Saved in:
| Main Authors: | , , , , , , , , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2411.04284 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866910687167512576 |
|---|---|
| author | Ling, Chen Ghashami, Mina Gao, Vianne Torkamani, Ali Vaulin, Ruslan Mangam, Nivedita Jain, Bhavya Diwan, Farhan SS, Malini Cheng, Mingrui Kumar, Shreya Tarur Candelario, Felix |
| author_facet | Ling, Chen Ghashami, Mina Gao, Vianne Torkamani, Ali Vaulin, Ruslan Mangam, Nivedita Jain, Bhavya Diwan, Farhan SS, Malini Cheng, Mingrui Kumar, Shreya Tarur Candelario, Felix |
| contents | Security controls are mechanisms or policies designed for cloud based services to reduce risk, protect information, and ensure compliance with security regulations. The development of security controls is traditionally a labor-intensive and time-consuming process. This paper explores the use of Generative AI to accelerate the generation of security controls. We specifically focus on generating Gherkin codes which are the domain-specific language used to define the behavior of security controls in a structured and understandable format. By leveraging large language models and in-context learning, we propose a structured framework that reduces the time required for developing security controls from 2-3 days to less than one minute. Our approach integrates detailed task descriptions, step-by-step instructions, and retrieval-augmented generation to enhance the accuracy and efficiency of the generated Gherkin code. Initial evaluations on AWS cloud services demonstrate promising results, indicating that GenAI can effectively streamline the security control development process, thus providing a robust and dynamic safeguard for cloud-based infrastructures. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2411_04284 |
| institution | arXiv |
| publishDate | 2024 |
| record_format | arxiv |
| spellingShingle | Enhancing Security Control Production With Generative AI Ling, Chen Ghashami, Mina Gao, Vianne Torkamani, Ali Vaulin, Ruslan Mangam, Nivedita Jain, Bhavya Diwan, Farhan SS, Malini Cheng, Mingrui Kumar, Shreya Tarur Candelario, Felix Cryptography and Security Machine Learning Security controls are mechanisms or policies designed for cloud based services to reduce risk, protect information, and ensure compliance with security regulations. The development of security controls is traditionally a labor-intensive and time-consuming process. This paper explores the use of Generative AI to accelerate the generation of security controls. We specifically focus on generating Gherkin codes which are the domain-specific language used to define the behavior of security controls in a structured and understandable format. By leveraging large language models and in-context learning, we propose a structured framework that reduces the time required for developing security controls from 2-3 days to less than one minute. Our approach integrates detailed task descriptions, step-by-step instructions, and retrieval-augmented generation to enhance the accuracy and efficiency of the generated Gherkin code. Initial evaluations on AWS cloud services demonstrate promising results, indicating that GenAI can effectively streamline the security control development process, thus providing a robust and dynamic safeguard for cloud-based infrastructures. |
| title | Enhancing Security Control Production With Generative AI |
| topic | Cryptography and Security Machine Learning |
| url | https://arxiv.org/abs/2411.04284 |