This part of the book explores the recent state-of-the-art updates in taxonomies, and NLP methods applied to Security Requirements Engineering. We delve into the latest advancements and their practical implications in managing security requirements. Moreover, illustrative examples are provided to demonstrate how the methods can be effectively integrated to streamline the security requirement engineering process.

This part focuses on preventing vulnerabilities during the software development process, by providing first a survey of existing methods for vulnerability detection and response, followed by two novel approaches for security test generation and vulnerability identification in the source code, suitable for industrial systems. The three chapters included in this part are briefly summarized in the following

rotection at operation involves implementing various techniques to enhance security and mitigate risks in real-time environments. Intrusion detection and anomaly detection are crucial components of protection at operations, aimed at identifying unauthorized or abnormal activities that may indicate security threats. These detections mechanisms utilize techniques such as complex event processing, which involves analyzing and correlating events in real-time to identify patterns and detect potential threats. Additionally, the concept of explainability plays a vital role in protection at operation by providing insights into the decision-making process of detection algorithms, helping security professionals understand and interpret the results. The combination of intrusion detection, anomaly detection, complex event processing, and explainability contributes to a comprehensive approach to ensure robust protection in operational environments.

Slide of the presentation Pdf, 490.4 kB, opens in new window.

Slides of this presentation Pdf, 1.9 MB.

Sylvain Hallé, Ph.D. is a Full Professor in the Department of Computer Science and Mathematics at Université du Québec à Chicoutimi, Canada, since 2010, and is the current holder of the Canada Research Chair on Software Specification, Testing and Verification. Both an ACM and IEEE senior member, Pr. Hallé has won multiple awards in international conferences for his research on software testing and formal methods. The team he leads at Laboratoire d'informatique formelle has produced a number of free software tools that directly apply the results of his research. In addition to the BeepBeep event stream processing engine, let us mention Cornipickle, an automated testing tool for web interfaces, and LabPal, an environment for streamlining the execution of computer experiments and their inclusion within research papers.

Ramon Barakat graduated with a master’s degree in Computer Science from the Technical University of Berlin. He works at the Fraunhofer Institute for Open Communication Systems (FOKUS) where he participates in several industrial and research projects in the field of Software Quality Assurance, Model-based and Security Testing. He is currently working in various research projects on the topics of security and penetration testing and deals mainly with the topics Dynamic and Interactive Application Security Testing (IAST) with a special focus on Fuzzing.

Dr. Sadovykh is an innovation consultant and a research project manager in Softeam and an Assistant Professor at Innopolis University. He coordinated SOFTEAM’s research activities of the company covering fields such as model-driven development (MDD) and model-based system engineering (MBSE), Business Process Automation (BPA), Cloud and Big Data in application areas such as eGovernment, eHealth, Space and Agro sectors.