Is this project an undergraduate, graduate, or faculty project?
Graduate
Project Type
group
Campus
Daytona Beach
Authors' Class Standing
Lynn Vonder Haar, Masters Student Sarah Reynolds, Masters Student Tyler Procko, Masters Student Omar Ochoa, Faculty Advisor
Lead Presenter's Name
Lynn Vonder Haar
Lead Presenter's College
DB College of Engineering
Faculty Mentor Name
Omar Ochoa
Abstract
Eliciting requirements from customers and writing requirement specifications for any part of a software system is difficult and time-consuming. However, writing security specifications is especially difficult due to many development teams’ lack of security expertise. This causes security to either be an afterthought during implementation, or for security weaknesses to go unnoticed by developers. Utilizing automation to improve this process and validate the security specifications against known security weaknesses could help reduce the number of weaknesses introduced during the requirements phase of software development. The automated process described in this research uses entity linking to search a Software Requirement Specification (SRS) document for keywords associated with publicly known security weaknesses. The keywords are then used to query a knowledge graph of security weaknesses to provide developers with a detailed understanding of the security threats to their system. The developers can use the query results to refine their security specifications and improve the system’s strength early in the software development life cycle.
Keywords – Automation, validation, security requirements, knowledge graph
Did this research project receive funding support (Spark, SURF, Research Abroad, Student Internal Grants, Collaborative, Climbing, or Ignite Grants) from the Office of Undergraduate Research?
Yes, Spark Grant
Did this research project receive funding support (Spark, SURF, Research Abroad, Student Internal Grants, Collaborative, Climbing, or Ignite Grants) from the Office of Undergraduate Research?
Yes, Spark Grant
Eliminating Security Weaknesses in Requirement Specifications via a Knowledge Graph
Eliciting requirements from customers and writing requirement specifications for any part of a software system is difficult and time-consuming. However, writing security specifications is especially difficult due to many development teams’ lack of security expertise. This causes security to either be an afterthought during implementation, or for security weaknesses to go unnoticed by developers. Utilizing automation to improve this process and validate the security specifications against known security weaknesses could help reduce the number of weaknesses introduced during the requirements phase of software development. The automated process described in this research uses entity linking to search a Software Requirement Specification (SRS) document for keywords associated with publicly known security weaknesses. The keywords are then used to query a knowledge graph of security weaknesses to provide developers with a detailed understanding of the security threats to their system. The developers can use the query results to refine their security specifications and improve the system’s strength early in the software development life cycle.
Keywords – Automation, validation, security requirements, knowledge graph