Title: FUZZY DESCRIPTION OF SECURITY REQUIREMENTS FOR INTRUSION TOLERANT WEB-SERVICES

Year of Publication: 2013
Page Numbers: 141-147
Authors: Davoud Mougouei, Wan Nurhayati Wan Ab. Rahman
Conference Name: The Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (CyberSec2013)
- Malaysia

Abstract:


Performing security analysis in the early stages of web-services development is a major engineering trend. However, it is not always possible to entirely identify and mitigate the security threats within the web-service. This may eventually lead to security failure of the service. To avoid security failure, the web-service must tolerate the possible intrusions. Intrusion tolerance must be incorporated in the security requirements of the service. In this paper, we propose a new technique toward description of security requirements of Intrusion Tolerant Services (ITS) using fuzzy logic. We care for intrusion tolerance in to the security requirements of the web-service through considering partial satisfaction of security goals. This partiality is addressed through establishment of a Goal-Based Fuzzy Grammar (GFG) for describing Security Requirement Model (SRM) of the ITS.