• Corpus ID: 12907447

Fuzzy Logic Approach for Threat Prioritization in Agile Security Framework using DREAD Model

  title={Fuzzy Logic Approach for Threat Prioritization in Agile Security Framework using DREAD Model},
  author={Sonia and Archana Singhal and Hema Banati},
For a qualitative system sound security practices must be a crucial part throughout the entire software lifecycle. [] Key Method It is used for rating risk of threats identified in the abuser stories. In this model threats needs to be defined by sharp cutoffs. However, such precise distribution is not suitable for risk categorization as risks are vague in nature and deals with high level of uncertainty. In view of these risk factors, our paper proposes a novel fuzzy approach using DREAD model for computing…

Figures and Tables from this paper

Selection of Security Activities for Integration with Agile Methods after Combining their Agility and Effectiveness

The goal of this paper is to select those security activities which are best to integrate with agile methods, based on two distinct measures, effectiveness and agility degree of security activities, by using a weighted decision theory.

FISA-XP: an agile-based integration of security activities with extreme programming

A framework, FISA-XP, which can be adopted for the development of a secure software system by introducing an Acceptable Agility Reduction Factor, which gives a threshold value for an acceptable reduction in agility degree.

A Proposed Fuzzy based Framework for Calculating Success Metrics of Agile Software Projects

This paper proposes a framework for calculating Success Metrics (SM) of agile software projects based on fuzzy logic to address the ambiguity in agility assessment.

Network Threat Ratings in Conventional DREAD Model Using Fuzzy Logic

A novel fuzzy approach is proposed using DREAD model for computing risk level that ensures better evaluation of imprecise concepts and provides the capacity to include subjectivity and uncertainty during risk ranking.

Modelling of Fuzzy Expert System for an Assessment of Security Information Management System UIS (University Information System)

The paper combines the original Visual Basic programming language and MATLAB's Fuzzy Toolbox, to solve the complex problem of assessing compliance with the ISO/IEC 27001 standard, as one of the main standards for information systems security modelling.

Cyber Security Risk Assessment Using Multi Fuzzy Inference System

A risk assessment method based on multi fuzzy systems is proposed for assessing cyber threats, which evaluates cyber security risk as a function of risk factors which are the overall capabilities of an attacker, the overall likelihood of an attack success, and the impact of a attack.

Analyzing and Managing the Impact of Risks using Multi Fuzzy Inference System

A multi-fuzzy risk evaluation approach is suggested for the identification of security threats based on the potential ability for an assailant, their overall probability for an attacks as well as the implications of such attacks.

Security Risk Assessment of Healthcare Web Application Through Adaptive Neuro-Fuzzy Inference System: A Design Perspective

This research proposes the identification of security risks and their assessment during the development of the web application through adaptive neuro-fuzzy inference system (ANFIS), and also proposes a fuzzy regression model.

Increment order of linguistic variables method in information security risk assessment

The implementation method of function transformation of linguistic variables standards based on a single increment number of terms using expert assessments made at the stage of system settings is proposed, which will simplify the procedure of standards adjustment, through the process of a single Incremental Number of terms for trapezoidal fuzzy numbers.



Development of Agile Security Framework Using a Hybrid Technique for Requirements Elicitation

A framework which effectively implements security practices in agile development and adopts additional features proposed by other researchers is presented, which would combine abuser stories and attack trees drawing best features of each of their individual methods.

Threat Modeling Using Fuzzy Logic Paradigm

Using the design to test five computer systems, the result shows a tool that can be effectively used to analyze potential threats to computer-based systems.

Use of fuzzy logic approaches to safety assessment in maritime engineering applications

This paper focuses on the development and representation of linguistic variables to model risk levels subjectively using fuzzy set theory, which provides a tool for working directly with the linguistic terms commonly used in carrying out safety assessment.

Integrating Security into Agile Development Methods

This article demonstrates how the security features can be integrated into agile methods, including checklists and management standards.

Extending XP practices to support security requirements engineering

This paper proposes a way of extending eXtreme Programming (XP) practices, in particular the original planning game and the coding guidelines, to aid the developers and the customer to engineer

A threat risk modeling framework for Geospatial Weather Information System (GWIS) a DREAD based study

This work implements the proposed mechanism the application risk assessment using Microsoft's threat risk DREAD model to evaluate the application security risk against vulnerability parameters to improve the security of the application.

Threat Modeling as a Basis for Security Requirements

Prior to claiming the security of a system, it is important to identify the threats to the system in question to develop realistic and meaningful security requirements.

Prioritization of Threats Using the k / m Algebra

A new methodology for prioritizing threats rated with ordinal scale values while preserving the meaning of ordinal values and respecting the rules that govern ordinal scales is presented.

Security Requirements for the Rest of Us: A Survey

Most software developers aren't primarily interested in security, but the software engineering community is slowly beginning to realize that information security is also important for software whose primary function isn't related to security.

Outline of a New Approach to the Analysis of Complex Systems and Decision Processes

  • L. Zadeh
  • Computer Science
    IEEE Trans. Syst. Man Cybern.
  • 1973
By relying on the use of linguistic variables and fuzzy algorithms, the approach provides an approximate and yet effective means of describing the behavior of systems which are too complex or too ill-defined to admit of precise mathematical analysis.