Abstract Software components are imperative parts of a system which play a fundamental role in the overall function of a system. A component is said to be secure if it has a towering scope of security. Security is a shield for unauthorized use as unauthorized users may informally access and modify components within a system. Such accessing and modifications ultimately affect the functionality and efficiency of a system. With an increase in software development activities security of software components is becoming an important issue. In this study, a fuzzy logic based model is presented to handle ISO/IEC 18028-2 security attributes for component security evaluation. For this purpose an eight input, single output model based on the Mamdani fuzzy inference system has been proposed. This component security evaluation model helps software engineers during component selection in conditions of uncertainty and ambiguity.

References

[1] Bilal M., Hussain A., Jaffar M., Choi T., and Mirza A., Estimation and Optimization Based ill-posed Inverse Restoration using Fuzzy Logic, Multimedia Tools and Applications, vol. 69, no. 3, pp. 1067-1087, 2014.

[2] Cai X., Lyu R., and Wong K., Component- Based Embedded Software Engineering: Development Framework, Quality Assurance and A Generic Assessment Environment, International Journal of Software Engineering and Knowledge Engineering, vol. 12, no. 2, pp. 107-133, 2002.

[3] Engina O., elika A., and Kaya ., A fuzzy Approach to Define Sample Size for Attributes Control Chart in Multistage Processes: An Application in Engine Valve Manufacturing Process, Applied Soft Computing, vol. 8, no. 4, pp. 1654-1663, 2008.

[4] Fredrick T. and Radhamani G., The Fuzzy Logic Based ECA Rule Processing for XML Databases, The International Arab Journal of Information Technology, vol. 12, no. 6A, pp. 635-641, 2015.

[5] Gandotra V., Singhal A., and Bedi P., A Step Towards Secure Software System using Fuzzy logic, in proceedings of 2nd International Conference on Computer Engineering and Technology, Chengdu, pp. 427-432, 2010.

[6] Ghosh A. and McGraw G., An Approach for Certifying Security in Software Components, in Proceedings of 21st National Information Systems Security Conference, National Institute, Standards and Technology, pp. 82-86, 1998.

[7] Jeon G., Park S., Fang Y., Lee R., and Jeong J., Application for Deinterlacing Method using Edge Direction Classification and Fuzzy Inference System, Multimedia Tools and Applications, vol. 59, no. 1, pp. 149-168, 2012.

[8] Khan K., Han J., and Zheng Y., Security Properties of Software Components, in Proceedings of International Workshop on Information Security, Kuala Lumpur, pp. 52-56, 1999.

[9] Khan K. and Han J., A Security Characterisation Framework for Trustworthy Component Based Software Systems, in Proceedings of the 27th Annual International Computer Software and Applications Conference, Dallas, pp. 164 - 169, 2003.

[10] Khan K., Han J., and Zheng Y., A Scenario Based Security Characterisation of Software Components, in Proceedings of the 3rd Australasian Workshop on Software and System Architectures, Sydney, pp. 55-63, 2000.

[11] Lee J., Yoo C., and Chang O., Component Contract-Based Interface Specification Technique using Z, International Journal of Software Engineering and Knowledge Engineering, vol. 12, no. 4, pp. 453-469, 2002.

[12] Liao N., Tian S., and Wang T., Network Forensics based on Fuzzy Logic and Expert System, Computer Communications, vol. 32, no. 17, pp. 1881-1892, 2009.

[13] Lofti A., Fuzzy Logic, Computer, vol. 21, no. 4, pp. 83-93, 1988.

[14] Moriconi M., Qian X., Riemenschneider R., and Gong L., Secure Software Architectures, IEEE Symposium on Security and Privacy, CA, pp. 84- 93, 1997.

[15] Nazir S., Khan M., Anwar S., Khan H., and Nazir M., A Novel Fuzzy Logic Based Software Component Selection Modeling, in Proceedings of International Conference on Information Science and Applications, Suwon, pp. 1-6, 2012.

[16] Nazir S., Shahzad S., Khan S., Alias N., and Anwar S., A Novel Rules Based Approach for Estimating Software Birthmark, The Scientific World Journal, vol. 2015, pp. 1-8, 2015.

[17] Rawashdeh A. and Matalkah B., A New Software Quality Model for Evaluating COTS Components, Journal of Computer Science, vol. 2, no. 4, pp. 373-381, 2006.

[18] Sandhu P. and Singh H., A neuro-fuzzy based Software Reusability Evaluation System with Optimized Rule Selection, in Proceedings of International Conference on Emerging Technologies, Peshawar, pp. 664-669, 2006.

[19] Siadat S., Rahmani A., and Mohsenzadeh M., Proposed Platform for Improving Grid Security by Trust Management System, Computer Science and Information Security, vol. 6, no.1, pp. 143-148, 2009.

[20] Sabnis S., Chandrashekhar U., and Bastry F., Challenges of Securing an Enterprise and Meeting Regulatory Mandates, in Proceedings of the 12th International Telecommunications Network Strategy and Planning Symposium, New Delhi, pp. 1-6, 2006. Fuzzy Logic based Decision Support System for Component Security Evaluation 231 Shah Nazir did PhD in Computer Science with specialization in Software Engineering from University of Peshawar. He has more than 20 research publications in well reputed international Journals and conference proceedings. He is serving at the University of Peshawar, Pakistan. Sara Shahzad has a Ph.D. in Agile Software Development Processes with an interest towards Software Process Improvement. She is running Software Engineering research group at the department of Computer Science, University of Peshawar. Currently, she is working in the areas of software quality, reverse engineering, and empirical Software Engineering research with a focus on Software Engineering Education. Saeed Mahfooz has done his Ph.D. from Liverpool John Moore University, Liverpool, UK in Distributed Multimedia Systems in 2001. Before that he has done MS from WIU Arizona State, USA in 1990. His research interest includes QoS Architectures, QoS Routing, Network Protocols, IPv6, Cloud Computing, Wireless Networks, MANETs, future Internet architecture and Next Generation Networks. He is also heading the Computer Networks Research Group at Department of Computer Science, University of Peshawar. He is also member of IEEE and currently he is head of the Computer Science Department, University of Peshawar. Muhammad Nazir did his MSc in Computer Science from University of Peshawar. Currently he is enrolled in MS Computer Science program with specialization in the field of databases.