A step towards Secure Software System using fuzzy logic

With expanding interconnectivity and extensive use of software systems, risk management has come under heavy strain. The present day security environment demands security mechanisms that rarely fail. In this paper we have tried to take a step further towards foolproof security. The present security measures are based on binary principle. The security mechanisms and procedures adopted at present make the software system strong up to a point and then fail catastrophically. In this paper we have tried to explore some innovative measures and proposed a new approach which will henceforth be named as “Secure Software System (SSS)”. Here we have tried to avert the failed state of the system by induction of ‘Fuzzy Logic’. This will help us to evolve intermediate stages between the safe state and failed state for security goals and resultant security level to be constantly monitored by actors associated with this arrangement. These actors will be prompt in taking additional countermeasures to strengthen the since applied mitigation policies for different threats before the attacker is successful in his mission. These measures will break the jinx of brittleness in between the two states which has gone unattended so far.

[1]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[2]  I. Alexander,et al.  Misuse cases help to elicit non-functional requirements , 2003 .

[3]  Madan M. Gupta,et al.  Fuzzy Sets, Fuzzy Logic, and Fuzzy Systems , 2003 .

[4]  M Fasan Oluwasola SOFTWARE SECURITY RISK ANALYSIS USING FUZZY EXPERT SYSTEM , 2006 .

[5]  Bharat B. Madan,et al.  Modeling and quantification of security attributes of software systems , 2002, Proceedings International Conference on Dependable Systems and Networks.

[6]  Michael Wooldridge,et al.  Agent-based software engineering , 1997, IEE Proc. Softw. Eng..

[7]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[8]  William Yurcik,et al.  Threat Modeling as a Basis for Security Requirements , 2005 .

[9]  Steven B. Lipner,et al.  The trustworthy computing security development lifecycle , 2004, 20th Annual Computer Security Applications Conference.

[10]  Lamia Labed Jilani,et al.  Towards a Comprehensive View of Secure Software Engineering , 2007, The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).

[11]  Axel van Lamsweerde,et al.  Elaborating security requirements by construction of intentional anti-models , 2004, Proceedings. 26th International Conference on Software Engineering.

[12]  Nicolas Mayer,et al.  Alignment of Misuse Cases with Security Risk Management , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[13]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[14]  Ebrahim H. Mamdani,et al.  An Experiment in Linguistic Synthesis with a Fuzzy Logic Controller , 1999, Int. J. Hum. Comput. Stud..

[15]  Bashar Nuseibeh,et al.  The effect of trust assumptions on the elaboration of security requirements , 2004, Proceedings. 12th IEEE International Requirements Engineering Conference, 2004..

[16]  Donald Firesmith,et al.  Analyzing the Security Significance of System Requirements , 2005 .

[17]  Jing Xu,et al.  Performance analysis of security aspects by weaving scenarios extracted from UML models , 2009, J. Syst. Softw..

[18]  Vasant Honavar,et al.  A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System , 2002, Requirements Engineering.

[19]  George J. Klir,et al.  Fuzzy Sets, Fuzzy Logic, and Fuzzy Systems - Selected Papers by Lotfi A Zadeh , 1996, Advances in Fuzzy Systems - Applications and Theory.

[20]  Betty H. C. Cheng,et al.  Research Directions in Requirements Engineering , 2007, Future of Software Engineering (FOSE '07).

[21]  Punam Bedi,et al.  Identifying Security Requirements Hybrid Technique , 2009, 2009 Fourth International Conference on Software Engineering Advances.

[22]  Lamia Labed Jilani,et al.  S2D-ProM: A Strategy Oriented Process Model for Secure Software Development , 2007, International Conference on Software Engineering Advances (ICSEA 2007).

[23]  Lotfi A. Zadeh,et al.  Outline of a New Approach to the Analysis of Complex Systems and Decision Processes , 1973, IEEE Trans. Syst. Man Cybern..