| Since security is recommended to be evaluated at the beginning of the software development process,specifying software security requirements(SR)is important in developing Critical Information Security Systems.However,security requirements are determined for each software by experts based on Common Criteria(CC).Therefore,the experts are required to have profound knowledge and experience in security,which all increase the difficulty and complexity of obtaining security requirements.In this paper,a data-driven Functionality Topic-Security Requirement(FT-SR)model is proposed to recommend software security requirements,which provide a method for obtaining security requirements in requirement analysis phase of software development.This work bases on software Security Targets(ST)which are provided by Common Criteria's official website.First,the descriptions of product functionality are extracted and security requirements are tagged from software security target documents.And,a topic model is used to cluster products functional description into different functionality topics.Meanwhile,a FT-SR model is developed based on the mapping between product functionality and security requirements.Finally,according to FT-SR model,a recommendation strategy combing collaborative filtering is proposed to recommend security requirements for software products.Experiments are performed on ST documents of over 2000 software products certified by Competent and Independent Licensed Laboratories.Experimental results show that the proposed approach can generate a set of recommended security requirements.The recommending framework basing on data provides a new direction for recommending security requirements in this paper.This method reduces the difficulty in determining security requirements and improves the efficiency of security requirements generating even for people lack knowledge of security. |
PDF Full Text Request