Computer systems that learn: classification and prediction methods from statistics, neural nets, machine learning, and expert systems
Artificial intelligence: a modern approach
Artificial intelligence: a modern approach
A framework for dealing with and specifying security requirements in information systems
Information systems security
Experimentation in software engineering: an introduction
Experimentation in software engineering: an introduction
Modern Information Retrieval
Managing Information Security Risks: The Octave Approach
Managing Information Security Risks: The Octave Approach
Dealing with Security Requirements During the Development of Information Systems
CAiSE '93 Proceedings of Advanced Information Systems Engineering
Introducing Abuse Frames for Analysing Security Requirements
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Evaluating machine learning for information extraction
ICML '05 Proceedings of the 22nd international conference on Machine learning
Identifying Nocuous Ambiguities in Natural Language Requirements
RE '06 Proceedings of the 14th IEEE International Requirements Engineering Conference
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
Applying Formal Methods to a Certifiably Secure Software System
IEEE Transactions on Software Engineering
Automating the Extraction of Rights and Obligations for Regulatory Compliance
ER '08 Proceedings of the 27th International Conference on Conceptual Modeling
Beyond Documents: Visualizing Informal Communication
REV '08 Proceedings of the 2008 Requirements Engineering Visualization
Feedback-driven requirements engineering: The Heuristic Requirements Assistant
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
Secure Systems Development with UML
Secure Systems Development with UML
REFSQ'13 Proceedings of the 19th international conference on Requirements Engineering: Foundation for Software Quality
| Hi-index | 0.00 |
Context & motivation: More and more software projects today are security-related in one way or the other. Many environments are initially not considered security-related and no security experts are assigned. Requirements engineers often fail to recognise indicators for security problems. Question/problem: Ignoring security issues early in a project is a major source of recurring security problems in practice. Identifying security-relevant requirements is labourintensive and error-prone. Security may be neglected in order to finish on time and in budget. Principal ideas/results: In this paper, we address this problem by presenting a tool-supported method that provides assistance for requirements engineering, with an emphasis on security requirements. We investigate whether security-relevant requirements can be automatically identified using a Bayesian classifier. Our results indicate that this is feasible, in particular if the classifier is trained with domain specific data and documents from previous projects. Contribution: We show how the ability to identify security-relevant requirements can be integrated in a workflow of requirements analysis and reuse of experience. In practice, this can increase security awareness within the software development process. We discuss limitations and potential of this approach.