A fuzzy outranking approach in risk analysis of web service security

被引：6

作者：

Wang, Ping ^{[1
]}

Chao, Kuo-Ming

Lo, Chi-Chun

Huang, Chun-Lung

Younas, Muhammad

机构：

[1] Kun Shan Univ Technol, Dept MIS, Tainan, Taiwan

[2] Fudan Univ, Software Sch, Shanghai 200433, Peoples R China

[3] Coventry Univ, Fac Engn & Comp, Coventry, W Midlands, England

[4] Natl Chiao Tung Univ, Inst Informat Management, Hsinchu, Taiwan

[5] Oxford Brookes Univ, Dept Comp, Oxford OX3 0BP, England

来源：

CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS | 2007年 / 10卷 / 01期

关键词：

fuzzy outranking; risk analysis; web services security; pseudo-order; POPM;

D O I：

10.1007/s10586-007-0002-2

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Risk analysis is considered as an important process to identify the known and potential vulnerabilities and threats in the web services security. It is quite difficult for users to collect adequate events to estimate the full vulnerabilities and probability of threats in the Web, due to the rapid change of the malicious attacks and the new computers vulnerabilities. In this paper, a fuzzy risk assessment model is developed in order to evaluate the risk of web services in a situation where complete information is not available. The proposed model extends Pseudo-Order Preference Model (POPM) to estimate the imprecise risk based on richness of information and to determine their ranking using a weighted additive rule. A case Study of a number of web services is presented in order to test the proposed approach.

引用

页码：47 / 55

页数：9

共 23 条

[1]

BHARGAVAN K, 2004, P 2004 WORKSH SEC WE

[2]

*BRIT STAND I, 77991200 BS BRIT STA

[3]

Carroll J. M., 1983, Computers & Security, V2, P230, DOI 10.1016/0167-4048(83)90005-6

[4] Fuzzy group decision making for evaluating the rate of aggregative risk in software development [J].