Automated Analysis of Security-Related System Requirements Specifications

Abstract

It is crucial to protect mission-critical software systems by building in security from the ground up. Despite this, it is both expensive and error-prone to create adequate security-focused system requirements specifications (SysRS). Analyzing the requirements brings an additional challenge since requirements engineers are not necessarily security experts. Therefore, an automated security-related SysRS analysis framework will reduce the cost, time, and other resources related to incorporating security into software, while allowing security to be built-in early in the development cycle. This report describes the previous, current, and future work related to the creation of an automated natural language processing-based SysRS analysis technique. It explores the elements required to build such a framework and discusses both preliminary results and future efforts associated with building this analysis framework.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 18, 2020
Accession Number
AD1118201

Entities

People

  • Jennifer Cassetti
  • Mark Zappavigna
  • Viktoria Koscinski

Organizations

  • Rochester Institute of Technology

Tags

Communities of Interest

  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Abstracts
  • Air Force
  • Air Force Research Laboratories
  • Artificial Intelligence Computing
  • Automatic
  • Computational Linguistics
  • Department Of Defense
  • Engineering
  • Engineers
  • Extraction
  • Governments
  • Information Operations
  • Iterations
  • Language
  • Linguistics
  • Monitoring
  • Natural Language Processing
  • Natural Languages
  • Ratings
  • Reasoning
  • Security
  • Software Development
  • Specifications
  • Urban Areas

Fields of Study

  • Computer science
  • Engineering

Readers

  • Cybersecurity.
  • Software Engineering.

Technology Areas

  • AI & ML