SecREP : A Framework for Automating the Extraction and Prioritization of Security Requirements Using Machine Learning and NLP Techniques

Gathering and extracting security requirements adequately requires extensive effort, experience, and time, as large amounts of data need to be analyzed. While many manual and academic approaches have been developed to tackle the discipline of Security Requirements Engineering (SRE), a need still exists for automating the SRE process. This need stems mainly from the difficult, error-prone, and time-consuming nature of traditional and manual frameworks. Machine learning techniques have been widely used to facilitate and automate the extraction of useful information from software requirements documents and artifacts. Such approaches can be utilized to yield beneficial results in automating the process of extracting and eliciting security requirements. However, the extraction of security requirements alone leaves software engineers with yet another tedious task of prioritizing the most critical security requirements. The competitive and fast-paced nature of software development, in addition to resource constraints make the process of security requirements prioritization crucial for software engineers to make educated decisions in risk-analysis and trade-off analysis. To that end, this thesis presents an automated framework/pipeline for extracting and prioritizing security requirements. The proposed framework, called the Security Requirements Extraction and Prioritization Framework (SecREP) consists of two parts: SecREP Part 1: Proposes a machine learning approach for identifying/extracting security requirements from natural language software requirements artifacts (e.g., the Software Requirement Specification document, known as the SRS documents) SecREP Part 2: Proposes a scheme for prioritizing the security requirements identified in the previous step. For the first part of the SecREP framework, three machine learning models (SVM, Naive Bayes, and Random Forest) were trained using an enhanced dataset the “SecREP Dataset” that was created as a result of this work. Each model was validated using resampling (80% of for training and 20% for validation) and 5-folds cross validation techniques. For the second part of the SecREP framework, a prioritization scheme was established with the aid of NLP techniques. The proposed prioritization scheme analyzes each security requirement using Part-of-speech (POS) and Named Entity Recognition methods to extract assets, security attributes, and threats from the security requirement. Additionally, using a text similarity method, each security requirement is compared to a super-sentence that was defined based on the STRIDE threat model. This prioritization scheme was applied to the extracted list of security requirements obtained from the case study in part one, and the priority score for each requirement was calculated and showcase

Alignment of Misuse Cases to ISSRM

Digitaalse ja sotsiaalse elu vaheline piirjoon on hägunemas ning informatsiooni süsteemide turvalisuse ja informatsiooni per se turvalisus tekitab muret. Samuti pälvib tähelepanu süsteemide turvalisuse arendamine ja säilitamine. Olemasolevad uurimused viitavad mitmetele juhtumitele, kus turvalisuse aspekti võeti arvesse ainult süsteemi väljatöötamise protsessi lõpus, jättes välja süstemaatilise turvalisuse analüüsi süsteemi ja tarkvara nõuete ja kavandamise etappidel. Misuse case diagrams on üks võimalikke viise seostada turvalisuse analüüsi ja süsteemi funktusionaalsete nõuete definitsiooni. Nende peamine eesmärk on negatiivsete stsenaariumite modeleerimine, seoses defineeritud süsteemi funktsionaalsete nõuete esilekutsumise ja analüüsiga. Hoolimata sellest eelisest on väärkasutatud juhtumid üsna ebatäpsed; nad ei täida riskianalüüsi organiseerimise strateegiaid, ja seega võivad viia valetõlgendamiseni turvalisusega seotud konseptsioonides. Sellised limitatsioonid võivad potentsiaalselt viia puudulike lahendusteni turvalisuse alal. Sageli tuleb organisatsioonidel leida enda turvalisuse lahendused, et kaitsta oma ressursse ja varasid. Käesolevas töös rakendame süstemaatilist lähenemist, et mõista kuidas Misuse case diagrams aitavad organiseerida ettevõtete varasid, potentsiaalseid süsteemiriske ja turvalisuse nõudeid, et leevendada riske. Täpsemalt ühtlustame Misuse case konstruktsiooni domeeni mudeli kontseptiga, informatsiooni süsteemi turvalisusriski haldamiseks (Information Systems Security Risk Management; ISSRM). Lisaks, põhinedes ISSRM ja keelelisele ühtlustamisele, uurime ja arendame reeglid, et tõlkida Misuse cas diagrams Secure Tropos mudelile. Käesoleva uurimuse panusel on mitmeid eeliseid. Esmalt aitab potentsiaalselt mõista, kuidas Misuse case turvalisuse riski haldamisega tegeleb. Teiseks määratleb meetodi, mis toetab turvalisuse nõuete põhjendamist arendatud süsteemi kehtestamisel ja rakendamisel. Viimaseks, Secure Troposi transformeerumine aitab potentsiaalselt arendajatel (ja teistel süsteemi vahendajatel) mõista miks turvalisuse lahendused on olulised ning millised on erinevate huvigruppide kompromissid. Plaanime kinnitada saadud tulemused, kus mudeli kvaliteet seoses selle arusaadavusega on mõõdetud Misuse case diagram jaoks. Usume, et selline Misuse case seadistamine koos ISSRM ja Misuse case diagram transformeerumine eesmärgile orienteeritud modelleerumisele, on kasulik süsteemi ja tarkvara arendajatele. Esmalt aitab mõista turvalisusega seotud probleeme varajastes arendamise staadiumites. Teiseks aitab vaadata probleemi erinevatest vaatenurkadest, mõistes erinevaid turvalisuse arendamise perspektiive.As a line between digital and social life is diminishing, security concerns of information systems and information per se, also developing and maintaining system security are gaining a rising attention. Nevertheless, the existing practices report on numerous cases when security aspects were considered only at the end of the system development process, thus, missing the systematic security analysis during system and software requirements and design stages. Misuse case diagrams are one of the possible ways to relate security analysis and system functional requirements definition. Their main goal is to model negative scenarios with respect to the defined system functional requirement elicitation and analysis. Despite this fundamental advantage, misuse cases tend to be rather imprecise; they do not comply with security risk management strategies, and, thus, could lead to misinterpretation of the security-related concepts. Such limitations could potentially result in poor security solutions. Quite often, the organizations have to adopt their own security solutions to safeguard their resources and assets. In this thesis we will apply a systematic approach to understand how misuse case diagrams could help model organisational assets, potential system risks, and security requirements to mitigate these risks. More specifically we will align misuse case constructs with the concepts of the domain model for the information systems security risk management (ISSRM). In addition, based on such an ISSRM and language alignment we will investigate and develop rules to translate misuse case diagrams to the Secure Tropos model. The contribution of this research has several benefits. Firstly, it will potentially help understand how misuse case could deal with security risk management. Secondly, it will define method to support reasoning for the security requirements introduction and implementation in the developed system. Finally the transformation to the Secure Tropos would potentially help developers (and other system stakeholders) to understand why security solutions are important and what different stakeholder trade-offs are. We plan to validate our results where the quality model regarding its comprehensibility will be measured for the misuse case diagrams. We believe that such alignment of the misuse cases with ISSRM and misuse case diagram transformation to the goal-oriented modelling language will be beneficial to system and software developers. Firstly, it will allow understanding security concerns at the earlier stages of development. Secondly it will help to view security problems from different angles, understanding different security development perspectives

Closing the loop of SIEM analysis to Secure Critical Infrastructures

Critical Infrastructure Protection is one of the main challenges of last years. Security Information and Event Management (SIEM) systems are widely used for coping with this challenge. However, they currently present several limitations that have to be overcome. In this paper we propose an enhanced SIEM system in which we have introduced novel components to i) enable multiple layer data analysis; ii) resolve conflicts among security policies, and discover unauthorized data paths in such a way to be able to reconfigure network devices. Furthermore, the system is enriched by a Resilient Event Storage that ensures integrity and unforgeability of events stored.Comment: EDCC-2014, BIG4CIP-2014, Security Information and Event Management, Decision Support System, Hydroelectric Da

Revision of Security Risk-oriented Patterns for Distributed Systems

Turvariskide haldamine on oluline osa tarkvara arendusest. Arvestades, et enamik tänapäeva ettevõtetest sõltuvad suuresti infosüsteemidest, on turvalisusel oluline roll sujuvalt toimivate äriprotsesside tagamisel. Paljud inimesed kasutavad e-teenuseid, mida pakuvad näiteks pangad ja haigekassa. Ebapiisavatel turvameetmetel infosüsteemides võivad olla soovimatud tagajärjed nii ettevõtte mainele kui ka inimeste eludele.\n\rTarkvara turvalisusega tuleb tavaliselt tegeleda kogu tarkvara arendusperioodi ja tarkvara eluea jooksul. Uuringute andmetel tegeletakse tarkvara turvaküsimustega alles tarkvara arenduse ja hooldus etappidel. Kuna turvariskide vähendamine kaasneb tavaliselt muudatustena informatsioonisüsteemi spetsifikatsioonis, on turvaanalüüsi mõistlikum teha tarkvara väljatöötamise algusjärgus. See võimaldab varakult välistada ebasobivad lahendused. Lisaks aitab see vältida hilisemaid kulukaid muudatusi tarkvara arhitektuuris.\n\rKäesolevas töös käsitleme turvalise tarkvara arendamise probleemi, pakkudes lahendusena välja turvariskidele orienteeritud mustreid. Need mustrid aitavad leida turvariske äriprotsessides ja pakuvad välja turvariske vähendavaid lahendusi. Turvamustrid pakuvad analüütikutele vahendit turvanõuete koostamiseks äriprotsessidele. Samuti vähendavad nad riskianalüüsiks vajalikku töömahtu. Oma töös joondame me turvariskidele orienteeritud mustrid vastu hajussüsteemide turvaohtude mustreid. See võimaldab meil täiustada olemasolevaid turvariski mustreid ja võtta kasutusele täiendavaid mustreid turvariskide vähendamiseks hajussüsteemides.\n\rTurvariskidele orienteeritud mustrite kasutatavust on kontrollitud lennunduse äriprotsessides. Tulemused näitavad, et turvariskidele orienteeritud mustreid saab kasutada turvariskide vähendamiseks hajussüsteemides.Security risk management is an important part of software development. Given that majority of modern organizations rely heavily on information systems, security plays a big part in ensuring smooth operation of business processes. Many people rely on e-services offered by banks and medical establishments. Inadequate security measures in information systems could have unwanted effects on an organization’s reputation and on people’s lives. Security concerns usually need to be addressed throughout the development and lifetime of a software system. Literature reports however, that security is often considered during implementation and maintenance stages of software development. Since security risk mitigation usually results with changes to an IS’s specification, security analysis is best done at an early phase of the development process. This allows an early exclusion of inadequate system designs. Additionally, it helps prevent the need for fundamental and expensive design changes later in the development process. In this thesis, we target the secure system development problem by suggesting application of security risk-oriented patterns. These patterns help find security risk occurrences in business processes and present mitigations for these risks. They provide business analysts with means to elicit and introduce security requirements to business processes. At the same time, they reduce the efforts needed for risk analysis. We confront the security risk-oriented patterns against threat patterns for distributed systems. This allows us to refine the collection of existing patterns and introduce additional patterns to mitigate security risks in processes of distributed systems. The applicability of these security risk-oriented patterns is validated on business processes from aviation turnaround system. The validation results show that the security risk-oriented patterns can be used to mitigate security risks in distributed systems

Investigating Secure Agile Requirements Engineering Practices in Software Development

The aim of this research study was to assess Agile RE practices in the South African software development industry and investigate secure Agile RE initiatives towards developing secure products. This qualitative research study was contextualized in seventeen South African software development companies. The researchers used structured interviews and document reviews as the primary data collection instruments. Qualitative data was analyzed inductively using content analysis. Emanating from the research were recommendations to guide a regular software developer on good Agile RE practices. The study concluded that although Agile Software Development is practiced in the South African software industry, there needs to be stricter adherences to the Agile Manifesto and Agile Security Manifesto in requirements engineering

Mitigating Insider Sabotage and Espionage: A Review of the United States Air Force\u27s Current Posture

The security threat from malicious insiders affects all organizations. Mitigating this problem is quite difficult due to the fact that (1) there is no definitive profile for malicious insiders, (2) organizations have placed trust in these individuals, and (3) insiders have a vast knowledge of their organization’s personnel, security policies, and information systems. The purpose of this research is to analyze to what extent the United States Air Force (USAF) security policies address the insider threat problem. The policies are reviewed in terms of how well they align with best practices published by the Carnegie Mellon University Computer Emergency Readiness Team and additional factors this research deems important, including motivations, organizational priorities, and social networks. Based on the findings of the policy review, this research offers actionable recommendations that the USAF could implement in order to better prevent, detect, and respond to malicious insider attacks. The most important course of action is to better utilize its workforce. All personnel should be trained on observable behaviors that can be precursors to malicious activity. Additionally, supervisors need to be empowered as the first line of defense, monitoring for stress, unmet expectations, and disgruntlement. In addition, this research proposes three new best practices regarding (1) screening for prior concerning behaviors, predispositions, and technical incidents, (2) issuing sanctions for inappropriate technical acts, and (3) requiring supervisors to take a proactive role

Management of quality requirements in agile and rapid software development: A systematic mapping study

Context: Quality requirements (QRs) describe the desired quality of software, and they play an important role in the success of software projects. In agile software development (ASD), QRs are often ill-defined and not well addressed due to the focus on quickly delivering functionality. Rapid software development (RSD) approaches (e.g., continuous delivery and continuous deployment), which shorten delivery times, are more prone to neglect QRs. Despite the significance of QRs in both ASD and RSD, there is limited synthesized knowledge on their management in those approaches. Objective: This study aims to synthesize state-of-the-art knowledge about QR management in ASD and RSD, focusing on three aspects: bibliometric, strategies, and challenges. Research method: Using a systematic mapping study with a snowballing search strategy, we identified and structured the literature on QR management in ASD and RSD. Results: We found 156 primary studies: 106 are empirical studies, 16 are experience reports, and 34 are theoretical studies. Security and performance were the most commonly reported QR types. We identified various QR management strategies: 74 practices, 43 methods, 13 models, 12 frameworks, 11 advices, 10 tools, and 7 guidelines. Additionally, we identified 18 categories and 4 non-recurring challenges of managing QRs. The limited ability of ASD to handle QRs, time constraints due to short iteration cycles, limitations regarding the testing of QRs and neglect of QRs were the top categories of challenges. Conclusion: Management of QRs is significant in ASD and is becoming important in RSD. This study identified research gaps, such as the need for more tools and guidelines, lightweight QR management strategies that fit short iteration cycles, investigations of the link between QRs challenges and technical debt, and extension of empirical validation of existing strategies to a wider context. It also synthesizes QR management strategies and challenges, which may be useful for practitioners.Peer ReviewedPostprint (author's final draft