Computer Science Seminar by Viktoria Koscinski: Identifying Underspecifications in Security Requirements Using a Formal Reasoning Approach
Speaker: Ph.D. candidate, Rochester Institute of Technology
Title: Identifying Underspecifications in Security Requirements Using a Formal Reasoning Approach
Abstract: Within requirements engineering, software requirements specifications tend to focus on the functional needs of stakeholders, resulting in potentially failing to capture adequate security requirements. Furthermore, security requirements engineering is a manual and error-prone activity that is often neglected due to the knowledge gap between cybersecurity professionals and software requirements engineers, resulting in underspecified security requirements that may contain wrong assumptions and missing security properties. This talk introduces my research in applying natural language processing (NLP) and machine learning (ML) techniques to formally model software systems based on requirements specifications and analyze their security using automated formal reasoning tools. By leveraging a combination of techniques, such as traditional NLP and ML, large language models, as well as formal modeling and analysis tools, my research aims to bridge the gap between software engineering and cybersecurity by automatically detecting security-related requirements underspecifications. This talk will reflect upon the potentials of this research to improve the security of systems during the early design stage, as well highlight future directions and a view for additional applications of using these ML and formal reasoning techniques within software engineering.
Bio: Viktoria Koscinski is a Computing and Sciences PhD candidate at the Rochester Institute of Technology in Rochester, NY. She earned her bachelor’s and master’s degrees in Computer and Information Science from the State University of New York Polytechnic Institute in Utica, NY. Her research focuses on applying natural language processing and artificial intelligence/machine learning techniques to software engineering processes in order to improve software security at the early design stages. Her work has been published in top-tier software engineering (SE) conferences, such as ICSE and RE. Viktoria has been involved with various collaboration and outreach efforts, such as completing two research internships with the Griffiss Institute, a nonprofit talent and technology accelerator for the US DoD, as well being invited as a guest speaker for the Society of Hispanic Professional Engineers 2024 Cybersecurity Awareness Month edition of #SHPEReads: GRADS Edition research seminar. Her mentorship and teaching experiences include being a team lead for eight undergraduate researchers involved in a research and development project related to vulnerability management as well as teaching graduate-level SE courses as an instructor of record since 2023.