"Researchers Develop Automated Approach to Extract Security Policies From Software"

A team of researchers at the University of Texas at San Antonio (UTSA) is delving into the prevention of software security vulnerabilities through a new automated approach. They sought to develop a deep learning model capable of teaching software how to extract security policies automatically. The researchers studied different Machine Learning (ML) approaches before settling on a deep learning approach, which can handle several formats of user stories. The model involves access control classifications, access type classifications, and named entity recognition to perform the prediction. Access control classification helps the software determine if user stories consist of access control information, while named entity recognition picks up on the actors and data objects in the story. The access type classification identifies the relationship between the two. The team tested their approach on a dataset of 21 web applications, each of which contained 50 to 130 user stories. Using the dataset of 1,600 user stories, they developed a learning model based on transformers, a powerful ML method. They successfully extracted security policies and visualized the results, which could help stakeholders better refine user stories as well as maintain an overview of the system's access control. The researchers say their approach will be a valuable tool in the modern agile software development life cycle. This article continues to discuss the automated approach developed by the UTSA team to extract security policies from software. 

UTSA reports "Researchers Develop Automated Approach to Extract Security Policies From Software"