Specifying a New Requirement Model for Secure Adaptive Systems
Abstract Security is a growing concern in developing software systems. It is important to face unknown threats in order to make the system continue operating properly. Threats are vague and attack methods change frequently. Coping with such changes is a major feature of an adaptive software. Therefore, designing an adaptive secure software is an appropriate solution to address software security challenges. Through estimation of maximum amount of system assets security, one can determine whether the system is protecting the assets or not; if not, reconfiguration can be employed. This paper proposes a new requirement model for secure adaptive systems using fuzzy, goal modeling and Description Logic concepts. The model contains three phases of modeling security aspects of the system, identifying formalizations and relations between the requirements and monitoring and adapting, when needed. To illustrate the relations between the requirements, goal modeling is used in the first phase and fuzzy Description Logic in the second phase. For the third phase, four algorithms are proposed to monitor and determine whether reconfiguration is needed or not. Theorems are given to prove concept satisfaction of the requirements. Furthermore, examples and case studies are discussed to evaluate and show applicability of the proposed model.