There is wide concern on the security of software systems because many organizations depend largely on them for their day-to-day operations. Since we have not seen a software system that is completely secure, there is need to analyze and determine the security risk of emerging software systems.
This work presents a technique for analyzing software security using fuzzy expert system. The inputs to the system are suitable fuzzy sets representing linguistic values for software security goals of confidentiality, integrity and availability. The expert rules were constructed using the Mamdani fuzzy reasoning in order to adequately analyze the inputs. The defuzzication technique was done using Centroid technique. The implementation of the design is done using MATLAB fuzzy logic tool because of its ability to implement fuzzy based systems.
Using newly develop software products from three software development organizations as test cases, the results show a system that can be used to effectively analyze software security risk.
ANALYSIS AND DESIGN
The design is basically divided into four stages:
1) DESIGN OF THE LINGUISTIC VARIABLES
The inputs to the system are the values assumed for the software security goal thru confidentiality, integrity and availability. The goals are assumed to be the same weight and a particular valued is determined for each of them based on questions that are answered about the specific software.
Also the values determined for each of the input are defined as a fuzzy number instead of crisp numbers by using suitable fuzzy sets. Designing the fuzzy system requires that the different inputs (that is, confidentiality, integrity, and availability) are represented by fuzzy sets. The fuzzy sets are in turn represented by a membership function.
2) THE FUZZY SETS
The level of confidentiality is defined based on the scales of not confidential, slightly confidential, very confidential and extremely confidential. The level of integrity is also defined based on the scales very low, low, high, very high, and extra high. Also, the level of availability is also defined by the scales very low, low, high, very high and extra high. The levels defined above are based on a range definition with an assumed interval of [0 -10].
The fuzzy sets above are represented by membership functions. The corresponding membership functions for confidentiality, integrity and availability are presented in figures below [pic] The level of security risk is defined based on the scales: not secure, slightly secure, secure, very secure, and extremely secure within the range of [0- 30].
3) THE RULES OF THE FUZZY SYSTEM
Once the input and output fuzzy sets and membership functions are constructed, the rules are then formulated. The rules are formulated based on the input parameters (confidentiality, integrity, and availability) and the output i. e. level of security risk.
The levels of confidentiality, integrity, and availability are used in the antecedent of rules and the level of security risk as the consequent of rules. A fuzzy rule is conditional statement in the form: IF x is A THEN y is B. Where x and y are linguistic variables; and A and B are linguistic values determined by fuzzy sets on universe of discourses X and Y, respectively. Both the antecedent and consequent of a fuzzy rule can have multiple parts. All parts of the antecedent are calculated simultaneously and resolved in a single number and the antecedent affects all parts of the consequent equally.
Some of the rules used in the design of this fuzzy Systems are as follow:
If (Confidentiality is Not Confidential) and (Integrity is Very Low) and (Availability is Very Low) then (Security Risk is Not Secure).
If (Confidentiality is Not Confidential) and (Integrity is Very Low) and (Availability is Low) then (Security Risk is Slightly Secure).
If (Confidentiality is Extremely Confidential) and (Integrity is Extra High) and (Availability is High) then (Security Risk is Slightly Secure).
If (Confidentiality is Not Confidential) and (Integrity is Very Low) and (Availability is high) then (Security Risk is Extremely Secure).
The rules above were formulated using the Mamdani max-min fuzzy reasoning.
DEVELOPMENT AND IMPLEMENTATION
The linguistic variables were determined with the extent of the positive and negative responses to a well constructed security questions that are presented in form of on-line questionnaire. As it was mentioned earlier, MATLAB was used for the implementation. The linguistic inputs to the system are supplied through the graphical user interface called rule viewer.
Once the rule viewer has been opened, the input variables are supplied in the text box captioned input with each of them separated with a space.
a) THE FIS EDITOR
The fuzzy inference system editor shows a summary of the fuzzy inference system. It shows the mapping of the inputs to the system type and to the output. The names of the input variables and the processing methods for the FIS can be changed through the FIS editor.
b) THE MEMBERSHIP FUNCTION EDITOR
This can be opened from the command window by using the plotmf function but more easily through the GUI.
The membership function editor shows a plot of highlighted input or output variable along their possible ranges and against the probability of occurrence. The name and the range of a membership value can be changed, so also the range of the particular variable itself through the membership function editor.
c) THE RULE EDITOR
The rule editor can be used to add, delete or change a rule. It is also used to change the connection type and the weight of a rule.
d) THE RULE VIEWER
The text box captioned input is used to supply the three input variables needed in the system. The appropriate input corresponds to the number of YES answer in the questionnaire for each of the input variables. For example, all the input variables are 5 and the corresponding output is 13. 9, which specified at the top of the corresponding graphs. The input for each of the input variables is specified at the top of the section corresponding to them, so also the output variable.
e) THE SURFACE VIEWER
The surface viewer shown in figure 9 is a 3-D graph that shows the relationship between the inputs and the output. The output (security Risk) is represented on the Z-axis while 2 of the inputs (Confidentiality and Integrity) are on the x and y axes and the other input (Availability) is held constant. The surface viewer shows a plot of the possible ranges of the input variables against the possible ranges of the output.
The security risk analysis system was evaluated using three newly completed software products from three different software development organizations. The output determines the security level of software under consideration. The summary of the evaluation is given in figure 11. For product A, 5 is the score for confidentiality, 5 for the integrity and 5 for the availability.
CONCLUSION AND FINDING
Thus, this work proposes a fuzzy logic-based technique for determination of level of security risk associated with software systems. Fuzzy logic is one of the major tools used for security analysis. The major goals of secure software which are used as the inputs to them system are the preservation of confidentiality (preventing unauthorized disclosure of information), preservation of integrity (preventing unauthorized alteration of information) and preservation of availability (preventing unauthorized destruction or denial of access or service to an authentic user).
It might be necessary to redesign this system in a way that it will be deployable and will be without the use of MATLAB. It might also be necessary to use an adaptive fuzzy logic technique for security risk analysis. We have been able to design a system that can be used to evaluate the security risk associated with the production of secure software systems. This will definitely help software organizations meet up with the standard requirements. A technique for assessing security of software system before final deployment has been presented.
The result of this study shows that if the software producing companies will incorporate security risk analysis into the production of software system, the issue of insecurity of software will be held to the minimum if not eliminated. This study has also revealed that if each of the software security goals can be increased to the maximum, then the level security will also be increased and the risk associated will be eliminated. Finally, security risk analysis is a path towards producing secure software and should be considered a significant activity by software development organizations.