of security controls. We specifically focus on generating Gherkin codes which are the domain-specific language used to define the behavior of security controls in a structured and understandable format. By leveraging large language models and in-context learning, we propose a structured framework that reduces the time required for developing security controls from 2-3 days to less than one minute. Our approach integrates detailed task descriptions, step-by-step instructions, and retrieval-augmented generation to enhance the accuracy and efficiency of the generated Gherkin code. Initial evaluations on AWS cloud services demonstrate promising results, indicating that GenAI can effectively streamline the security control development process, thus providing a robust and dynamic safeguard for cloud-based infrastructures.
format Preprint
id arxiv_https___arxiv_org_abs_2411_04284
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Enhancing Security Control Production With Generative AI
Ling, Chen
Ghashami, Mina
Gao, Vianne
Torkamani, Ali
Vaulin, Ruslan
Mangam, Nivedita
Jain, Bhavya
Diwan, Farhan
SS, Malini
Cheng, Mingrui
Kumar, Shreya Tarur
Candelario, Felix
Cryptography and Security
Machine Learning
Security controls are mechanisms or policies designed for cloud based services to reduce risk, protect information, and ensure compliance with security regulations. The development of security controls is traditionally a labor-intensive and time-consuming process. This paper explores the use of Generative AI to accelerate the generation of security controls. We specifically focus on generating Gherkin codes which are the domain-specific language used to define the behavior of security controls in a structured and understandable format. By leveraging large language models and in-context learning, we propose a structured framework that reduces the time required for developing security controls from 2-3 days to less than one minute. Our approach integrates detailed task descriptions, step-by-step instructions, and retrieval-augmented generation to enhance the accuracy and efficiency of the generated Gherkin code. Initial evaluations on AWS cloud services demonstrate promising results, indicating that GenAI can effectively streamline the security control development process, thus providing a robust and dynamic safeguard for cloud-based infrastructures.
title Enhancing Security Control Production With Generative AI
topic Cryptography and Security
Machine Learning
url https://arxiv.org/abs/2411.04284