Fuzzy logic driven security requirements engineering process

Abstract

Security requirements are non-functional requirements which are employed to protect the information from unauthorized users. After the requirements elicitation process, a system may have several requirements; and practically it is not possible to provide security for all the requirements because of the budget and other constraints of an organization. So, it is important to identify the selected set of software requirements. Selection of software requirements based on different criteria like cost and security is a multi-criteria decision making (MCDM) problem in which different stakeholders are involved and they specify their preferences on software requirements using linguistic variables. Based on our review, we found that existing methods like multilateral, problem frame, goal oriented, and common criteria do not support MCDM methods for the identification of those requirements which need more security during the development process. Therefore, to address this issue, in this paper, we present a fuzzy logic driven security requirements engineering process. Finally, the proposed methodology is explained with the help of an example.