FUZZY DESCRIPTION OF SECURITY REQUIREMENTS FOR INTRUSION TOLERANT WEB-SERVICES

Performing security analysis in the early stages of web-services development is a major engineering trend. However, it is not always possible to entirely identify and mitigate the security threats within the web-service. This may eventually lead to security failure of the service. To avoid security failure, the web-service must tolerate the possible intrusions. Intrusion tolerance must be incorporated in the security requirements of the service. In this paper, we propose a new technique toward description of security requirements of Intrusion Tolerant Services (ITS) using fuzzy logic. We care for intrusion tolerance in to the security requirements of the web-service through considering partial satisfaction of security goals. This partiality is addressed through establishment of a Goal-Based Fuzzy Grammar (GFG) for describing Security Requirement Model (SRM) of the ITS.