UNIVERSITI TEKNIKAL MALAYSIA MELAKA
FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY
SESSION 2 - 2010/2011
|NURUL AZRIN BT AIRRUDIN – B031010343 | |SITI NURSHAFIEQA BT SUHAIMI – B031010313 | |NUR SHAHIDA BT MUHTAR – B031010266 | | | |LECTURE NAME: DR ABD. SAMAD HASSAN BASARI | | | |[12th APRIL 2011] |
SOFTWARE LEVEL OF SECURITY RISK ANALYSIS
USING FUZZY EXPERT SYSTEM
There is wide concern on the security of software systems because many organizations depend largely on them for their day-to-day operations. Since we have not seen a software system that is completely secure, there is need to analyze and determine the security risk of emerging software systems. This work presents a technique for analyzing software security using fuzzy expert system. The inputs to the system are suitable fuzzy sets representing linguistic values for software security goals of confidentiality, integrity and availability. The expert rules were constructed using the Mamdani fuzzy reasoning in order to adequately analyze the inputs. The defuzzication technique was done using Centroid technique. The implementation of the design is done using MATLAB fuzzy logic tool because of its ability to implement fuzzy based systems. Using newly develop software products from three software development organizations as test cases, the results show a system that can be used to effectively analyze software security risk.
ANALYSIS AND DESIGN
The design is basically divided into four stages:
1) DESIGN OF THE LINGUISTIC VARIABLES
The inputs to the system are the values assumed for the software security goal thru confidentiality, integrity and availability. The goals are assumed to be the same weight and a particular valued is determined for each of them based on questions that are answered about the specific software. Also the values determined for each of the input are defined as a fuzzy number instead of crisp numbers by using suitable fuzzy sets. Designing the fuzzy system requires that the different inputs (that is, confidentiality, integrity, and availability) are represented by fuzzy sets. The fuzzy sets are in turn represented by a membership function. The membership function used in this paper is the triangular membership function which is a three point function defined by minimum, maximum and modal values where usually represented in 1.
Figure 1: Triangular Membership Function
2) THE FUZZY SETS
The level of confidentiality is defined based on the scales of not confidential, slightly confidential, very confidential and extremely confidential. The level of integrity is also defined based on the scales very low, low, high, very high, and extra high. Also, the level of availability is also defined by the scales very low,...