Software Security Risk Analysis Using Fuzzy Expert System

Table of contents

Software Level of Security Risk Analysis Using Fuzzy

ABSTRACT

There is wide concern on the security of software systems because many organizations depend largely on them for their day-to-day operations. Since we have not seen a software system that is completely secure, there is need to analyze and determine the security risk of emerging software systems.

This work presents a technique for analyzing software security using fuzzy expert system. The inputs to the system are suitable fuzzy sets representing linguistic values for software security goals of confidentiality, integrity and availability. The expert rules were constructed using the Mamdani fuzzy reasoning in order to adequately analyze the inputs. The defuzzication technique was done using Centroid technique. The implementation of the design is done using MATLAB fuzzy logic tool because of its ability to implement fuzzy based systems.

Get your 100% original paper on any topic done
in as little as 4 hours

Write My Essay

Using newly develop software products from three software development organizations as test cases, the results show a system that can be used to effectively analyze software security risk.

ANALYSIS AND DESIGN

The design is basically divided into four stages:

1) DESIGN OF THE LINGUISTIC VARIABLES

The inputs to the system are the values assumed for the software security goal thru confidentiality, integrity and availability. The goals are assumed to be the same weight and a particular valued is determined for each of them based on questions that are answered about the specific software.

Also the values determined for each of the input are defined as a fuzzy number instead of crisp numbers by using suitable fuzzy sets. Designing the fuzzy system requires that the different inputs (that is, confidentiality, integrity, and availability) are represented by fuzzy sets. The fuzzy sets are in turn represented by a membership function.

2) THE FUZZY SETS

The level of confidentiality is defined based on the scales of not confidential, slightly confidential, very confidential and extremely confidential. The level of integrity is also defined based on the scales very low, low, high, very high, and extra high. Also, the level of availability is also defined by the scales very low, low, high, very high and extra high. The levels defined above are based on a range definition with an assumed interval of [0 -10].

The fuzzy sets above are represented by membership functions. The corresponding membership functions for confidentiality, integrity and availability are presented in figures below [pic] The level of security risk is defined based on the scales: not secure, slightly secure, secure, very secure, and extremely secure within the range of [0- 30].

3) THE RULES OF THE FUZZY SYSTEM

Once the input and output fuzzy sets and membership functions are constructed, the rules are then formulated. The rules are formulated based on the input parameters (confidentiality, integrity, and availability) and the output i. e. level of security risk.

The levels of confidentiality, integrity, and availability are used in the antecedent of rules and the level of security risk as the consequent of rules. A fuzzy rule is conditional statement in the form: IF x is A THEN y is B. Where x and y are linguistic variables; and A and B are linguistic values determined by fuzzy sets on universe of discourses X and Y, respectively. Both the antecedent and consequent of a fuzzy rule can have multiple parts. All parts of the antecedent are calculated simultaneously and resolved in a single number and the antecedent affects all parts of the consequent equally.

Some of the rules used in the design of this fuzzy Systems are as follow:

If (Confidentiality is Not Confidential) and (Integrity is Very Low) and (Availability is Very Low) then (Security Risk is Not Secure).
If (Confidentiality is Not Confidential) and (Integrity is Very Low) and (Availability is Low) then (Security Risk is Slightly Secure).
If (Confidentiality is Extremely Confidential) and (Integrity is Extra High) and (Availability is High) then (Security Risk is Slightly Secure).
If (Confidentiality is Not Confidential) and (Integrity is Very Low) and (Availability is high) then (Security Risk is Extremely Secure).

The rules above were formulated using the Mamdani max-min fuzzy reasoning.

DEVELOPMENT AND IMPLEMENTATION

The linguistic variables were determined with the extent of the positive and negative responses to a well constructed security questions that are presented in form of on-line questionnaire. As it was mentioned earlier, MATLAB was used for the implementation. The linguistic inputs to the system are supplied through the graphical user interface called rule viewer.

Once the rule viewer has been opened, the input variables are supplied in the text box captioned input with each of them separated with a space.

a) THE FIS EDITOR

The fuzzy inference system editor shows a summary of the fuzzy inference system. It shows the mapping of the inputs to the system type and to the output. The names of the input variables and the processing methods for the FIS can be changed through the FIS editor.

b) THE MEMBERSHIP FUNCTION EDITOR

This can be opened from the command window by using the plotmf function but more easily through the GUI.

The membership function editor shows a plot of highlighted input or output variable along their possible ranges and against the probability of occurrence. The name and the range of a membership value can be changed, so also the range of the particular variable itself through the membership function editor.

c) THE RULE EDITOR

The rule editor can be used to add, delete or change a rule. It is also used to change the connection type and the weight of a rule.

d) THE RULE VIEWER

The text box captioned input is used to supply the three input variables needed in the system. The appropriate input corresponds to the number of YES answer in the questionnaire for each of the input variables. For example, all the input variables are 5 and the corresponding output is 13. 9, which specified at the top of the corresponding graphs. The input for each of the input variables is specified at the top of the section corresponding to them, so also the output variable.

e) THE SURFACE VIEWER

The surface viewer shown in figure 9 is a 3-D graph that shows the relationship between the inputs and the output. The output (security Risk) is represented on the Z-axis while 2 of the inputs (Confidentiality and Integrity) are on the x and y axes and the other input (Availability) is held constant. The surface viewer shows a plot of the possible ranges of the input variables against the possible ranges of the output.

4) EVALUATION

The security risk analysis system was evaluated using three newly completed software products from three different software development organizations. The output determines the security level of software under consideration. The summary of the evaluation is given in figure 11. For product A, 5 is the score for confidentiality, 5 for the integrity and 5 for the availability.

CONCLUSION AND FINDING

Thus, this work proposes a fuzzy logic-based technique for determination of level of security risk associated with software systems. Fuzzy logic is one of the major tools used for security analysis. The major goals of secure software which are used as the inputs to them system are the preservation of confidentiality (preventing unauthorized disclosure of information), preservation of integrity (preventing unauthorized alteration of information) and preservation of availability (preventing unauthorized destruction or denial of access or service to an authentic user).

It might be necessary to redesign this system in a way that it will be deployable and will be without the use of MATLAB. It might also be necessary to use an adaptive fuzzy logic technique for security risk analysis. We have been able to design a system that can be used to evaluate the security risk associated with the production of secure software systems. This will definitely help software organizations meet up with the standard requirements. A technique for assessing security of software system before final deployment has been presented.

The result of this study shows that if the software producing companies will incorporate security risk analysis into the production of software system, the issue of insecurity of software will be held to the minimum if not eliminated. This study has also revealed that if each of the software security goals can be increased to the maximum, then the level security will also be increased and the risk associated will be eliminated. Finally, security risk analysis is a path towards producing secure software and should be considered a significant activity by software development organizations.

We will write a custom Essay on Software Security Risk Analysis Using Fuzzy Expert System specifically for you for only ~~$16.05~~ $13/page

805 certified writers online

Order Now

Need help with your Assignment?

Give us your paper requirements,and we’ll deliver the highest-quality essay at only $13 a page.

Order with discount

Calculate the price

Make an order in advance and get the best price

Type of paper

Academic level

Deadline

Pages (550 words)

$0.00

*Price with a welcome 15% discount applied.

Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.

We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.

How it works

Receive a 100% original paper that will pass Turnitin from a top essay writing service

step 1

Upload your instructions

Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.

step 2

Control the process

Once you place an order with our professional essay writing services, we will email you login details to your account. There, you'll communicate with the writer and support team and track the writer's progress.

step 3

Download your paper on time

As soon as your work is ready, we’ll notify you via email. You'll then be able to download it from your account and request a revision if needed. Please note that you can also rate the writer's work in your account.

Pro service tips

How to get the most out of your experience with MyStudyWriters

One writer throughout the entire course

If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.

The same paper from different writers

You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."

Copy of sources used by the writer

Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.

Testimonials

See why 20k+ students have chosen us as their sole writing assistance provider

Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.

Human Resources Management (HRM)

excellent

Customer 452773, June 25th, 2023

Nursing

thank you so much

Customer 452749, June 10th, 2021

FIN571

excellent

Customer 452773, March 15th, 2024

Human Resources Management (HRM)

excellent job

Customer 452773, July 17th, 2023

Nursing

I just need some minor alterations. Thanks.

Customer 452547, February 10th, 2021

Leadership Studies

excellent job

Customer 452773, July 28th, 2023

BUSINESSADMINECO535

excellent work

Customer 452773, October 6th, 2023

Nursing

Impressive writing

Customer 452547, February 6th, 2021

Business and administrative studies

Thanks

Customer 452773, March 3rd, 2023

Psychology

Thank you!

Customer 452545, February 6th, 2021

Business and administrative studies

great job as always

Customer 452773, February 26th, 2023

Business and administrative studies

Perfect

Customer 452773, February 23rd, 2023

11,595

Customer reviews in total

96%

Current satisfaction rate

3 pages

Average paper length

37%

Customers referred by a friend

OUR GIFT TO YOU

15% OFF your first order

Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.

Claim my 15% OFF Order in Chat

Check the price of your paper

Software Security Risk Analysis Using Fuzzy Expert System

Software Level of Security Risk Analysis Using Fuzzy

ABSTRACT

ANALYSIS AND DESIGN

1) DESIGN OF THE LINGUISTIC VARIABLES

2) THE FUZZY SETS

3) THE RULES OF THE FUZZY SYSTEM

DEVELOPMENT AND IMPLEMENTATION

a) THE FIS EDITOR

b) THE MEMBERSHIP FUNCTION EDITOR

c) THE RULE EDITOR

d) THE RULE VIEWER

e) THE SURFACE VIEWER

4) EVALUATION

CONCLUSION AND FINDING

Share this:

Related

Need help with your Assignment?

Sometimes it is hard to do all the work on your own