RQCODE: Security Requirements Formalization with Testing

Abstract

Secure software systems are crucial in today’s digital world, where there is an ever-increasing amount of IT systems, leading to more risks of exposing sensitive data and service outages. One of the key aspects of secure software development is ensuring that security requirements are met through the various stages of software development. The process of testing security requirements is often complex and time-consuming, notably because of the gap between the verification process of security requirements and the testing process. To address this issue and simplify the testing of security requirements, this paper proposes to use the Requirements as Code approach (RQCODE). RQCODE combines security requirements with code in a way to support automated testing and continuous verification of security requirements throughout the software development life cycle. This paper contributes to the field of software security by providing a practical and effective approach to bridge the gap between verification of security requirements and testing, ultimately leading to more secure software systems. Additionally, it discusses the benefits of this approach, such as its ability to improve the accuracy and consistency of testing, enabling the early detection of security issues, and reducing the time and effort required for security testing. It also discusses the challenges and limitations of the approach.