Cluster Computing

, Volume 10, Issue 1, pp 47–55 | Cite as

A fuzzy outranking approach in risk analysis of web service security

  • Ping Wang
  • Kuo-Ming Chao
  • Chi-Chun Lo
  • Chun-Lung Huang
  • Muhammad Younas


Risk analysis is considered as an important process to identify the known and potential vulnerabilities and threats in the web services security. It is quite difficult for users to collect adequate events to estimate the full vulnerabilities and probability of threats in the Web, due to the rapid change of the malicious attacks and the new computer’s vulnerabilities. In this paper, a fuzzy risk assessment model is developed in order to evaluate the risk of web services in a situation where complete information is not available. The proposed model extends Pseudo-Order Preference Model (POPM) to estimate the imprecise risk based on richness of information and to determine their ranking using a weighted additive rule. A case study of a number of web services is presented in order to test the proposed approach.


Fuzzy outranking Risk analysis Web services security Pseudo-order POPM 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    2005 CSI/FBI Computer crime and security survey., May 2006
  2. 2.
    William, S.: In: Cryptography and Network Security: Principles and Practice, 2nd edn., pp. 441–473. Prentice Hall, London (1999) Google Scholar
  3. 3.
    Maiwald, E.: Network Security: a Beginner’s Guide. McGraw-Hill, New York (2001) Google Scholar
  4. 4.
    Damiani, E., Vimercati, S.D.C., Samarati, P.: Towards securing XML web services. In: Proceedings of the 2002 ACM Workshop on XML security, November, 2002 Google Scholar
  5. 5.
    Naedele, M.: Standards for XML and web services security. Comput. 36(4), 96–98 (2003) CrossRefGoogle Scholar
  6. 6.
    Kraft, R.: Designing a distributed access control processor for network services on the Web. In: Proceedings of the 2002 ACM Workshop on XML security, November, 2002 Google Scholar
  7. 7.
    Bhargavan, K., Corin, R., Fournet, C., Gordon, A.D.: Secure sessions for web services. In: Proceedings of the 2004 Workshop on Secure Web Service (SWS ’04), October, 2004 Google Scholar
  8. 8.
    Carroll, J.M.: Decision support for risk analysis. Comput. Secur. 2(3), 230–236 (1983) CrossRefGoogle Scholar
  9. 9.
    ISO/IEC 13335-1:2004: Management of information and communications technology security—Part 1: Concepts and models for information and communications technology security management Google Scholar
  10. 10.
    Lee, H.M.: Group decision making using fuzzy sets theory for evaluating the rate of aggregative risk in software development. Fuzzy Sets Syst. 80(3), 261–271 (1996) CrossRefGoogle Scholar
  11. 11.
    Chen, S.-M.: Fuzzy group decision making for evaluating the rate of aggregative risk in software development. Fuzzy Sets Syst. 18, 75–88 (2001) CrossRefGoogle Scholar
  12. 12.
    Koller, G.R.: Risk Assessment and Decision Making in Business and Industry: a Practical Guide. CRC, London (2000) Google Scholar
  13. 13.
    Roy, B., Vincke, P.H.: Relational system of preference with one or more pseudo-criteria: some new concepts and results. Manag. Sci. 30(11), 1323–1335 (1984) MATHMathSciNetCrossRefGoogle Scholar
  14. 14.
    Chiclana, F., Herrera, F., Herrera-Viedma, E.: Integrating three representation models in fuzzy multipurpose decision making based on fuzzy preference relations. Fuzzy Sets Syst. 97, 33–48 (1998) MATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Chiclana, F., Herrera, F., Herrera-Viedma, E.: A classification method of alternatives for multiple preference ordering criteria based on fuzzy majority. J. Fuzzy Math. 34, 224–229 (1996) MathSciNetGoogle Scholar
  16. 16.
    Herrera, F., Herrera-Viedma, E., Verdegay, J.L.: A rational consensus model in group decision making using linguistic assessments. Fuzzy Sets Syst. 88, 31–49 (1997) CrossRefGoogle Scholar
  17. 17.
    Kacprzyk, J., Fedrizzi, M.: A human-consistent degree of consensus based on fuzzy logic with linguistic quantifiers. Math. Soc. Sci. 18, 275–290 (1989) MATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Tanino, T.: Fuzzy preference ordering in group decision making. Fuzzy Sets Syst. 12, 117–131 (1984) MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Wang, J.: A fuzzy outranking approach for design evaluation in conceptual design. Int. J. Pro. RES 35(4), 995–1010 (1997) MATHCrossRefGoogle Scholar
  20. 20.
    Orlovski, S.A.: Decision-making with a fuzzy preference relation. Fuzzy Sets Syst. 1, 155–167 (1978) CrossRefGoogle Scholar
  21. 21.
    Holgersson, J., Soderstrom, E.: Web service security—vulnerabilities and threats within the context of WS-security. In: The 4th Conference on Standardization and Innovation in Information Technology, September 2005, pp. 138–146 Google Scholar
  22. 22.
    BS 7799-1:2000: Information security management—Part 1: Code of practice for information security management. British Standards Institution, London Google Scholar
  23. 23.
    Zadeh, L.A.: A computational approach to fuzzy quantifiers in natural languages. Comput. Math. Appl. 9, 149–184 (1983) MATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Web services activity,

Copyright information

© Springer Science+Business Media, LLC 2007

Authors and Affiliations

  • Ping Wang
    • 1
  • Kuo-Ming Chao
    • 2
    • 3
  • Chi-Chun Lo
    • 4
  • Chun-Lung Huang
    • 4
  • Muhammad Younas
    • 5
  1. 1.Department of MISKun Shan University of TechnologyTainanTaiwan
  2. 2.Software SchoolFudan UniversityShanghaiChina
  3. 3.Faculty of Engineering and ComputingCoventry UniversityCoventryUK
  4. 4.Institute of Information ManagementNational Chiao Tung UniversityHsinchuTaiwan
  5. 5.Department of ComputingOxford Brookes UniversityOxfordUK

Personalised recommendations