Abstract
It is critical to develop secure software with long-term performance and capability to withstand and forestall the growing competition in the software development industry. To enhance the potential of Confidentiality, Integrity, and Availability (CIA), a mechanism is required to built in and secure the durability at the time of software development. Security of a software product is durable if the software works efficiently for user’s satisfaction up to the expected duration. Despite the fact that focusing on security which is durable enough considerably reduces maintenance cost, the work done on addressing security as well as durability issues simultaneously during software development remains minimal. To achieve durable security, there is a need to fill the gap between security and durability through identifying and establishing a relationship between security and durability attributes. This article extends the concept of the life span of security services and assesses as well as prioritizes security durability attributes by taking a real-time case study. While building durable security, security experts often face complicated decision problems. Hence, multi-criteria decision-making techniques have been used to solve the issues of measuring conflicting tangible/intangible criteria. In addition, the fuzzy simple average method is used for finding out the rating of security durability attributes. The work has been demonstrated by taking a case study. The results of the study would be useful for security developers to assure the importance of attributes for improving the duration of security.
Article PDF
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
References
A Forrester Consulting Coverity, The software security risk report the road to application security begins in development September 2012, 2012, http://www.coverity.com/library/pdf/the-softwaresecurity-risk-report.pdf.
C. Kelty, S. Erickson, The Durability of Software, Meson Press, Germany, 2015, pp. 1–13.
Y. Asnar, P. Giorgini, M. Fabio, Z. Nicola, From trust to dependability through risk analysis, in Proceeding Of The Second International Conference on Availability, Reliability and Security, International Conference on Application of Concurrency to System Design, IEEE Xplore, 2007, pp. 19–26.
Addressing software security in federal acquisition process. http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=55E94ECFDC445D24E058F6334BB525CD?doi=10.1.1.300.2941&rep=rep1&type=pdf.
E. Nathan, When good software goes bad: the surprising durability of an ephemeral technology, in Mice (Mistakes, Ignorance, Contingency, and Error) Conference, Munich, 2014, pp. 1–16.
R. Kumar, S.A. Khan, R.A. Khan, Durability challenges in software engineering, Crosstalk J. Defense Softw. Eng. 10 (2016), 29–31
R. Kumar, S.A. Khan, R.A. Khan, Revisiting software security: durability perspective, Int. J. Hybrid. Inf. Technol. (SERSC). 8 (2015), 311–322
B. Bulgurcu, H. Cavusoglu, I. Benbasat, Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness, Inf. Secur. Policy Compliance. 34 (2010), 523–548
C. Knittel, R. Feenstra, Re-assessing the U.S. quality adjustment to computer prices: the role of durability and changing software, Working Paper Series-Department of Economics, No 10857, NBER Working Papers from National Bureau of Economic Research, Inc., 2004, pp. 2–50.
D. Linden, A. Rashid, The effect of software warranties on cyber-security, ACM SIGSOFT Softw. Eng. Notes. 43 (2018), 31–35
E.V. Bartlett, S. Simpson, Durability and reliability, alternative approaches to assessment of component performance over time, 2013. https://www.irbnet.de/daten/iconda/CIB8616.pdf.
T.L. Saaty, How to make a decision: the analytic hierarchy process, Eur. J. Oper. Res. 48 (1990), 9–26
Y. Xu, F.J. Cabrerizo, E. Herrera-Viedma, A consensus model for hesitant fuzzy preference relations and its application in water allocation management, Appl. Soft Comput. 58 (2017), 265–284
Y. Xu, C. Li, X. Wen, Missing values estimation and consensus building for incomplete hesitant fuzzy preference relations with multiplicative consistency, Int. J. Comput. Intell. Syst, 11 (2018), 101–119
Y. Xu, X. Wen, H. Sun, H. Wang, Consistency and consensus models with local adjustment strategy for hesitant fuzzy linguistic preference relations, Int. J. Fuzzy Syst. 20 (2018), 2216–2233
H.N. Cho, H.H. Choi, K.Y. Kim, A risk assessment methodology for incorporating uncertainties using fuzzy concepts, Reliab. Eng. Syst. Safe. 78 (2002), 173–183
Y. Xu, L. Chen, R.M. Rodríguez, F. Herrera, H. Wang, Deriving the priority weights from incomplete hesitant fuzzy preference relations in group decision making, Knowl. Based Syst. Knowl. Based Syst. 99 (2016), 71–78
Y. Xu, X. Wen, W. Zhang, A two-stage consensus method for large-scale multi-attribute group decision making with an application to earthquake shelter selection, Comput. Ind. Eng. 116 (2018), 113–129
X. Liu, Y. Xu, R. Montes, R.-X. Ding, F. Herrera, Alternative ranking-based clustering and reliability index-based consensus reaching process for hesitant fuzzy large scale group decision making, IEEE Trans. Fuzzy Syst. 27 (2019), 159–171
L. Xia, Y. Xu, F. Herrera, Consensus model for large-scale group decision making based on fuzzy preference relation with self-confidence: detecting and managing overconfidence behaviors, Inf. Fusion. 52 (2019), 245–256
L.A. Zadeh, Fuzzy sets, Inf. Control. 8 (1965), 338–353
Y.-R. Syau, H.-T. Hsieh, E. Stanley Lee, Fuzzy numbers in the credit rating of enterprise financial condition, Rev. Quant. Finance Act. 17 (2001), 351–360
Z. Zieliski, J. Chudzikiewicz, J. Furtak, An approach to integrating security and fault tolerance mechanisms into the military IOT, in: R. Chakraborty, J. Mathew, A. Vasilakos (Eds.), Security and Fault Tolerance in Internet of Things, Springer, Singapore, 2019.
H. Assal, S. Chiasson, Think secure from the beginning, a survey with software developers, in CHI Conference on Human Factors in Computing Systems Proceedings, ACM, Glasgow, 2019, pp. 1–13.
T.D. Oyetoyan, M.G. Jaatun, D.S. Cruzes, Measuring developers’ software security skills, usage, and training needs, in: Exploring Security in Software Architecture and Design, IGI Global, 2019.
W. Kluwer, Starting Your Software Security Assurance Program, ITARC, Stockholm, 2015.
D.B. Parker, Restating the foundation of information security, in Proceeding of the Eighth International Conference on Information Security, Netherlands, 1992, pp. 139–151.
R. Thomas, Durable, low cost educational software, in Computer Assisted Learning: Selected Contributions from the CAL’93 Symposium, France, 1994, pp. 65–72.
A. Takanen, Fuzzing for software security testing and quality assurance, 2010. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.398.6662&rep=rep1&type=pdf
S.M. Baas, H. Kwakernaak, Rating and ranking of multiple - aspect alternatives using fuzzy sets, Automatica. 13 (1977), 47–58
S. Ammar, R. Wright, Applying fuzzy-set theory to performance evaluation, Socio-Econ. Plan. Sci. 34 (2000), 285–302
A. Mardani, A. Juso, K. MD Nor, Z. Khalifah, N. Zakwan, A. Valipour, Multiple criteria decision-making techniques and their applications – a review of the literature from 2000 to 2014, Int. J. Inf. Technol. Decis. Making. 17 (2018), 391–466
S.K. Dubey, S. Pandey, Measurement of usability of office application using a fuzzy multi-criteria technique, Int. J. Inf. Technol. Comput. Sci. 4 (2015), 64–72
L. Lin, H.M. Lee, A fuzzy software quality assessment model to evaluate user satisfaction, in Proceeding of the Second International Conference on Innovative Computing, Information and Control, Washington, 2007, pp. 438–442.
J. Muñoz, F. Toutouh, F. Jaime, A review of dynamic verification of security and dependability properties, in: R. Abassi (Ed.), Artificial Intelligence Security Challenges Emerging Networks, IGI Global, Hershey, 2019.
K. Ball, S.D. Esposti, S. Dibb, V. Pavone, E. Santiago-Gomez, Institutional trustworthiness and national security governance: evidence from six European countries, Governance. 32 (2019), 103–121
K. Bylykbashi, D. Elmazi, K. Matsuo, M.L. Barolli, Effect of security and trustworthiness for a fuzzy cluster management system in VANETs, Cogn. Syst. Res. 55 (2019), 153–163
A.B. Saxena, M. Dawe, Trust framework for IAAS—a tool based on security checks through standards and certifications. in: S. Satapathy, A. Joshi (Eds.), Information and Communication Technology for Intelligent Systems, Springer, Singapore, 2019.
C.-W. Chang, C.-R. Wu, H.-L. Lin, Integrating fuzzy theory and hierarchy concepts to evaluate software quality, Softw. Qual. J. 16 (2008), 263–276
P.R. Srivastava, A.P. Singh, K.V. Vageesh, Vageesh, Assessment of software quality: a fuzzy multi criteria approach, in: M. Chis (Ed.), Evolution of Computation and Optimization Algorithms in Software Engineering: Applications and Techniques, IGI Global, Hershey, 2010, pp. 200–219.
L. Mikhailov, Deriving priorities from fuzzy pairwise comparison judgements, Fuzzy Sets Syst. 134 (2013), 365–385
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
This is an open access article distributed under the CC BY-NC 4.0 license (http://creativecommons.org/licenses/by-nc/4.0/).
About this article
Cite this article
Kumar, R., Zarour, M., Alenezi, M. et al. Measuring Security Durability of Software through Fuzzy-Based Decision-Making Process. Int J Comput Intell Syst 12, 627–642 (2019). https://doi.org/10.2991/ijcis.d.190513.001
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.2991/ijcis.d.190513.001