Secure Appreciative Inquiry Fuzzy Quantification Technique For Quantifying Software Security Requirements

Software developers generally focused on the core’s functions and features, but the security was only addressed as afterthought even though it was too late. The lack of proper consideration of security requirements during the early stages may lead to the development of an application with a poor sec...

Full description

Saved in:
Bibliographic Details
Main Author: Omar Isam Homaidi Al Mrayat
Format: Thesis
Language:en_US
Subjects:
Online Access:https://oarep.usim.edu.my/bitstreams/47d76fb4-a625-43c5-8766-4cec0b78679b/download
https://oarep.usim.edu.my/bitstreams/47c5d0d0-e00e-469f-aad2-6628647e4939/download
https://oarep.usim.edu.my/bitstreams/bfa8758e-b4f7-4e5b-bfe6-97b5e4d6b7fe/download
https://oarep.usim.edu.my/bitstreams/009ecc46-9c0e-4d01-9940-bbcd37f5dcce/download
https://oarep.usim.edu.my/bitstreams/5b1b185d-fe16-496b-a36d-ced0312f252b/download
https://oarep.usim.edu.my/bitstreams/c3c17d35-2b08-4ff7-a360-25b80c00dbe4/download
https://oarep.usim.edu.my/bitstreams/975c6811-eeaa-42e7-86f6-d43c8c6a633e/download
https://oarep.usim.edu.my/bitstreams/ba47c75c-1624-4779-9edc-a1b3b2daefa8/download
https://oarep.usim.edu.my/bitstreams/fd0ada8d-090b-412e-a914-eca68c07a25b/download
https://oarep.usim.edu.my/bitstreams/a7d5b5b2-1378-410b-94fc-1517b40326a0/download
https://oarep.usim.edu.my/bitstreams/4b68d46d-fcca-4cac-a589-1c7b6930cd39/download
https://oarep.usim.edu.my/bitstreams/8028d147-94bc-4963-9bf0-2af5c63f1130/download
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-usim-ddms-13015
record_format uketd_dc
institution Universiti Sains Islam Malaysia
collection USIM Institutional Repository
language en_US
topic Software security
Security systems
Secure Appreciative Inquiry Fuzzy Quantification Technique (SAIFQT)
spellingShingle Software security
Security systems
Secure Appreciative Inquiry Fuzzy Quantification Technique (SAIFQT)
Omar Isam Homaidi Al Mrayat
Secure Appreciative Inquiry Fuzzy Quantification Technique For Quantifying Software Security Requirements
description Software developers generally focused on the core’s functions and features, but the security was only addressed as afterthought even though it was too late. The lack of proper consideration of security requirements during the early stages may lead to the development of an application with a poor security and the cost of correcting it might at an early stage helps to design a secure application that can withstand malicious attacks. Therefore, software and system developers need practical and systematic approaches to obtain sufficient and credible evidence of the security level in the system, which is under development in early phases of software development life-cycle (SDLC). Currently, there is limited number of reliable technique or method to quantify security requirements in software industry. Thus , the objective of the study is to construct a framework to elicit and quantify security requirements in order to ensure secure software been developed. Here, the work introduce a framework called Secure Appreciative Inquiry Fuzzy Quantification Technique (SAIFQT) which integrate Appreciative Inquiry, SQUARE, CLASP and Fuzzy Soft Set Theory techniques in eliciting and quantifying security requirements. The proposed framework, SAIFQT was evaluated with by case studies, penetration testing and validated by security experts. A mixed methodology was used in this study, a qualitative and explorative method. The results show that the proposed technique, SAIFQT was proved successfully in eliciting a new and unique software and security requirements specification. The results show the strong points in the proposed technique comparing to the normal SDLC, according to penetration testing reports, which shows three low priority alerts for the proposed technique. Meanwhile the report related to the prototype built using normal SDLC shows four high priority alerts and one for each of medium, low and informational priority security alerts. Thus , is study registered their contribution to cover security vulnerability in software intended to be build in future.
format Thesis
author Omar Isam Homaidi Al Mrayat
author_facet Omar Isam Homaidi Al Mrayat
author_sort Omar Isam Homaidi Al Mrayat
title Secure Appreciative Inquiry Fuzzy Quantification Technique For Quantifying Software Security Requirements
title_short Secure Appreciative Inquiry Fuzzy Quantification Technique For Quantifying Software Security Requirements
title_full Secure Appreciative Inquiry Fuzzy Quantification Technique For Quantifying Software Security Requirements
title_fullStr Secure Appreciative Inquiry Fuzzy Quantification Technique For Quantifying Software Security Requirements
title_full_unstemmed Secure Appreciative Inquiry Fuzzy Quantification Technique For Quantifying Software Security Requirements
title_sort secure appreciative inquiry fuzzy quantification technique for quantifying software security requirements
granting_institution Universiti Sains Islam Malaysia
url https://oarep.usim.edu.my/bitstreams/47d76fb4-a625-43c5-8766-4cec0b78679b/download
https://oarep.usim.edu.my/bitstreams/47c5d0d0-e00e-469f-aad2-6628647e4939/download
https://oarep.usim.edu.my/bitstreams/bfa8758e-b4f7-4e5b-bfe6-97b5e4d6b7fe/download
https://oarep.usim.edu.my/bitstreams/009ecc46-9c0e-4d01-9940-bbcd37f5dcce/download
https://oarep.usim.edu.my/bitstreams/5b1b185d-fe16-496b-a36d-ced0312f252b/download
https://oarep.usim.edu.my/bitstreams/c3c17d35-2b08-4ff7-a360-25b80c00dbe4/download
https://oarep.usim.edu.my/bitstreams/975c6811-eeaa-42e7-86f6-d43c8c6a633e/download
https://oarep.usim.edu.my/bitstreams/ba47c75c-1624-4779-9edc-a1b3b2daefa8/download
https://oarep.usim.edu.my/bitstreams/fd0ada8d-090b-412e-a914-eca68c07a25b/download
https://oarep.usim.edu.my/bitstreams/a7d5b5b2-1378-410b-94fc-1517b40326a0/download
https://oarep.usim.edu.my/bitstreams/4b68d46d-fcca-4cac-a589-1c7b6930cd39/download
https://oarep.usim.edu.my/bitstreams/8028d147-94bc-4963-9bf0-2af5c63f1130/download
_version_ 1812444698777747456
spelling my-usim-ddms-130152024-05-29T18:30:11Z Secure Appreciative Inquiry Fuzzy Quantification Technique For Quantifying Software Security Requirements Omar Isam Homaidi Al Mrayat Software developers generally focused on the core’s functions and features, but the security was only addressed as afterthought even though it was too late. The lack of proper consideration of security requirements during the early stages may lead to the development of an application with a poor security and the cost of correcting it might at an early stage helps to design a secure application that can withstand malicious attacks. Therefore, software and system developers need practical and systematic approaches to obtain sufficient and credible evidence of the security level in the system, which is under development in early phases of software development life-cycle (SDLC). Currently, there is limited number of reliable technique or method to quantify security requirements in software industry. Thus , the objective of the study is to construct a framework to elicit and quantify security requirements in order to ensure secure software been developed. Here, the work introduce a framework called Secure Appreciative Inquiry Fuzzy Quantification Technique (SAIFQT) which integrate Appreciative Inquiry, SQUARE, CLASP and Fuzzy Soft Set Theory techniques in eliciting and quantifying security requirements. The proposed framework, SAIFQT was evaluated with by case studies, penetration testing and validated by security experts. A mixed methodology was used in this study, a qualitative and explorative method. The results show that the proposed technique, SAIFQT was proved successfully in eliciting a new and unique software and security requirements specification. The results show the strong points in the proposed technique comparing to the normal SDLC, according to penetration testing reports, which shows three low priority alerts for the proposed technique. Meanwhile the report related to the prototype built using normal SDLC shows four high priority alerts and one for each of medium, low and informational priority security alerts. Thus , is study registered their contribution to cover security vulnerability in software intended to be build in future. Universiti Sains Islam Malaysia 2015-01 Thesis en_US https://oarep.usim.edu.my/handle/123456789/13015 https://oarep.usim.edu.my/bitstreams/47c911aa-1060-4612-a5cf-0fff8aaf4dc1/download 8a4605be74aa9ea9d79846c1fba20a33 https://oarep.usim.edu.my/bitstreams/47d76fb4-a625-43c5-8766-4cec0b78679b/download 98d2132f035f19697d656173057df472 https://oarep.usim.edu.my/bitstreams/47c5d0d0-e00e-469f-aad2-6628647e4939/download 3b242c94eb01ee369ad7c1cf48bcdb65 https://oarep.usim.edu.my/bitstreams/bfa8758e-b4f7-4e5b-bfe6-97b5e4d6b7fe/download dd6fec719943190556604965933e6e20 https://oarep.usim.edu.my/bitstreams/009ecc46-9c0e-4d01-9940-bbcd37f5dcce/download 3d961df6ce0965be09b11bed5bdf8079 https://oarep.usim.edu.my/bitstreams/5b1b185d-fe16-496b-a36d-ced0312f252b/download 8bdb11fa4b61cc7587a65da0b569224c https://oarep.usim.edu.my/bitstreams/c3c17d35-2b08-4ff7-a360-25b80c00dbe4/download f93eb4a633e35356a950611b40f267ce https://oarep.usim.edu.my/bitstreams/975c6811-eeaa-42e7-86f6-d43c8c6a633e/download 0d50a01a5f65f4e5ceb62e896e6b5a15 https://oarep.usim.edu.my/bitstreams/ba47c75c-1624-4779-9edc-a1b3b2daefa8/download a577c2ee173e170c00a6c4d585889637 https://oarep.usim.edu.my/bitstreams/fd0ada8d-090b-412e-a914-eca68c07a25b/download 38090934ce89a79f05dac7a2c7635b34 https://oarep.usim.edu.my/bitstreams/a7d5b5b2-1378-410b-94fc-1517b40326a0/download fa7f51db625201c17c3f033434013cc7 https://oarep.usim.edu.my/bitstreams/4b68d46d-fcca-4cac-a589-1c7b6930cd39/download 914b1b960a75657814f52a592fea79a3 https://oarep.usim.edu.my/bitstreams/8028d147-94bc-4963-9bf0-2af5c63f1130/download 34554349f58e733ebd0e0590505c8701 https://oarep.usim.edu.my/bitstreams/b74bc5db-1a5a-4b8c-a357-b86ec3b18b0a/download 68b329da9893e34099c7d8ad5cb9c940 https://oarep.usim.edu.my/bitstreams/123c6089-db02-412a-8f47-1b26a99569b1/download 06b7e51e8fc077b8c75076712e4dd2b3 https://oarep.usim.edu.my/bitstreams/f8b8936f-bcd0-4e45-b8f4-246ac597f369/download 33f4f15a16a9843faf6a25d4f387b6fd https://oarep.usim.edu.my/bitstreams/a265eb34-76a6-4cf8-ba92-e46f7ec64228/download 12e043953cadc5683745a10a5ed85d37 https://oarep.usim.edu.my/bitstreams/657a979e-0992-4518-90af-f0022e73d911/download 67e866c735744ec6037b77b623ee022d https://oarep.usim.edu.my/bitstreams/9e15895c-deac-4dd6-a49a-1ff6655d3644/download 48b012ab8bc20a1da2bfe3249367e5f4 https://oarep.usim.edu.my/bitstreams/ff4756e7-de69-4200-9d77-1336e15542c8/download 67e866c735744ec6037b77b623ee022d https://oarep.usim.edu.my/bitstreams/c70b0cac-9a5f-443a-92b1-e2cf91ed9c82/download e7711418a0408d22b4e57a3b333e8ba0 https://oarep.usim.edu.my/bitstreams/0179fbbf-43f6-4cc3-b12f-ec8cc8fff5b1/download 8d1b69dd9bdc9df4a8073c7a8193c7af https://oarep.usim.edu.my/bitstreams/2439b9ac-6e4c-4566-95df-3f59c92a683e/download 212b0306580d4f0044d18f9a3edcc832 https://oarep.usim.edu.my/bitstreams/87577154-306f-45d6-9eda-2746c6f69031/download 24e648839aa31918bceb936aff170ec0 https://oarep.usim.edu.my/bitstreams/0626b48d-7001-4fb4-86e6-7404598d4252/download d9e7b13e29e970f8165021c61dd26d84 Software security Security systems Secure Appreciative Inquiry Fuzzy Quantification Technique (SAIFQT)