Fuzzy description of security requirements for intrusion tolerant web-services
Performing security analysis in the early stages of web-services development is a major engineering trend. However, it is not always possible to entirely identify and mitigate the security threats within the web-service. This may eventually lead to security failure of the service. To avoid secu...
| Main Authors: | , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
The Society of Digital Information and Wireless Communications (SDIWC)
2013
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/41333/1/41333.pdf |
| Summary: | Performing security analysis in the early stages of
web-services development is a major engineering
trend. However, it is not always possible to entirely
identify and mitigate the security threats within the
web-service. This may eventually lead to security
failure of the service. To avoid security failure, the
web-service must tolerate the possible intrusions.
Intrusion tolerance must be incorporated in the security requirements of the service. In this paper, we propose a new technique toward description of security requirements of Intrusion Tolerant Services (ITS) using fuzzy logic. We care for intrusion tolerance in to the security requirements of the web service through considering partial satisfaction of security goals. This partiality is addressed through establishment of a Goal-Based Fuzzy Grammar (GFG) for describing Security Requirement Model (SRM) of the ITS. |
|---|