Secure Appreciative Inquiry Fuzzy Quantification Technique For Quantifying Software Security Requirements

Secure Appreciative Inquiry Fuzzy Quantification Technique For Quantifying Software Security Requirements

Software developers generally focused on the core’s functions and features, but the security was only addressed as afterthought even though it was too late. The lack of proper consideration of security requirements during the early stages may lead to the development of an application with a poor sec...

Full description

Saved in:
Bibliographic Details
Main Author: Omar Isam Homaidi Al Mrayat
Format: Thesis
Language:en_US
Subjects:
Software security
Security systems
Secure Appreciative Inquiry Fuzzy Quantification Technique (SAIFQT)
Online Access:https://oarep.usim.edu.my/bitstreams/47d76fb4-a625-43c5-8766-4cec0b78679b/download
https://oarep.usim.edu.my/bitstreams/47c5d0d0-e00e-469f-aad2-6628647e4939/download
https://oarep.usim.edu.my/bitstreams/bfa8758e-b4f7-4e5b-bfe6-97b5e4d6b7fe/download
https://oarep.usim.edu.my/bitstreams/009ecc46-9c0e-4d01-9940-bbcd37f5dcce/download
https://oarep.usim.edu.my/bitstreams/5b1b185d-fe16-496b-a36d-ced0312f252b/download
https://oarep.usim.edu.my/bitstreams/c3c17d35-2b08-4ff7-a360-25b80c00dbe4/download
https://oarep.usim.edu.my/bitstreams/975c6811-eeaa-42e7-86f6-d43c8c6a633e/download
https://oarep.usim.edu.my/bitstreams/ba47c75c-1624-4779-9edc-a1b3b2daefa8/download
https://oarep.usim.edu.my/bitstreams/fd0ada8d-090b-412e-a914-eca68c07a25b/download
https://oarep.usim.edu.my/bitstreams/a7d5b5b2-1378-410b-94fc-1517b40326a0/download
https://oarep.usim.edu.my/bitstreams/4b68d46d-fcca-4cac-a589-1c7b6930cd39/download
https://oarep.usim.edu.my/bitstreams/8028d147-94bc-4963-9bf0-2af5c63f1130/download
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Software developers generally focused on the core’s functions and features, but the security was only addressed as afterthought even though it was too late. The lack of proper consideration of security requirements during the early stages may lead to the development of an application with a poor security and the cost of correcting it might at an early stage helps to design a secure application that can withstand malicious attacks. Therefore, software and system developers need practical and systematic approaches to obtain sufficient and credible evidence of the security level in the system, which is under development in early phases of software development life-cycle (SDLC). Currently, there is limited number of reliable technique or method to quantify security requirements in software industry. Thus , the objective of the study is to construct a framework to elicit and quantify security requirements in order to ensure secure software been developed. Here, the work introduce a framework called Secure Appreciative Inquiry Fuzzy Quantification Technique (SAIFQT) which integrate Appreciative Inquiry, SQUARE, CLASP and Fuzzy Soft Set Theory techniques in eliciting and quantifying security requirements. The proposed framework, SAIFQT was evaluated with by case studies, penetration testing and validated by security experts. A mixed methodology was used in this study, a qualitative and explorative method. The results show that the proposed technique, SAIFQT was proved successfully in eliciting a new and unique software and security requirements specification. The results show the strong points in the proposed technique comparing to the normal SDLC, according to penetration testing reports, which shows three low priority alerts for the proposed technique. Meanwhile the report related to the prototype built using normal SDLC shows four high priority alerts and one for each of medium, low and informational priority security alerts. Thus , is study registered their contribution to cover security vulnerability in software intended to be build in future.

Similar Items