A co-occurrence recommendation model of software security requirement

Yilin Xu, Weimin Ge, Xiaohong Li, Zhiyong Feng, Xiaofei Xie, Yude Bai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

To guarantee the quality of software, specifying security requirements (SRs) is essential for developing systems, especially for security-critical software systems. However, using security threat to determine detailed SR is quite difficult according to Common Criteria (CC), which is too confusing and technical for non-security specialists. In this paper, we propose a Co-occurrence Recommend Model (CoRM) to automatically recommend software SRs. In this model, the security threats of product are extracted from security target documents of software, in which the related security requirements are tagged. In order to establish relationships between software security threat and security requirement, semantic similarities between different security threat is calculated by Skip-thoughts Model. To evaluate our CoRM model, over 1000 security target documents of 9 types software products are exploited. The results suggest that building a CoRM model via semantic similarity is feasible and reliable.

Original languageEnglish
Title of host publicationProceedings - 2019 13th International Symposium on Theoretical Aspects of Software Engineering, TASE 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages41-48
Number of pages8
ISBN (Electronic)9781728133423
DOIs
Publication statusPublished - Jul 2019
Externally publishedYes
Event13th International Symposium on Theoretical Aspects of Software Engineering, TASE 2019 - Guilin, China
Duration: Jul 29 2019Jul 31 2019

Publication series

NameProceedings - 2019 13th International Symposium on Theoretical Aspects of Software Engineering, TASE 2019

Conference

Conference13th International Symposium on Theoretical Aspects of Software Engineering, TASE 2019
Country/TerritoryChina
CityGuilin
Period7/29/197/31/19

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Computational Theory and Mathematics
  • Software
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'A co-occurrence recommendation model of software security requirement'. Together they form a unique fingerprint.

Cite this