Proposal of an Intelligent Approach to Support Security Requirements Specification in Agile Software Development Projects

Abstract

Understanding the requirements of a software system is essential for the proper direction of a development project. Requirements engineering (RE), a sub-discipline of software engineering, defines a systematic process that includes the phases of elicitation, specification, verification, and validation. Information security should be considered from the early stages of development, but it is often addressed only during the implementation and testing phases, which increases software vulnerabilities. Requirements documentation faces significant challenges in agile development, where rapid changes are common, resulting in high costs when problems are discovered late. Techniques for specifying functional and non-functional requirements, such as user stories and misuse stories, are often informal, highlighting a gap in support tools that consider the specifics of the current software industry. The objective of this project is to build and evaluate the feasibility of a prototype tool to support the specification of security requirements in agile methods, using machine learning to analyze user stories and propose security requirements. The research will utilize action research and prototyping methods to develop and improve the prototype, aiming to facilitate the specification of security requirements and assist requirements engineers in agile environments.