期刊名称:Issues in Informing Science and Information Technology
印刷版ISSN:1547-5840
电子版ISSN:1547-5867
出版年度:2007
卷号:4
页码:053-061
出版社:Informing Science Institute
摘要:Threat modeling, which is the process of identifying, quantifying and analyzing potential threats
of computer-based systems, has become a significant consideration towards designing secure
software systems. Despite the previous methods adopted for threat modeling, there are still many
systems that are probable to attack. In this work, a fuzzy logic-based threat modeling technique is
designed. The technique involves the fuzzification of input variables that is based on six major
categories of threats (STRIDE- Spoofing, Tampering, Repudiation, Information Disclosure, Denial
of Service, and Elevation of Privilege), rule evaluation, and aggregation of the rule outputs.
The design is based on Mamdani-style inference system which is very good for the representation
of human reasoning and effective analysis. The implementation is done using MATLAB fuzzy
logic tools. Using the design to test five computer systems, the result shows a tool that can be effectively
used to analyze potential threats to computer-based systems.
