A fuzzy outranking approach in risk analysis of web service security

被引:6
作者
Wang, Ping [1 ]
Chao, Kuo-Ming
Lo, Chi-Chun
Huang, Chun-Lung
Younas, Muhammad
机构
[1] Kun Shan Univ Technol, Dept MIS, Tainan, Taiwan
[2] Fudan Univ, Software Sch, Shanghai 200433, Peoples R China
[3] Coventry Univ, Fac Engn & Comp, Coventry, W Midlands, England
[4] Natl Chiao Tung Univ, Inst Informat Management, Hsinchu, Taiwan
[5] Oxford Brookes Univ, Dept Comp, Oxford OX3 0BP, England
来源
CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS | 2007年 / 10卷 / 01期
关键词
fuzzy outranking; risk analysis; web services security; pseudo-order; POPM;
D O I
10.1007/s10586-007-0002-2
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Risk analysis is considered as an important process to identify the known and potential vulnerabilities and threats in the web services security. It is quite difficult for users to collect adequate events to estimate the full vulnerabilities and probability of threats in the Web, due to the rapid change of the malicious attacks and the new computers vulnerabilities. In this paper, a fuzzy risk assessment model is developed in order to evaluate the risk of web services in a situation where complete information is not available. The proposed model extends Pseudo-Order Preference Model (POPM) to estimate the imprecise risk based on richness of information and to determine their ranking using a weighted additive rule. A case Study of a number of web services is presented in order to test the proposed approach.
引用
收藏
页码:47 / 55
页数:9
相关论文
共 50 条
  • [1] A fuzzy outranking approach in risk analysis of web service security
    Ping Wang
    Kuo-Ming Chao
    Chi-Chun Lo
    Chun-Lung Huang
    Muhammad Younas
    Cluster Computing, 2007, 10 : 47 - 55
  • [2] Security risk analysis in Web Services systems
    Gutierrez, Carlos
    Fernandez-Medina, Eduardo
    Piattini, Mario
    SECRYPT 2006: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2006, : 425 - +
  • [3] A Fuzzy AHP Approach for Security Risk Assessment in SCADA Networks
    Markovic-Petrovic, Jasna D.
    Stojanovic, Mirjana D.
    Rakas, Slavica V. Bostjancic
    ADVANCES IN ELECTRICAL AND COMPUTER ENGINEERING, 2019, 19 (03) : 69 - 74
  • [4] Fuzzy tool for conducting information security risk analysis
    Bartos, Jiri
    Walek, Bogdan
    Klimes, Cyril
    Farana, Radim
    2014 15TH INTERNATIONAL CARPATHIAN CONTROL CONFERENCE (ICCC), 2014, : 28 - 33
  • [5] Risk Analysis Method: A Fuzzy Approach
    Deng, Yong
    Su, Xiaoyan
    Jiang, Wen
    Xu, Jianling
    Xu, Peida
    THIRD INTERNATIONAL SYMPOSIUM ON ELECTRONIC COMMERCE AND SECURITY WORKSHOPS (ISECS 2010), 2010, : 146 - 150
  • [6] Web Service Security Management Using Semantic Web Techniques
    Guimaraes Garcia, Diego Zuquim
    Felgar de Toledo, Maria Beatriz
    APPLIED COMPUTING 2008, VOLS 1-3, 2008, : 2256 - 2260
  • [7] Security of Web Applications with short web service : a review Study
    Ajay, Anadi
    Jaiswal, Arunima
    Verma, Kritika
    2015 5TH INTERNATIONAL CONFERENCE ON ADVANCED COMPUTING & COMMUNICATION TECHNOLOGIES ACCT 2015, 2015, : 569 - 574
  • [8] RISK ANALYSIS IN MANAGERIAL PROCESS AND FUZZY APPROACH
    Boc, Kamil
    Vaculik, Juraj
    Vidrikova, Dagmar
    TRANSPORT AND TELECOMMUNICATION JOURNAL, 2013, 14 (03) : 214 - 222
  • [9] A New Quantitative Model for Web Service Security
    Banaei, Omid
    Khorsandi, Siavash
    PROCEEDINGS OF 2012 IEEE 14TH INTERNATIONAL CONFERENCE ON COMMUNICATION TECHNOLOGY, 2012, : 749 - 755
  • [10] A pragmatic Approach on Combined Safety and Security Risk Analysis
    Reichenbach, Frank
    Endresen, Jan
    Chowdhury, Mohammad M. R.
    Rossebo, Judith
    23RD IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSRE 2012), 2012, : 239 - 244
12345