Evaluation of Multi Criteria Decision Making Methods for Potential Use in Application Security

Abstract: With an upsurge in number of available smart phones, tablet PCs etc. most users find it easy to access Internet services using mobile applications. It has been a challenging task for mobile application developers to choose suitable security types (types of authentication, authorization, security protocols, cryptographic algorithms etc.) for mobile applications. Choosing an inappropriate security type for a mobile application may lead to performance degradation and vulnerable issues in applications. The choice of the security type can be done by decision making. Decision making is a challenging task for humans. When choosing a single alternative among a set of alternatives with multiple criteria, it is hard to know which one is the better decision. Mobile application developers need to incorporate Multi-Criteria Decision Making (MCDM) Models to choose a suitable security type for mobile application. A decision model for application security enhances decision making for mobile application developers to decide and set the required security types for the application. In this thesis, we discuss different types of MCDM models that have been applied in an IT security area and scope of applying MCDM models in application security area. Literature review and evaluation of the selected decision models gives a detailed overview on how to use them to provide application security.