首页    期刊浏览 2024年11月28日 星期四
登录注册

文章基本信息

  • 标题:Fuzzy Logic Approach for Threat Prioritization in Agile Security Framework using DREAD Model
  • 作者:Sonia Archana Singhal Hema Banati
  • 期刊名称:International Journal of Computer Science Issues
  • 印刷版ISSN:1694-0784
  • 电子版ISSN:1694-0814
  • 出版年度:2011
  • 卷号:8
  • 期号:4
  • 出版社:IJCSI Press
  • 摘要:For a qualitative system sound security practices must be a crucial part throughout the entire software lifecycle. Furthermore, agile software development has paved the way for overcoming the problems faced by developers during traditional development process. In the given paper we are using an Agile Security Framework that is compatible with practices of agile processes and inherit in it the benefits of security engineering activities in the form of risk assessment and threat prioritization. One of the most popular techniques to deal with ever growing risks associated with security threats is DREAD model. It is used for rating risk of threats identified in the abuser stories. In this model threats needs to be defined by sharp cutoffs. However, such precise distribution is not suitable for risk categorization as risks are vague in nature and deals with high level of uncertainty. In view of these risk factors, our paper proposes a novel fuzzy approach using DREAD model for computing risk level that ensures better evaluation of imprecise concepts. Thus it provides the capacity to include subjectivity and uncertainty during risk ranking. A case study has been presented to illustrate and compare the proposed approach with the existing one using Matlab.
  • 关键词:Fuzzy logic; Agile Security Framework; Risk ranking; DREAD Model; Fuzzy Inference System
Loading...
联系我们|关于我们|网站声明
国家哲学社会科学文献中心版权所有