A fuzzy outranking approach in risk analysis of web service security

Risk analysis is considered as an important process to identify the known and potential vulnerabilities and threats in the web services security. It is quite difficult for users to collect adequate events to estimate the full vulnerabilities and probability of threats in the Web, due to the rapid change of the malicious attacks and the new computer’s vulnerabilities. In this paper, a fuzzy risk assessment model is developed in order to evaluate the risk of web services in a situation where complete information is not available. The proposed model extends Pseudo-Order Preference Model (POPM) to estimate the imprecise risk based on richness of information and to determine their ranking using a weighted additive rule. A case study of a number of web services is presented in order to test the proposed approach

BOF4WSS : a business-oriented framework for enhancing web services security for e-business

When considering Web services' (WS) use for online business-to-business (B2B) collaboration between companies, security is a complicated and very topical issue. This is especially true with regard to reaching a level of security beyond the technological layer, that is supported and trusted by all businesses involved. With appreciation of this fact, our research draws from established development methodologies to develop a new, business-oriented framework (BOF4WSS) to guide e-businesses in defining, and achieving agreed security levels across these collaborating enterprises. The approach envisioned is such that it can be used by businesses-in a joint manner-to manage the comprehensive concern that security in the WS environment has become

Multi-Criteria Decision Making in software development:a systematic literature review

Abstract. Multiple Criteria Decision Making is a formal approach to assist decision makers to select the best solutions among multiple alternatives by assessing criteria which are relatively precise but generally conflicting. The utilization of MCDM are quite popular and common in software development process. In this study, a systematic literature review which includes creating review protocol, selecting primary study, making classification schema, extracting data and other relevant steps was conducted. The objective of this study are making a summary about the state-of-the-art of MCDM in software development process and identifying the MCDM methods and MCDM problems in software development by systematically structuring and analyzing the literature on those issues. A total of 56 primary studies were identified after the review, and 33 types of MCDM methods were extracted from those primary studies. Among them, AHP was defined as the most frequent used MCDM methods in software development process by ranking the number of primary studies which applied it in their studies, and Pareto optimization was ranked in the second place. Meanwhile, 33 types of software development problems were identified. Components selection, design concepts selection and performance evaluation became the three most frequent occurred problems which need to be resolved by MCDM methods. Most of those MCDM problems were found in software design phase. There were many limitations to affect the quality of this study; however, the strictly-followed procedures of SLR and mass data from thousands of literature can still ensure the validity of this study, and this study is also able to provide the references when decision makers want to select the appropriate technique to cope with the MCDM problems

VIKOR Technique:A Systematic Review of the State of the Art Literature on Methodologies and Applications

The main objective of this paper is to present a systematic review of the VlseKriterijuska Optimizacija I Komoromisno Resenje (VIKOR) method in several application areas such as sustainability and renewable energy. This study reviewed a total of 176 papers, published in 2004 to 2015, from 83 high-ranking journals; most of which were related to Operational Research, Management Sciences, decision making, sustainability and renewable energy and were extracted from the “Web of Science and Scopus” databases. Papers were classified into 15 main application areas. Furthermore, papers were categorized based on the nationalities of authors, dates of publications, techniques and methods, type of studies, the names of the journals and studies purposes. The results of this study indicated that more papers on VIKOR technique were published in 2013 than in any other year. In addition, 13 papers were published about sustainability and renewable energy fields. Furthermore, VIKOR and fuzzy VIKOR methods, had the first rank in use. Additionally, the Journal of Expert Systems with Applications was the most significant journal in this study, with 27 publications on the topic. Finally, Taiwan had the first rank from 22 nationalities which used VIKOR technique

Security Enhanced Applications for Information Systems

Every day, more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users’ trust as well as the reputation of the system’s stakeholders. Designing and implementing security enhanced systems is of vital importance. Therefore, this book aims to present a number of innovative security enhanced applications. It is titled “Security Enhanced Applications for Information Systems” and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments

Assessment of vulnerability to climate change: theoretical and methodological developments with applications to infrastructure and built environment

Assessing vulnerability to climate change can help policymakers in incorporating climate futures in planning and in better allocating adaptation resources. Indicator Based Vulnerability Assessment (IBVA) has been widely used because it is relatively simple to design, implement and communicate. However, this approach faces significant difficulties from conceptual, theoretical and methodological points of view. A number of assumptions are typically made in methods used for aggregation of indicators—a linear, monotonic relationship between indicator and vulnerability; complete compensation between indicators; precise knowledge of vulnerable systems by stakeholders who provide input data for the assessment exercise—none of which usually hold in reality. Following a meta-analysis of the IBVA literature, the thesis proposes a) a general mathematical framework for vulnerability assessment that better identifies sources of uncertainty and non-linearity; b) a new IBVA assessment methodology, and associated computer tool, based on a pair-wise outranking approach borrowed from decision science; the methodology can represent various sources of uncertainty, different degree of compensation between indicators and different types of non-linearity in the relationship between indicators and vulnerability and; c) a system dynamics model, integrated in the above framework, for studying vulnerability of infrastructure systems and better representing the mechanistic interdependency of their components. These methods are applied to a real-life assessment of the vulnerability to sea-level rise of communities and infrastructure systems in Shoalhaven, south of Sydney, at local scale. The assessment is conducted in collaboration with the Shoalhaven council and includes an analysis of the sensitivity of vulnerability rankings to community preferences. In addition, the effect of using an outranking framework on the way vulnerability is conceptualized by stakeholders is critically appraised