Quantitative Analysis of Software Security through Fuzzy PROMETHEE-II Methodology: A Design Perspective

Full Text (PDF, 338KB), PP.30-41

Views: 0 Downloads: 0

Author(s)

Suhel Ahmad Khan 1,* Mohd Nadeem 2 Alka Agrawal 2 Raees Ahmad Khan 2 Rajeev Kumar 3

1. Department of Computer Science, Indira Gandhi National Tribal University, Amarkantak, 484887, Madhya Pradesh, India

2. Department of Information Technology, Babasaheb Bhimrao Ambedkar University, Lucknow, 226025, Uttar Pradesh, India

3. Department of Computer Science and Engineering, Babu Banarasi Das University, Lucknow, 226028, Uttar Pradesh, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijmecs.2021.06.04

Received: 23 Jul. 2020 / Revised: 15 Aug. 2020 / Accepted: 18 Nov. 2020 / Published: 8 Dec. 2021

Index Terms

Software Security, Software Design Attributes, Fuzzification, Fuzzy PROMETHEE-II

Abstract

The objective of this research study is to develop secure and multi-functional software or web application with controlled complexity. The demand of software security in different IT sectors is the main focus of the present endeavor. The different design factors and their prioritization are the need and demand of the system. We have selected the case of banking software or application. Security assessment is an integral part of risk management practices which provides an analytical mechanism to control and integrate security features for valuable opinion during the design phase. The designing of secure software and the impact of security factor is adopted and evaluated by the Preference Ranking Organization Method for Enrichment Evaluation (PROMETHEE)-II method. The PROMETHEE-II methodology evaluates the impact of factors with respect to the design alternatives. The current priority is to work on the state-of-the-art security attributes or alternatives of software design. Decision makers are generally responsible for evaluating various responses within their technical or scientific jurisdiction and rank them accordingly. Fuzzy set theories are the most appropriate tools to provide results for modeling qualitative information because of their ability to handle the impreciseness that is common in rating alternatives. The proposed work highlights the effectiveness of fuzzy PROMETHEE-II method in this context. We have enlisted this methodology for comparing software security factors in design perspective by using linguistic variables. The quantitative analysis attempted in our study was highly accurate for evaluating the security attributes and ranking them as per their priority, particularly in the context of banking software design. The study concludes with the advantages of employing the Fuzzy PROMETHEE-II vis-à-vis the other methodologies in analyzing the software security in the context of design.

Cite This Paper

Suhel Ahmad Khan, Mohd Nadeem, Alka Agrawal, Raees Ahmad Khan, Rajeev Kumar, " Quantitative Analysis of Software Security through Fuzzy PROMETHEE-II Methodology: A Design Perspective", International Journal of Modern Education and Computer Science(IJMECS), Vol.13, No.6, pp. 30-41, 2021.DOI: 10.5815/ijmecs.2021.06.04

Reference

[1] Cunningham, M. (2016). Complying with international data protection law. U. Cin. L. Rev., 84, 421.

[2] CCPA, D. U. (2020). California Consumer Privacy Act (CCPA) Website Policy. Policy.

[3] Chandler, J. A. (2003). Security in cyberspace: combatting distributed denial of service attacks. U. Ottawa L. & Tech. J., 1, 231.

[4] Balali, Vahid&Zahraie, Banafsheh&Roozbahani, Abbas. (2014). A Comparison of AHP and PROMETHEE Family Decision Making Methods for Selection of Building Structural System. American Journal of Civil Engineering and Architecture. 2. 149-159. 10.12691/ajcea-2-5-1.

[5] Mursanto, Petrus& Halim, Arwin. (2014). Combination of AHP and PROMETHEE for Measuring Quality of Object Oriented Software Design. 10.13033/isahp.y2014.055.

[6] Pandey, S. K., & Mustafa, K. (2010). Security Assurance: An Authentication Initiative by Checklists. International Journal of Advanced Research in Computer Science, 1(2).

[7] G. McGraw, "Software security," in IEEE Security & Privacy, vol. 2, no. 2, pp. 80-83, March-April 2004.

[8] Kaur, K., & Singh, H. (2014, May). PROMETHEE based component evaluation and selection for Component Based Software Engineering. In 2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies (pp. 1421-1425). IEEE.

[9] Vinodh, S., &Girubha, R. J. (2012). PROMETHEE based sustainable concept selection. Applied Mathematical Modelling, 36(11), 5301-5308.

[10] Venkata Rao, R., & Patel, B. K. (2010). Decision making in the manufacturing environment using an improved PROMETHEE method. International Journal of Production Research, 48(16), 4665-4682.

[11] Shakiba-Herfeh, M., Chorti, A., & Poor, H. V. (2020). Physical Layer Security: Authentication, Integrity and Confidentiality. arXiv preprint arXiv:2001.07153.

[12] Garg A., Mittal N., Diksha (2020) A Security and Confidentiality Survey in Wireless Internet of Things (IoT). In: Balas V., Solanki V., Kumar R. (eds) Internet of Things and Big Data Applications. Intelligent Systems Reference Library, vol 180. Springer, Cham

[13] Khan S. A. & Khan R. A. (2013), Security Quantification Model, , International Journal of Software Engineering IJSE, ISSN: 2090-1801, Volume 6, No. 2, 2013, pp: 75-89

[14] H. Hu and G. Ahn, "Constructing Authorization Systems Using Assurance Management Framework," in IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), vol. 40, no. 4, pp. 396-405, July 2010.

[15] Khan, R. (2011). Secure software development: a prescriptive framework. Computer Fraud & Security, 2011(8), 12-20.

[16] Khan, S. A., & Khan, R. A. (2012). Integrity quantification model for object oriented design. ACM SIGSOFT Software Engineering Notes, 37(2), 1-3.

[17] Allen, E. B., Khoshgoftaar, T. M., & Chen, Y. (2001, April). Measuring coupling and cohesion of software modules: an information-theory approach. In Proceedings Seventh International Software Metrics Symposium (pp. 124-134). IEEE.

[18] Tegarden, D. P., Sheetz, S. D., &Monarchi, D. E. (1995). A software complexity model of object-oriented systems. Decision Support Systems, 13(3-4), 241-262.

[19] Khan, S. A., & Khan, R. A. (2010). Securing object oriented design: A complexity perspective. International Journal of Computer Applications, 8(13).

[20] Kang, N., Liu, Z., Rexford, J., & Walker, D. (2013, December). Optimizing the" one big switch" abstraction in software-defined networks. In Proceedings of the ninth ACM conference on Emerging networking experiments and technologies (pp. 13-24).

[21] Atheel K. Abdulzahra, Turki Y. Abdalla, (2019), Fuzzy Sliding Mode Control Scheme for Vehicle Active Suspension System Optimized by ABC Algorithm, International Journal of Intelligent Systems and Applications, Vol.11, No.12, pp.1-10.

[22] Brans, J. P., Vincke, P., &Mareschal, B. (1986). How to select and how to rank projects: The PROMETHEE method. European journal of operational research, 24(2), 228-238.

[23] Eppe, S., De Smet, Y., &Stützle, T. (2011, October). A bi-objective optimization model to eliciting decision maker’s preferences for the PROMETHEE II method. In International Conference on Algorithmic Decision Theory (pp. 56-66). Springer, Berlin, Heidelberg.

[24] Roy, B. (1977). Partial preference analysis and decision aid: The fuzzy outranking relation concept. Conflicting objectives in Decisions, 40-75.

[25] Kang, N., Liu, Z., Rexford, J., & Walker, D. (2013, December). Optimizing the" one big switch" abstraction in software-defined networks. In Proceedings of the ninth ACM conference on Emerging networking experiments and technologies (pp. 13-24).

[26] Charles W. Krueger. 1992. Software reuse. ACM Comput. Surv. 24, 2 (June 1992), 131–183. DOI:https://doi.org/10.1145/130844.130856.

[27] Maselle J. K., Mashaka J. M., Verdiana G. M,(2020), Multi-Criteria Decision Making and Numerical Optimization Approaches for Optimizing Water Loss Management Strategies in Water Distribution System - A case of Urban Water Supply and Sanitation Authorities in Tanzania , International Journal of Mathematical Sciences and Computing, Vol.6, No.1, pp.10-24, 2020.

[28] Farhad L., Kimia F., Nasrin B., (2020), An Analysis of Key Factors to Mobile Health Adoption using Fuzzy AHP, International Journal of Information Technology and Computer Science, Vol.12, No.2, pp.1-17.