Visible to the public A Co-Occurrence Recommendation Model of Software Security Requirement

TitleA Co-Occurrence Recommendation Model of Software Security Requirement
Publication TypeConference Paper
Year of Publication2019
AuthorsXu, Yilin, Ge, Weimin, Li, Xiaohong, Feng, Zhiyong, Xie, Xiaofei, Bai, Yude
Conference Name2019 International Symposium on Theoretical Aspects of Software Engineering (TASE)
KeywordsCo-occurrence Recommend Model (CoRM), co-occurrence recommendation model, CoRM model, human factors, natural language processing, nonsecurity specialists, pubcrawl, recommender systems, Resiliency, Scalability, security, security of data, security requirements, security target documents, security threat, security-critical software systems, semantic similarity, Semantics, Software, software engineering, software products, software security threat, software SRs, Training, Unified modeling language
AbstractTo guarantee the quality of software, specifying security requirements (SRs) is essential for developing systems, especially for security-critical software systems. However, using security threat to determine detailed SR is quite difficult according to Common Criteria (CC), which is too confusing and technical for non-security specialists. In this paper, we propose a Co-occurrence Recommend Model (CoRM) to automatically recommend software SRs. In this model, the security threats of product are extracted from security target documents of software, in which the related security requirements are tagged. In order to establish relationships between software security threat and security requirement, semantic similarities between different security threat is calculated by Skip-thoughts Model. To evaluate our CoRM model, over 1000 security target documents of 9 types software products are exploited. The results suggest that building a CoRM model via semantic similarity is feasible and reliable.
DOI10.1109/TASE.2019.00-21
Citation Keyxu_co-occurrence_2019