Evaluating Performance of Web Application Security Through a Fuzzy Based Hybrid Multi-Criteria Decision-Making Approach: Design Tactics Perspective

Design of software can have a major impact on the overall security of the software. Developing a secure website design is a challenge for architectures. It depends on different and tough decisions which determine the security of website. Increasing number of vulnerabilities increase the level of security requirements. Hence, security design tactics are to be adopted to satisfy these security requirements. Security design tactics are the mechanisms to define, detect and mitigate vulnerabilities and attacks. Therefore, faults in the application of security tactics or their weakening during website maintenance could be one of the key reasons behind the emergence of new and severe vulnerabilities that can be targeted by the hackers. There is a need for in-depth analysis of security tactics and its prioritization for the sake of determining the most prioritized factor. This will further help in gaining a more secure system. In this research study, the authors have used the hybrid method of Fuzzy AHP-TOPSIS (Analytic Hierarchy Process-Technique for Order Preference by Similarity Ideal Solution) for the evaluation of security design tactics and its attributes. The efficiency of this approach has been tested on a real time web application of Babasaheb Bhimrao Ambedkar University, Lucknow, India. Further, different web applications of the University have been used to validate the obtained results. This study’s evaluation of the most impactful web application design for improving security will help the architects to secure systems by using security tactics.

[1]  Anthony Peruma,et al.  Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird , 2017, 2017 IEEE International Conference on Software Architecture (ICSA).

[2]  Yasnitsky Leonid Advances in Intelligent Systems and Computing , 2019 .

[3]  Ying-Chyi Chou,et al.  Assessing the Human Resource in Science and Technology for Asian Countries: Application of Fuzzy AHP and Fuzzy TOPSIS , 2019, Symmetry.

[4]  Gilberto Pedraza-Garcia,et al.  A methodological approach to apply security tactics in software architecture design , 2014, 2014 IEEE Colombian Conference on Communications and Computing (COLCOM).

[5]  Kavita Sahu,et al.  Stability: Abstract Roadmap of Software Security , 2015 .

[6]  Jungwoo Ryoo,et al.  The Use of Security Tactics in Open Source Software Projects , 2016, IEEE Transactions on Reliability.

[7]  Hernán Astudillo,et al.  Identifying availability tactics to support security architectural design of microservice-based systems , 2019, ECSA.

[8]  Ulrike Lechner,et al.  Future Security: Processes or Properties? - Research Directions in Cybersecurity , 2018, Models, Mindsets, Meta.

[9]  I. Božani FUZZIFICATION OF THE SAATY’S SCALE AND A PRESENTATION OF THE HYBRID FUZZY AHP-TOPSIS MODEL: AN EXAMPLE OF THE SELECTION OF A BRIGADE ARTILLERY GROUP FIRING POSITION IN A DEFENSIVE OPERATION , 2016 .

[10]  Chia-Chi Sun,et al.  A performance evaluation model by integrating fuzzy AHP and fuzzy TOPSIS methods , 2010, Expert Syst. Appl..

[11]  Hazem M. El-Bakry,et al.  A Framework for Selecting Architectural Tactics Using Fuzzy Measures , 2017, Int. J. Softw. Eng. Knowl. Eng..

[12]  Michael Hicks,et al.  LWeb: information flow security for multi-tier web applications , 2019, Proc. ACM Program. Lang..

[13]  Eduardo B. Fernández,et al.  Revisiting Architectural Tactics for Security , 2015, ECSA.

[14]  Rick Kazman,et al.  A Methodology for Mining Security Tactics from Security Patterns , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[15]  Ker-Wei Yu,et al.  Application of a New Hybrid Fuzzy AHP Model to the Location Choice , 2013 .

[16]  Rick Kazman,et al.  Revising a Security Tactics Hierarchy through Decomposition, Reclassification, and Derivation , 2012, 2012 IEEE Sixth International Conference on Software Security and Reliability Companion.

[17]  Hernán Astudillo,et al.  Security tactics selection poker (TaSPeR): a card game to select security tactics to satisfy security requirements , 2018, ECSA.

[18]  Abbas Mardani,et al.  Multiple criteria decision-making techniques and their applications – a review of the literature from 2000 to 2014 , 2015 .

[19]  Jeng-Fung Chen,et al.  Evaluating teaching performance based on fuzzy AHP and comprehensive evaluation approach , 2015, Appl. Soft Comput..

[20]  Alka Agrawal,et al.  Measuring the Sustainable-Security of Web Applications Through a Fuzzy-Based Integrated Approach of AHP and TOPSIS , 2019, IEEE Access.

[21]  Felipe Osses,et al.  Review of Architectural Patterns and Tactics for Microservices in Academic and Industrial Literature , 2018, IEEE Latin America Transactions.

[22]  Kavita Sahu,et al.  Revisiting Software Reliability , 2018, Data Management, Analytics and Innovation.