Toward Detection of Abnormal Behaviors in Timing and Security Requirements Danielle Gaither, Hyunsook Do, and Barrett R. Bryant Department of Computer Science and Engineering University of North Texas Denton, Texas USA {dcg0063, hyunsook.do, barrett.bryant}@unt.edu Abstract—Finding software system defects during the re- quirements analysis phase can yield significant savings of time and effort when compared to finding the same defects during development or testing phases. The requirements engineering field has helped bring about significant advances in the early detection of system defects. However, a relatively small amount of research has been done regarding the detection of abnormal system behaviors. This is especially true for non-functional requirements (NFRs), which include areas such as timing and security requirements. Our work proposes the beginnings of a domain-specific modeling language for requirements analysis, with a particular emphasis on detecting abnormal system behav- iors. We also demonstrate a preliminary version of our approach on a real-time embedded system. I. I NTRODUCTION Automation has become an increasingly important part of people’s lives in recent years. While innovations from the Internet of Things (IoT) have the potential to improve the quality of life for many people, it is also important to have assurances that such systems are safe and secure. Unfortunately, security around such devices is often lax. For example, in October of 2016, malware-infected IoT de- vices, including cameras and DVRs, were used maliciously to initiate distributed denial of service (DDoS) attacks [1] that interrupted service to many popular websites, including Github, Twitter, and PayPal [2]. An attack on one particular website generated 665 Gbps of traffic, which is one of the largest DDoS attacks ever recorded [1]. It was later discovered that the malware’s mechanism for taking control of a device was simply attempting to login by going through a list of commonly-used default usernames and passwords, which was sufficient to gain control of approximately 100,000 devices [3]. Many software defects can be traced to incorrectly spec- ified requirements and such defects can result in unreliable software systems [4]. While it is not possible to detect every possible situation a system might encounter, well-specified requirements can reduce the risk of abnormal behaviors from a system [5]. To date, some researchers have proposed various approaches to detecting abnormal behaviors during the requirements analysis phase, but most attempts have focused on purely functional requirements [6], [7], and few researchers have considered non-functional requirements analysis, especially as a primary topic [8], [9]. However, non-functional requirements (NFRs) such as timing and security are important in part because they are the source of many quality-of-service (QoS) concerns, which in turn, are key to many service level agree- ments (SLAs). If such requirements are not met, a service provider could be put at significant financial or even legal risk for noncompliance with a contract. Further, for mission- critical systems, such as cars and aircrafts, NFRs are the most important and major concern, because if they do not function correctly as expected, the consequences could result in a safety or security hazard. The primary goal of our work is to improve the capabilities of requirements analysis methods for detecting abnormal be- haviors during the requirements analysis process, particularly with regard to NFRs such as timing and security requirements. To achieve this, we have devised an approach to modeling and analyzing timing and security requirements. Our approach creates a statechart model of the system from the requirements, which is grounded in an established formal semantics. The model is then simulated to detect any potential abnormal behaviors. If desired, the model can then be used to generate code. To investigate the feasibility of our proposed approach, we have performed a case study on a real-world requirements document. The results indicate that our approach is capable of finding errors related to timing and security in a set of re- quirements. The approach can also help us recognize instances where requirements are not sufficiently well-defined. Because our approach provided promising results, we plan to improve and expand our approach to support for requirements modeling and abnormal behavior detection in existing requirements analysis tools as well as performing additional case studies and controlled experiments considering various types of embedded systems. The rest of this paper is organized as follows. We provide relevant background information in Section II and outline our proposed approach in Section III. We then discuss completed and future work in Section IV through a feasibility study that uses a requirements document for an infusion pump. We offer conclusions and suggestions for future work in Section VI. 2017 24th Asia-Pacific Software Engineering Conference 978-1-5386-3681-7/17 $31.00 © 2017 IEEE DOI 10.1109/APSEC.2017.90 707 2017 24th Asia-Pacific Software Engineering Conference 978-1-5386-3681-7/17 $31.00 © 2017 IEEE DOI 10.1109/APSEC.2017.90 707 2017 24th Asia-Pacific Software Engineering Conference 978-1-5386-3681-7/17 $31.00 © 2017 IEEE DOI 10.1109/APSEC.2017.90 707