Automated extraction of security policies from natural-language software documents

Xiao, Xusheng; Paradkar, Amit; Thummalapenta, Suresh; Xie, Tao

doi:10.1145/2393596.2393608

Cited by 103 publications

(66 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Finally, the Text2Pol-icy tool attempts to extract access control policies (ACP) from natural language documents to reduce the manual effort for this tedious but important security task. Using both syntactic and semantic methods, this tool achieves accuracies ranging between 80 and 90 % for ACP sentence, rule, and action extraction [55]. The generation of models from natural language requirements has also been studied; for example, Friedrich et al [17] combined and augmented several NLP tools to generate BPMN models, resulting in an accuracy of 77 % on a data set of textmodel pairs from industry and textbooks.…”

Section: Natural Language Processing For Rementioning

confidence: 99%

Improving agile requirements: the Quality User Story framework and tool

et al. 2016

View full text Add to dashboard Cite

User stories are a widely adopted requirements notation in agile development. Yet, user stories are too often poorly written in practice and exhibit inherent quality defects. Triggered by this observation, we propose the Quality User Story (QUS) framework, a set of 13 quality criteria that user story writers should strive to conform to. Based on QUS, we present the Automatic Quality User Story Artisan (AQUSA) software tool. Relying on natural language processing (NLP) techniques, AQUSA detects quality defects and suggest possible remedies. We describe the architecture of AQUSA, its implementation, and we report on an evaluation that analyzes 1023 user stories obtained from 18 software companies. Our tool does not yet reach the ambitious 100 % recall that Daniel Berry and colleagues require NLP tools for RE to achieve. However, we obtain promising results and we identify some improvements that will substantially improve recall and precision.

show abstract

Section: Natural Language Processing For Rementioning

confidence: 99%

Improving agile requirements: the Quality User Story framework and tool

et al. 2016

View full text Add to dashboard Cite

show abstract

“…For example, Zhong et al [70] employed NLP and machine learning (ML) techniques to infer resource specifications from API documents. Xiao et al [58] used shallow parsing techniques to infer Access Control Policy (ACP) rules from natural language text in use cases. Tan et al [50] applied an NLP-and ML-based approach to test Javadoc comments against implementations.…”

Section: Text Analysis For Software Engineeringmentioning

confidence: 99%

“…However, to the best of our knowledge, none of the previous work analyzes software diagnostic messages caused by configuration errors nor evaluates their adequacy. Our ConfDiagDetector technique applies NLP techniques to a different problem domain by checking the semantic similarity between two sentences (Section 2.3.1), rather than extracting useful properties from natural language properties [19,43,44,58].…”

Section: Text Analysis For Software Engineeringmentioning

confidence: 99%

Proactive detection of inadequate diagnostic messages for software configuration errors

Zhang

Ernst

2015

Proceedings of the 2015 International Symposium on Software Testing and Analysis

View full text Add to dashboard Cite

This paper presents a technique to detect inadequate (i.e., missing or ambiguous) diagnostic messages for configuration errors issued by a configurable software system.The technique injects configuration errors into the software under test, monitors the software outcomes under the injected configuration errors, and uses natural language processing to analyze the output diagnostic message caused by each configuration error. The technique reports diagnostic messages that may be unhelpful in diagnosing a configuration error.We implemented the technique for Java in a tool, ConfDiagDetector. In an evaluation on 4 real-world, mature configurable systems, ConfDiagDetector reported 43 distinct inadequate diagnostic messages (25 missing and 18 ambiguous). 30 of the detected messages have been confirmed by their developers, and 12 more have been identified as inadequate by users in a user study. On average, ConfDiagDetector required 5 minutes of programmer time and 3 minutes of compute time to detect each inadequate diagnostic message.

show abstract

“…Past applications of NLP have sought to parse privacy policies into machine-readable representations (Brodie et al, 2006) or extract subpolicies from larger documents (Xiao et al, 2012). Machine learning has been applied to assess certain attributes of policies (Costante et al, 2012;Ammar et al, 2012;Costante et al, 2013;Zimmeck and Bellovin, 2013).…”

Section: Introductionmentioning

confidence: 99%