Fuzzy Logic Approach for Threat Prioritization in Agile Security Framework using DREAD Model
For a qualitative system sound security practices must be a
crucial part throughout the entire software lifecycle.
Furthermore, agile software development has paved the way for
overcoming the problems faced by developers during traditional
development process. In the given paper we are using an Agile
Security Framework that is compatible with practices of agile
processes and inherit in it the benefits of security engineering
activities in the form of risk assessment and threat prioritization.
One of the most popular techniques to deal with ever growing
risks associated with security threats is DREAD model. It is used
for rating risk of threats identified in the abuser stories. In this
model threats needs to be defined by sharp cutoffs. However,
such precise distribution is not suitable for risk categorization as
risks are vague in nature and deals with high level of uncertainty.
In view of these risk factors, our paper proposes a novel fuzzy
approach using DREAD model for computing risk level that
ensures better evaluation of imprecise concepts. Thus it provides
the capacity to include subjectivity and uncertainty during risk
ranking. A case study has been presented to illustrate and
compare the proposed approach with the existing one using
Matlab.
Keywords: Fuzzy logic, Agile Security Framework, Risk ranking, DREAD Model, Fuzzy Inference System
Download Full-Text
