Supporting Software Engineers in IT Security and Privacy through Automated Knowledge Discovery

Marco Ehl; Amir Shayan Ahmadian; Katharina Großer; Duaa Adel Ali Elsofi; Marc Herrmann; Alexander Specht; Kurt Schneider; Jan Jürjens

doi:10.1145/3672608.3707798

Details

Original language	English
Title of host publication	40th Annual ACM Symposium on Applied Computing, SAC 2025
Publisher	Association for Computing Machinery
Pages	1647-1656
Number of pages	10
ISBN (electronic)	9798400706295
Publication status	Published - 14 May 2025
Event	40th Annual ACM Symposium on Applied Computing, SAC 2025 - Catania, Italy Duration: 31 Mar 2025 → 4 Apr 2025

Publication series

Name	Proceedings of the ACM Symposium on Applied Computing

Abstract

Security and privacy are increasingly essential concepts in software engineering. New threats and corresponding countermeasures are continuously discovered. Concurrently, projects are becoming more complex and are exposed to a greater number of threats. This presents a significant challenge for software engineers. As a result, security and privacy are often neglected due to a lack of knowledge, limited time, and financial constraints. While systematic literature reviews exist to address the increasing volume of publications, software engineers still require up-to-date knowledge of current threats and measures. This paper presents an automated, time-efficient, and cost-effective method for discovering knowledge from state-of-the-art literature and project artifacts, such as design documents. The presented method utilizes Large Language Models (LLMs) for data extraction and is demonstrated through a prototypical implementation and evaluation. This evaluation involves security and privacy in open-access scientific publications and project documentation from European Union research and development projects. The extracted knowledge is used to populate a quality model that is specifically designed to provide software engineers with information that helps them apply the findings. This quality model offers software engineers valuable, up-to-date insights into security and privacy, bridging the gap between scientific research and practical applications.

Keywords

knowledge discovery, large language model, privacy, quality model, security

ASJC Scopus subject areas

Computer Science(all)
Software

Cite this

Supporting Software Engineers in IT Security and Privacy through Automated Knowledge Discovery. / Ehl, Marco; Ahmadian, Amir Shayan; Großer, Katharina et al.
40th Annual ACM Symposium on Applied Computing, SAC 2025. Association for Computing Machinery, 2025. p. 1647-1656 (Proceedings of the ACM Symposium on Applied Computing).

Research output: Chapter in book/report/conference proceeding › Conference contribution › Research › peer review

Ehl, M, Ahmadian, AS, Großer, K, Elsofi, DAA, Herrmann, M , Specht, A , Schneider, K & Jürjens, J 2025, Supporting Software Engineers in IT Security and Privacy through Automated Knowledge Discovery. in 40th Annual ACM Symposium on Applied Computing, SAC 2025. Proceedings of the ACM Symposium on Applied Computing, Association for Computing Machinery, pp. 1647-1656, 40th Annual ACM Symposium on Applied Computing, SAC 2025, Catania, Italy, 31 Mar 2025. https://doi.org/10.1145/3672608.3707798

Ehl, M., Ahmadian, A. S., Großer, K., Elsofi, D. A. A., Herrmann, M., Specht, A., Schneider, K., & Jürjens, J. (2025). Supporting Software Engineers in IT Security and Privacy through Automated Knowledge Discovery. In 40th Annual ACM Symposium on Applied Computing, SAC 2025 (pp. 1647-1656). (Proceedings of the ACM Symposium on Applied Computing). Association for Computing Machinery. https://doi.org/10.1145/3672608.3707798

Ehl M, Ahmadian AS, Großer K, Elsofi DAA, Herrmann M , Specht A et al. Supporting Software Engineers in IT Security and Privacy through Automated Knowledge Discovery. In 40th Annual ACM Symposium on Applied Computing, SAC 2025. Association for Computing Machinery. 2025. p. 1647-1656. (Proceedings of the ACM Symposium on Applied Computing). doi: 10.1145/3672608.3707798

Ehl, Marco ; Ahmadian, Amir Shayan ; Großer, Katharina et al. / Supporting Software Engineers in IT Security and Privacy through Automated Knowledge Discovery. 40th Annual ACM Symposium on Applied Computing, SAC 2025. Association for Computing Machinery, 2025. pp. 1647-1656 (Proceedings of the ACM Symposium on Applied Computing).

Download

@inproceedings{31b41a504f6148ee994e9bd79b77c055,

title = "Supporting Software Engineers in IT Security and Privacy through Automated Knowledge Discovery",

abstract = "Security and privacy are increasingly essential concepts in software engineering. New threats and corresponding countermeasures are continuously discovered. Concurrently, projects are becoming more complex and are exposed to a greater number of threats. This presents a significant challenge for software engineers. As a result, security and privacy are often neglected due to a lack of knowledge, limited time, and financial constraints. While systematic literature reviews exist to address the increasing volume of publications, software engineers still require up-to-date knowledge of current threats and measures. This paper presents an automated, time-efficient, and cost-effective method for discovering knowledge from state-of-the-art literature and project artifacts, such as design documents. The presented method utilizes Large Language Models (LLMs) for data extraction and is demonstrated through a prototypical implementation and evaluation. This evaluation involves security and privacy in open-access scientific publications and project documentation from European Union research and development projects. The extracted knowledge is used to populate a quality model that is specifically designed to provide software engineers with information that helps them apply the findings. This quality model offers software engineers valuable, up-to-date insights into security and privacy, bridging the gap between scientific research and practical applications.",

keywords = "knowledge discovery, large language model, privacy, quality model, security",

author = "Marco Ehl and Ahmadian, {Amir Shayan} and Katharina Gro{\ss}er and Elsofi, {Duaa Adel Ali} and Marc Herrmann and Alexander Specht and Kurt Schneider and Jan J{\"u}rjens",

note = "Publisher Copyright: Copyright {\textcopyright} 2025 held by the owner/author(s).; 40th Annual ACM Symposium on Applied Computing, SAC 2025, SAC 2025 ; Conference date: 31-03-2025 Through 04-04-2025",

year = "2025",

month = may,

day = "14",

doi = "10.1145/3672608.3707798",

language = "English",

series = "Proceedings of the ACM Symposium on Applied Computing",

publisher = "Association for Computing Machinery",

pages = "1647--1656",

booktitle = "40th Annual ACM Symposium on Applied Computing, SAC 2025",

address = "United States",

}

Download

TY - GEN

T1 - Supporting Software Engineers in IT Security and Privacy through Automated Knowledge Discovery

AU - Ehl, Marco

AU - Ahmadian, Amir Shayan

AU - Großer, Katharina

AU - Elsofi, Duaa Adel Ali

AU - Herrmann, Marc

AU - Specht, Alexander

AU - Schneider, Kurt

AU - Jürjens, Jan

PY - 2025/5/14

Y1 - 2025/5/14

N2 - Security and privacy are increasingly essential concepts in software engineering. New threats and corresponding countermeasures are continuously discovered. Concurrently, projects are becoming more complex and are exposed to a greater number of threats. This presents a significant challenge for software engineers. As a result, security and privacy are often neglected due to a lack of knowledge, limited time, and financial constraints. While systematic literature reviews exist to address the increasing volume of publications, software engineers still require up-to-date knowledge of current threats and measures. This paper presents an automated, time-efficient, and cost-effective method for discovering knowledge from state-of-the-art literature and project artifacts, such as design documents. The presented method utilizes Large Language Models (LLMs) for data extraction and is demonstrated through a prototypical implementation and evaluation. This evaluation involves security and privacy in open-access scientific publications and project documentation from European Union research and development projects. The extracted knowledge is used to populate a quality model that is specifically designed to provide software engineers with information that helps them apply the findings. This quality model offers software engineers valuable, up-to-date insights into security and privacy, bridging the gap between scientific research and practical applications.

AB - Security and privacy are increasingly essential concepts in software engineering. New threats and corresponding countermeasures are continuously discovered. Concurrently, projects are becoming more complex and are exposed to a greater number of threats. This presents a significant challenge for software engineers. As a result, security and privacy are often neglected due to a lack of knowledge, limited time, and financial constraints. While systematic literature reviews exist to address the increasing volume of publications, software engineers still require up-to-date knowledge of current threats and measures. This paper presents an automated, time-efficient, and cost-effective method for discovering knowledge from state-of-the-art literature and project artifacts, such as design documents. The presented method utilizes Large Language Models (LLMs) for data extraction and is demonstrated through a prototypical implementation and evaluation. This evaluation involves security and privacy in open-access scientific publications and project documentation from European Union research and development projects. The extracted knowledge is used to populate a quality model that is specifically designed to provide software engineers with information that helps them apply the findings. This quality model offers software engineers valuable, up-to-date insights into security and privacy, bridging the gap between scientific research and practical applications.

KW - knowledge discovery

KW - large language model

KW - privacy

KW - quality model

KW - security

UR - http://www.scopus.com/inward/record.url?scp=105006451939&partnerID=8YFLogxK

U2 - 10.1145/3672608.3707798

DO - 10.1145/3672608.3707798

M3 - Conference contribution

AN - SCOPUS:105006451939

T3 - Proceedings of the ACM Symposium on Applied Computing

SP - 1647

EP - 1656

BT - 40th Annual ACM Symposium on Applied Computing, SAC 2025

PB - Association for Computing Machinery

T2 - 40th Annual ACM Symposium on Applied Computing, SAC 2025

Y2 - 31 March 2025 through 4 April 2025

ER -

Research@Leibniz University

Supporting Software Engineers in IT Security and Privacy through Automated Knowledge Discovery

Authors

Research Organisations

External Research Organisations

Details

Publication series

Abstract

Keywords

ASJC Scopus subject areas

Cite this

By the same author(s)

Do Users’ Explainability Needs in Software Change with Mood?

How Does Users’ App Knowledge Influence the Preferred Level of Detail and Format of Software Explanations?

Organizing Graphical User Interface tests from behavior‐driven development as videos to obtain stakeholders' feedback

Different and similar perceptions of communication among software developers

Exploring the means to measure explainability: Metrics, heuristics and questionnaires

Do Users’ Explainability Needs in Software Change with Mood?

How Does Users’ App Knowledge Influence the Preferred Level of Detail and Format of Software Explanations?

Organizing Graphical User Interface tests from behavior‐driven development as videos to obtain stakeholders' feedback

Different and similar perceptions of communication among software developers

Exploring the means to measure explainability: Metrics, heuristics and questionnaires

Do Users’ Explainability Needs in Software Change with Mood?