Quantitative Evaluation of Systems with Security Patterns Using a Fuzzy Approach

The importance of Software Security has been evident, since it has been shown that most attacks to software systems are based on vulnerabilities caused by software poorly designed and developed. Furthermore, it has been discovered that it is desirable to embed security already at design phase. Therefore, patterns aiming at enhancing the security of a software system, called security patterns, have been suggested. The main target of this paper is to propose a mathematical model, based on fuzzy set theory, in order to quantify the security characteristics of systems using security patterns. In order to achieve this we first determine experimentally to what extent specific security patterns enhance several security aspects of systems. To determine this, we have developed two systems, one without security patterns and one containing them and have experimentally determined the level of the higher robustness to attacks of the latter. The proposed mathematical model follows.