Research On Requirement Weakness Detection Based On Formal SOFL Language

The software lifecycle(SLC)is a complete cycle of software from its creation to its demise.This lifecycle is considered to be an extremely error-prone process,in which any one of the phases can produce errors that cause software or system failures,resulting in huge losses in human and financial resources.Most of the current research on software vulnerabilities choose to start from the later stages of the software life cycle,i.e.,code inspection or vulnerability detection after the software coding is completed,which is more of a reference and reference for future software development and cannot prevent the occurrence of current errors.A large amount of survey data shows that the requirement analysis phase is the source of introducing vulnerabilities and inducing software failures,and at the same time,it is cheaper to identify and fix vulnerabilities at that stage.Therefore,this paper is dedicated to the prevention of software vulnerabilities starting from the requirements analysis phase.The main subject of this research is the requirements document,the final result of the requirements analysis phase.The goal of this research is to identify the potential weakness of the functional requirements through the analysis of the functional requirements in the requirements document,and to achieve the prevention of software weakness in the requirements analysis phase.This research objective faces two major problems: first,because the requirements document is described by a non-formal natural language,the reader’s understanding of them is not immune to the biases caused by the inherent duality of natural language;second,the traditional method of reviewing the requirements document relies heavily on expert experience,which is time-consuming,laborious,and inefficient and inaccurate,especially when dealing with the security problems of large and complex systems.This paper presents a proposal to address these two problems.To address these two problems,this paper proposes a formal approach to detect weakness in the requirements phase.First,a formal approach is used to standardize the requirements document described in natural language and establish a formal requirement specification,which eliminates the duality of natural language.After that,the vulnerability code examples provided by the Common Weakness Enumeration(CWE)are used as data support,and the same normalization process is performed on the weakness examples described by the code to establish a normalized weakness library to realize the unification of requirements and weakness formats.And then,referring to the code vulnerability detection method based on deep learning theory,a classification neural network model is built on the normalized weakness database to automatically learn the weakness patterns.Through data training and data validation,this formal requirement-stage weakness detection method proposed in this paper can predict and identify the weaknesses contained in the formal requirement specification and give the prediction of possible weakness introduced with for each specific functional requirement.Compared with existing software security research work,this paper achieves the identification and prevention of weaknesses and exploits earlier in the software development process,gives risk warnings to system developers in the system design and coding phases beforehand,and reduces the probability of software failures and repair costs.