International Conference on Advances in Computer and Information Technology - ACIT 2013
Author(s) : DAVOUD MOUGOUEI , MARYAM ESHRAGHI EVARI, WAN NURHAYATI WAN AB. RAHMAN
Identifying threats in the stage of requirements engineering is a big and complex challenge for web services development.The challenge even grows when the massive number of security faults grows. In addition, security threats existing in a web service may increase the risk of security failure. An Electronic Portfolio System (EPS) is introduced as a web service to serve as our running example in this paper. To overcome the security threats in the target EPS, the web service has to be flexible and tolerant. EPS should tolerant in presence of inevitable security threats. This study presents a fuzzy-based approach to establish security requirements of the EPS as a web service and make a fault tolerant model for the security requirements of the service. For this purpose, we have applied a goal-based modeling approach. The approach develops an intrusion tolerant model for security requirements. The model is developed based on the formally described model of security faults (SFM). In order tomake the Security Requirement Model (SRM) of the system tolerant, the study has employed partial satisfaction of security goals. The partiality is addressed through temporal fuzzy-based language of RELAX to mitigate unavoidable threats during the requirement analysis process. Ultimately, the approach leads to a fault tolerant model for security requirements of the target EPS.