<p>As the complexity of software increases, it is increasingly difficult to ensure that the security requirements are fully met. Manual evaluation is still common, but slow, prone to errors, and often fails to align with international standards. The primary focus of the study is on three key Common Criteria (CC) classes, FIA, FTP, and FCO, and introduces automated methods to evaluate the completeness of requirements using neural networks and attention mechanisms. The models were trained on two standard-aligned datasets, SecReq (CPN) and IoT-A. Among the trained models, BERT achieved the highest accuracy (96% in IoT-A and 85% in SecReq). The results show that transformer-based models effectively automate and improve the accuracy and scaling of security requirement assessments and offer a promising step towards more standards-based and intelligent security technology.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Standard-compliant security requirement assessment with attention-based models

  • Aftab Alam Janisar,
  • Khairul Shafee bin Kalid,
  • Aliza Bt Sarlan,
  • Abdul Rehman Gilal,
  • Ayman Meidan,
  • Shariq Hussain,
  • Yusuf Aliyu

摘要

As the complexity of software increases, it is increasingly difficult to ensure that the security requirements are fully met. Manual evaluation is still common, but slow, prone to errors, and often fails to align with international standards. The primary focus of the study is on three key Common Criteria (CC) classes, FIA, FTP, and FCO, and introduces automated methods to evaluate the completeness of requirements using neural networks and attention mechanisms. The models were trained on two standard-aligned datasets, SecReq (CPN) and IoT-A. Among the trained models, BERT achieved the highest accuracy (96% in IoT-A and 85% in SecReq). The results show that transformer-based models effectively automate and improve the accuracy and scaling of security requirement assessments and offer a promising step towards more standards-based and intelligent security technology.