A fuzzy framework for prioritization and partial selection of security requirements in software projects

Davoud Mougouei, David M.W. Powers, Elahe Mougouei

Research output: Contribution to journalArticlepeer-review

5 Citations (Scopus)

Abstract

Resource limitations in software projects rarely allow for the security requirements to be fully realized. As such, Prioritization and Selection (PAS) techniques are used to find an optimal subset of the requirements. Consequently, some of the security requirements will be ignored. But ignoring security requirements may (a) leave some of the security threats unattended and (b) negatively impact the effectiveness of the selected requirements. To mitigate this, we have proposed a fuzzy framework, referred to as Prioritization And Partial Selection (PAPS), that reduces the number of ignored security requirements by allowing for partial satisfaction of those requirements. We achieve this by relaxing the satisfaction conditions of security requirements, when tolerated, based on their priorities specified by a fuzzy inference system. Taking into account the partiality of security in PAPS mitigates the adverse impact of ignoring security requirements and enhances the accuracy of prioritization and selection. Our proposed framework is scalable to a large number of requirements.

Original languageEnglish
Pages (from-to)2671-2686
Number of pages16
JournalJournal of Intelligent and Fuzzy Systems
Volume37
Issue number2
DOIs
Publication statusPublished - 9 Sep 2019

Keywords

  • Fuzzy
  • Partial Selection
  • Requirements
  • Security

Fingerprint

Dive into the research topics of 'A fuzzy framework for prioritization and partial selection of security requirements in software projects'. Together they form a unique fingerprint.

Cite this