Is this project an undergraduate, graduate, or faculty project?

Graduate

Project Type

group

Campus

Daytona Beach

Authors' Class Standing

Lynn Vonder Haar, Masters Student Sarah Reynolds, Masters Student Tyler Procko, Masters Student Omar Ochoa, Faculty Advisor

Lead Presenter's Name

Lynn Vonder Haar

Lead Presenter's College

DB College of Engineering

Faculty Mentor Name

Omar Ochoa

Abstract

Eliciting requirements from customers and writing requirement specifications for any part of a software system is difficult and time-consuming. However, writing security specifications is especially difficult due to many development teams’ lack of security expertise. This causes security to either be an afterthought during implementation, or for security weaknesses to go unnoticed by developers. Utilizing automation to improve this process and validate the security specifications against known security weaknesses could help reduce the number of weaknesses introduced during the requirements phase of software development. The automated process described in this research uses entity linking to search a Software Requirement Specification (SRS) document for keywords associated with publicly known security weaknesses. The keywords are then used to query a knowledge graph of security weaknesses to provide developers with a detailed understanding of the security threats to their system. The developers can use the query results to refine their security specifications and improve the system’s strength early in the software development life cycle.

Keywords – Automation, validation, security requirements, knowledge graph

Did this research project receive funding support (Spark, SURF, Research Abroad, Student Internal Grants, Collaborative, Climbing, or Ignite Grants) from the Office of Undergraduate Research?

Yes, Spark Grant

Share

COinS
 

Eliminating Security Weaknesses in Requirement Specifications via a Knowledge Graph

Eliciting requirements from customers and writing requirement specifications for any part of a software system is difficult and time-consuming. However, writing security specifications is especially difficult due to many development teams’ lack of security expertise. This causes security to either be an afterthought during implementation, or for security weaknesses to go unnoticed by developers. Utilizing automation to improve this process and validate the security specifications against known security weaknesses could help reduce the number of weaknesses introduced during the requirements phase of software development. The automated process described in this research uses entity linking to search a Software Requirement Specification (SRS) document for keywords associated with publicly known security weaknesses. The keywords are then used to query a knowledge graph of security weaknesses to provide developers with a detailed understanding of the security threats to their system. The developers can use the query results to refine their security specifications and improve the system’s strength early in the software development life cycle.

Keywords – Automation, validation, security requirements, knowledge graph