TUHH Open Research
Help
  • Log In
    New user? Click here to register.Have you forgotten your password?
  • English
  • Deutsch
  • Communities & Collections
  • Publications
  • Research Data
  • People
  • Institutions
  • Projects
  • Statistics
  1. Home
  2. TUHH
  3. Publication References
  4. Identifying security-related requirements in regulatory documents based on cross-project classification
 
Options

Identifying security-related requirements in regulatory documents based on cross-project classification

Publikationstyp
Conference Paper
Date Issued
2022-11
Sprache
English
Author(s)
Mohamad, Mazen  
Steghöfer, Jan-Philipp  
Åström, Alexander  
Scandariato, Riccardo  
Institut
Software Security E-22  
TORE-URI
http://hdl.handle.net/11420/14324
Start Page
82
End Page
91
Citation
18th ACM International Conference on Predictive Models and Data Analytics in Software Engineering (PROMISE 2022)
Contribution to Conference
18th ACM International Conference on Predictive Models and Data Analytics in Software Engineering, PROMISE 2022  
Publisher DOI
10.1145/3558489.3559074
Scopus ID
2-s2.0-85143201827
Security is getting substantial focus in many industries, especially safety-critical ones. When new regulations and standards which can run to hundreds of pages are introduced, it is necessary to identify the requirements in those documents which have an impact on security. Additionally, it is necessary to revisit the requirements of existing systems and identify the security related ones. We investigate the feasibility of using a classifier for security-related requirements trained on requirement specifications available online. We base our investigation on 15 requirement documents, randomly selected and partially pre-labelled, with a total of 3,880 requirements. To validate the model, we run a cross-project prediction on the data where each specification constitutes a group. We also test the model on three different United Nations (UN) regulations from the automotive domain with different magnitudes of security relevance. Our results indicate the feasibility of training a model from a heterogeneous data set including specifications from multiple domains and in different styles. Additionally, we show the ability of such a classifier to identify security requirements in real-life regulations and discuss scenarios in which such a classification becomes useful to practitioners.
Subjects
Automated Requirements Engineering
Machine Learning
Requirements Classification
Security Requirements
TUHH
Weiterführende Links
  • Contact
  • Send Feedback
  • Cookie settings
  • Privacy policy
  • Impress
DSpace Software

Built with DSpace-CRIS software - Extension maintained and optimized by 4Science
Design by effective webwork GmbH

  • Deutsche NationalbibliothekDeutsche Nationalbibliothek
  • ORCiD Member OrganizationORCiD Member Organization
  • DataCiteDataCite
  • Re3DataRe3Data
  • OpenDOAROpenDOAR
  • OpenAireOpenAire
  • BASE Bielefeld Academic Search EngineBASE Bielefeld Academic Search Engine
Feedback