JANUARY 31, 2022 — A team of UTSA researchers is exploring how a new automated approach could prevent software security vulnerabilities.
The team — made up of Ram Krishnan, associate professor in the UTSA Department of Electrical and Computer Engineering; Yufei Huang, professor in Electrical and Computer Engineering; Jianwei Niu, professor in Computer Science; Ravi Sandhu, professor and Lutcher Brown Distinguished Chair in Cyber Security; and John Heaps, a postdoctoral researcher in the UTSA Institute for Cyber Security — sought to develop a deep learning model that could teach software how to extract security policies automatically.
Unlike traditional software models, the agile software development process is meant to produce software at a faster pace, eliminating the need to spend time on comprehensive documents and changing software requirements. User stories, the specifications that define the software’s requirements, are the only required documentation. However, the practices innate to this process, such as constant changes in code, limit the ability to conduct security assurance reviews.
“The basic idea of addressing this disconnect between security policies and agile software development came from happenstance conversation with software leaders in the industry,” Krishnan said. “We were able to assemble a team of faculty and students with expertise in cybersecurity, software engineering and machine learning to start investigating this problem and develop a practical solution.”
The researchers looked at different machine learning approaches before settling on a deep learning approach, which can handle several formats of user stories. The model consists of three pieces to perform the prediction: access control classifications, named entity recognition and access type classification. Access control classification helps the software decide if user stories contain access control information. Named entity identifies the actors and data objects in the story. The access type classification determines the relationship between the two.
The team took a data set of 21 web applications, each consisting of 50-130 user stories or 1,600 total, to test their approach.
“With a dataset of 1,600 user stories, we developed a learning model based on transformers, a powerful machine learning technique,” Krishnan said. “We were able to extract security policies with good accuracy and visualize the results to help stakeholders better refine user stories and maintain an overview of the system’s access control.”
This innovative new approach will serve as a valuable tool in the modern agile software development life cycle, Krishnan said.
“Since agile software development focuses on incremental changes to code, a manual process of extracting security policies would be error-prone and burdensome,” he added. “This is yet another area where machine learning/artificial intelligence shows to be a powerful approach.”
Krishnan said the team still has several directions they would like to take the project.
“We recognize that there is little additional information about access control that can be extracted or determined directly from user stories in a fully automated approach,” Krishnan said. “That means it is difficult, or impossible, to determine a software’s exact access control from user stories without human involvement. We plan to extend our approach to make it interactive with stakeholders so that they can help refine the access control information.”
For more than 20 years, UTSA has been growing its capacities and expanding its expertise in cyber, cloud, computing and analytics. Today, the university is home to the nation’s leading academic program in cybersecurity, where more than 70 researchers specialize in a variety of disciplines spanning computer science, computer engineering, and information assurance and security.
UTSA is the only Hispanic Serving Institution with three National Center of Excellence designations from the National Security Agency and U.S. Department of Homeland Security and, in December, was designated a Carnegie R1 research institution.
UTSA Today is produced by University Communications and Marketing, the official news source of The University of Texas at San Antonio. Send your feedback to firstname.lastname@example.org. Keep up-to-date on UTSA news by visiting UTSA Today. Connect with UTSA online at Facebook, Twitter, Youtube and Instagram.
San Antonio’s treasured Asian Festival returns on Saturday, May 27, 2023, at The University of Texas at San Antonio (UTSA) Downtown Campus. In observance of Asian American and Pacific Islander (AAPI) Heritage Month the one-day performance, entertainment, and food event will celebrate the diverse Asian diaspora represented in South Texas and San Antonio. Come and enjoy one of San Antonio’s premier family-friendly events, with hands-on activities and opportunities to learn through experience.UTSA Downtown Campus
The Texas Coalition for Heritage Spanish (TeCHS) seeks to provide a cooperative platform to support the success of Spanish heritage language speakers and their communities in Texas, assisting and promoting bicultural and bilingual development in the state.River Walk Room (DBB 1.124,) Durango Building, Downtown Campus
Dr. Michael Doyle has had an immense impact on the field of catalysis and organic chemistry. Join in a one-day symposium. In order to honor Dr. Doyle’s colossal career accomplishments with his upcoming retirement, we are holding a one day symposium eventRiklin Auditorium (FS 1.406,) Frio Street Building, Downtown Campus
The NHERI Summer Institute is a free event for early-career faculty, NHERI Graduate Student Council, K-12 educators from the San Antonio area, engineers, and researchers to learn more about the Natural Hazards Engineering Research Infrastructure (NHERI) community.La Villita Room (DBB 1.116,) Durango Building, Main Campus
Building the Dual Language Leader Symposium will provide a safe space for current and aspiring leaders to learn best practices, theories, policies, and systems that support a dual language bilingual education.UTSA Southwest Campus, 300 Augusta St.
Streaming of Spray the Word that will conclude with a discussion with San Antonio's Poet Laureate, Andrea "Vocab" Sanderson.Aula Canaria (BVB 1.328,) Buena Vista Street Building, Downtown Campus
Celebrate Hispanic Heritage Month at our very own street fair - Calle UTSA. We will have activities, performances, food, music, and pinatas to break open! All free to UTSA students, faculty, and staff.Student Union Paseo, Main Campus
The University of Texas at San Antonio is dedicated to the advancement of knowledge through research and discovery, teaching and learning, community engagement and public service. As an institution of access and excellence, UTSA embraces multicultural traditions and serves as a center for intellectual and creative resources as well as a catalyst for socioeconomic development and the commercialization of intellectual property - for Texas, the nation and the world.
To be a premier public research university, providing access to educational excellence and preparing citizen leaders for the global environment.
We encourage an environment of dialogue and discovery, where integrity, excellence, inclusiveness, respect, collaboration and innovation are fostered.
UTSA is a proud Hispanic Serving Institution (HSI) as designated by the U.S. Department of Education.
The University of Texas at San Antonio, a Hispanic Serving Institution situated in a global city that has been a crossroads of peoples and cultures for centuries, values diversity and inclusion in all aspects of university life. As an institution expressly founded to advance the education of Mexican Americans and other underserved communities, our university is committed to ending generations of discrimination and inequity. UTSA, a premier public research university, fosters academic excellence through a community of dialogue, discovery and innovation that embraces the uniqueness of each voice.