A fuzzy framework for prioritization and partial selection of security requirements in software projects
Article
Article Title | A fuzzy framework for prioritization and partial selection of security requirements in software projects |
---|---|
ERA Journal ID | 581 |
Article Category | Article |
Authors | Mougouei, Davoud (Author), Powers, David M.W. (Author) and Mougouei, Elahe (Author) |
Journal Title | Journal of Intelligent and Fuzzy Systems |
Journal Citation | 37 (2), pp. 2671-2686 |
Number of Pages | 17 |
Year | 2019 |
Place of Publication | Netherlands |
ISSN | 1064-1246 |
1875-8967 | |
Digital Object Identifier (DOI) | https://doi.org/10.3233/JIFS-182907 |
Web Address (URL) | https://content.iospress.com/articles/journal-of-intelligent-and-fuzzy-systems/ifs182907 |
Abstract | Resource limitations in software projects rarely allow for the security requirements to be fully realized. As such, Prioritization and Selection (PAS) techniques are used to find an optimal subset of the requirements. Consequently, some of the security requirements will be ignored. But ignoring security requirements may (a) leave some of the security threats unattended and (b) negatively impact the effectiveness of the selected requirements. To mitigate this, we have proposed a fuzzy framework, referred to as Prioritization And Partial Selection (PAPS), that reduces the number of ignored security requirements by allowing for partial satisfaction of those requirements. We achieve this by relaxing the satisfaction conditions of security requirements, when tolerated, based on their priorities specified by a fuzzy inference system. Taking into account the partiality of security in PAPS mitigates the adverse impact of ignoring security requirements and enhances the accuracy of prioritization and selection. Our proposed framework is scalable to a large number of requirements. |
Keywords | Fuzzy; Partial Selection; Requirements; Security |
Contains Sensitive Content | Does not contain sensitive content |
ANZSRC Field of Research 2020 | 460299. Artificial intelligence not elsewhere classified |
Public Notes | Files associated with this item cannot be displayed due to copyright restrictions. |
Byline Affiliations | Monash University |
Flinders University | |
Islamic Azad University, Iran | |
Institution of Origin | University of Southern Queensland |
https://research.usq.edu.au/item/q6yz3/a-fuzzy-framework-for-prioritization-and-partial-selection-of-security-requirements-in-software-projects
92
total views3
total downloads0
views this month0
downloads this month