Skip to main content
Springer Nature Link
Log in

RQCODE: Security Requirements Formalization with Testing

  • Conference paper
  • First Online:
Testing Software and Systems (ICTSS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14131))

Included in the following conference series:

Abstract

Secure software systems are crucial in today’s digital world, where there is an ever-increasing amount of IT systems, leading to more risks of exposing sensitive data and service outages. One of the key aspects of secure software development is ensuring that security requirements are met through the various stages of software development. The process of testing security requirements is often complex and time-consuming, notably because of the gap between the verification process of security requirements and the testing process. To address this issue and simplify the testing of security requirements, this paper proposes to use the Requirements as Code approach (RQCODE). RQCODE combines security requirements with code in a way to support automated testing and continuous verification of security requirements throughout the software development life cycle. This paper contributes to the field of software security by providing a practical and effective approach to bridge the gap between verification of security requirements and testing, ultimately leading to more secure software systems. Additionally, it discusses the benefits of this approach, such as its ability to improve the accuracy and consistency of testing, enabling the early detection of security issues, and reducing the time and effort required for security testing. It also discusses the challenges and limitations of the approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpac/77878370-0712-47cd-997d-b07053429f6d.

References

  1. Adzic, G.: Specification by Example: How Successful Teams Deliver the Right Software. Manning Publications (2011)

    Google Scholar 

  2. Regulation, General Data Protection: General data protection regulation (GDPR) - official legal text (2023). https://gdpr-info.eu. Accessed 11 July 2023

  3. PCI Security Standards Council: Official PCI security standards (2023). https://www.pcisecuritystandards.org/. Accessed 15 May 2023

  4. DoD Cyber Exchange: Security technical implementation guides (STIGs) - DoD cyber exchange (2023). https://public.cyber.mil/stigs/. Accessed 5 July 2023

  5. Franke, U., Brynielsson, J.: Cyber situational awareness - a systematic review of the literature. Comput. Secur. 46, 18–31 (2014). https://doi.org/10.1016/j.cose.2014.06.008. https://www.sciencedirect.com/science/article/pii/S0167404814001011

  6. Frontiers: ISO/IEC 27034-1:2011 (2023). https://www.iso.org/standard/44378.html. Accessed 20 Apr 2023

  7. Frontiers: Windows 10 Security Technical Implementation Guide - DoD cyber exchange (2023). https://www.stigviewer.com. Accessed 23 MAy 2023

  8. Gross, D., Yu, E.: From non-functional requirements to design through patterns. Requirements Eng. 6(1), 18–36 (2001)

    Article  MATH  Google Scholar 

  9. Ismaeel, K., Naumchev, A., Sadovykh, A., Truscan, D., Enoiu, E.P., Seceleanu, C.: Security requirements as code: Example from VeriDevOps project. In: 2021 IEEE 29th International Requirements Engineering Conference Workshops (REW), pp. 357–363. IEEE (2021)

    Google Scholar 

  10. Jürjens, J.: Secure Systems Development with UML. Springer, Berlin (2005). https://doi.org/10.1007/b137706

    Book  MATH  Google Scholar 

  11. Mead, N.R., Stehney, T.: Security quality requirements engineering (SQUARE) methodology. ACM SIGSOFT Softw. Eng. Not. 30, 1–7 (2005)

    Article  Google Scholar 

  12. Mellado, D., Blanco, C., Sánchez, L.E., Fernández-Medina, E.: A systematic review of security requirements engineering. Comput. Stand. Interfaces 32(4), 286–295 (2010)

    Article  Google Scholar 

  13. Mukherjee, S., Roy, S., Bose, R.: Defining an appropriate trade-off to overcome the challenges and limitations in software security testing. J. Xidian Univ. 14(2), 1471–1479 (2020)

    Google Scholar 

  14. Naumchev, A.: Seamless object-oriented requirements. In: 2019 International Multi-Conference on Engineering, Computer and Information Sciences (SIBIRCON), pp. 0743–0748. IEEE (2019)

    Google Scholar 

  15. Nigmatullin, I., Sadovykh, A., Messe, N., Ebersold, S., Bruel, J.M.: RQCODE-towards object-oriented requirements in the software security domain. In: 2022 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW), pp. 2–6. IEEE (2022)

    Google Scholar 

  16. Pressman, R.S.: Software Engineering: A Practitioner’s Approach, European edn. McGraw-Hill (1994). Adapted by Darrel Ince

    Google Scholar 

  17. Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10(1) (2005). https://doi.org/10.1007/s00766-004-0194-4

  18. Smart, J.: BDD in Action: behavior-driven development for the whole software lifecycle. Manning (2014)

    Google Scholar 

  19. Software: Behaviour-driven development - Cucumber documentation (2023). https://cucumber.io/docs/bdd/. Accessed 1 May 2023

  20. Team: Secure product design - OWASP cheat sheet series (2023). https://cheatsheetseries.owasp.org/. Accessed 2 July 2023

  21. Tian-yang, G., Yin-Sheng, S., You-yuan, F.: Research on software security testing. In. J. Comput. Inf. Eng. 4(9), 1446–1450 (2010)

    Google Scholar 

  22. Tooke, S.: The Cucumber Book: Behaviour-Driven Development for Testers and Developers. The Pragmatic Bookshelf (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Toulouse - IRIT - CNRS, Toulouse, France

    Ildar Nigmatullin, Sophie Ebersold & Nan Messe

  2. Softeam, Paris, France

    Andrey Sadovykh

Authors
  1. Ildar Nigmatullin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrey Sadovykh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sophie Ebersold
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nan Messe
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ildar Nigmatullin .

Editor information

Editors and Affiliations

  1. University of Bergamo, Dalmine, Italy

    Silvia Bonfanti

  2. University of Bergamo, Dalmine, Italy

    Angelo Gargantini

  3. Salvaneschi & Partners, Bergamo, Italy

    Paolo Salvaneschi

Rights and permissions

Reprints and permissions

Copyright information

© 2023 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nigmatullin, I., Sadovykh, A., Ebersold, S., Messe, N. (2023). RQCODE: Security Requirements Formalization with Testing. In: Bonfanti, S., Gargantini, A., Salvaneschi, P. (eds) Testing Software and Systems. ICTSS 2023. Lecture Notes in Computer Science, vol 14131. Springer, Cham. https://doi.org/10.1007/978-3-031-43240-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-43240-8_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-43239-2

  • Online ISBN: 978-3-031-43240-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation