Fuzzyfortify: a multi-attribute risk assessment for multi-factor authentication and cloud container orchestration
Securing cloud-native infrastructures that integrate Multi-Factor Authentication (MFA) via FIDO2, container orchestration with Kubernetes, and Dockerized microservices remains a complex challenge due to interdependent vulnerabilities and escalating adversarial threats. To address this, we propose a...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Frontiers Media S.A.
2025-07-01
|
| Series: | Frontiers in Computer Science |
| Subjects: | |
| Online Access: | https://www.frontiersin.org/articles/10.3389/fcomp.2025.1557918/full |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850089441352220672 |
|---|---|
| author | Mohammad Hafiz Hersyah Mohammad Hafiz Hersyah Md. Delwar Hossain Yuzo Taenaka Youki Kadobayashi |
| author_facet | Mohammad Hafiz Hersyah Mohammad Hafiz Hersyah Md. Delwar Hossain Yuzo Taenaka Youki Kadobayashi |
| author_sort | Mohammad Hafiz Hersyah |
| collection | DOAJ |
| description | Securing cloud-native infrastructures that integrate Multi-Factor Authentication (MFA) via FIDO2, container orchestration with Kubernetes, and Dockerized microservices remains a complex challenge due to interdependent vulnerabilities and escalating adversarial threats. To address this, we propose a web-based cybersecurity framework that combines Fuzzy Analytical Hierarchy Process (Fuzzy AHP), Domain Mapping Matrix (DMM), and fuzzy inference to perform multi-attribute risk assessment tailored to containerized environments. The method involves aggregating expert judgments to prioritize six key CIA-AAN criteria-Confidentiality, Integrity, Availability, Authentication, Authorization, and Non-repudiation-followed by structural complexity quantification using DMM enhanced with Singular Value Decomposition. These are then fused into a Complexity Resilience Index and used in a fuzzy logic system that incorporates CVE-derived indicators such as base score, impact, and exploitability. When applied to five real-world adversarial techniques, the framework produced differentiated risk outcomes: Data Destruction and Resource Hijacking emerged as High-Level Risks with scores of 70.47 and 74.60 respectively, while Endpoint DOS, Network DOS, and Inhibit System Recovery were classified as Medium-Level Risks. These results illustrate how layered threat propagation and component interdependence increase vulnerability in FIDO2-integrated orchestration settings. Compared to conventional frameworks like EBIOS and NIST RMF, our approach offers enhanced granularity in quantifying risk and simulating threat propagation. By enabling practitioners to understand not only which adversarial activities are most damaging but also why, this framework empowers more informed and proactive cybersecurity decisions-bridging the gap between technical risk modeling and real-world defense planning. |
| format | Article |
| id | doaj-art-4c658890d29b4fc58114aa2df6ddd857 |
| institution | DOAJ |
| issn | 2624-9898 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | Frontiers Media S.A. |
| record_format | Article |
| series | Frontiers in Computer Science |
| spelling | doaj-art-4c658890d29b4fc58114aa2df6ddd8572025-08-20T02:42:46ZengFrontiers Media S.A.Frontiers in Computer Science2624-98982025-07-01710.3389/fcomp.2025.15579181557918Fuzzyfortify: a multi-attribute risk assessment for multi-factor authentication and cloud container orchestrationMohammad Hafiz Hersyah0Mohammad Hafiz Hersyah1Md. Delwar Hossain2Yuzo Taenaka3Youki Kadobayashi4Cyber Resilience Laboratory, Division of Information Science, Nara Institute of Science and Technology, Ikoma - Nara, JapanComputer and Networking Laboratory, Information Technology Faculty, Andalas University, Padang, IndonesiaDepartment of Computer Science, Angelo State University, San Angelo, TX, United StatesCyber Resilience Laboratory, Division of Information Science, Nara Institute of Science and Technology, Ikoma - Nara, JapanCyber Resilience Laboratory, Division of Information Science, Nara Institute of Science and Technology, Ikoma - Nara, JapanSecuring cloud-native infrastructures that integrate Multi-Factor Authentication (MFA) via FIDO2, container orchestration with Kubernetes, and Dockerized microservices remains a complex challenge due to interdependent vulnerabilities and escalating adversarial threats. To address this, we propose a web-based cybersecurity framework that combines Fuzzy Analytical Hierarchy Process (Fuzzy AHP), Domain Mapping Matrix (DMM), and fuzzy inference to perform multi-attribute risk assessment tailored to containerized environments. The method involves aggregating expert judgments to prioritize six key CIA-AAN criteria-Confidentiality, Integrity, Availability, Authentication, Authorization, and Non-repudiation-followed by structural complexity quantification using DMM enhanced with Singular Value Decomposition. These are then fused into a Complexity Resilience Index and used in a fuzzy logic system that incorporates CVE-derived indicators such as base score, impact, and exploitability. When applied to five real-world adversarial techniques, the framework produced differentiated risk outcomes: Data Destruction and Resource Hijacking emerged as High-Level Risks with scores of 70.47 and 74.60 respectively, while Endpoint DOS, Network DOS, and Inhibit System Recovery were classified as Medium-Level Risks. These results illustrate how layered threat propagation and component interdependence increase vulnerability in FIDO2-integrated orchestration settings. Compared to conventional frameworks like EBIOS and NIST RMF, our approach offers enhanced granularity in quantifying risk and simulating threat propagation. By enabling practitioners to understand not only which adversarial activities are most damaging but also why, this framework empowers more informed and proactive cybersecurity decisions-bridging the gap between technical risk modeling and real-world defense planning.https://www.frontiersin.org/articles/10.3389/fcomp.2025.1557918/fullMFADockerKubernetesfuzzy logicmulti-attribute risk assessmentcloud computing |
| spellingShingle | Mohammad Hafiz Hersyah Mohammad Hafiz Hersyah Md. Delwar Hossain Yuzo Taenaka Youki Kadobayashi Fuzzyfortify: a multi-attribute risk assessment for multi-factor authentication and cloud container orchestration Frontiers in Computer Science MFA Docker Kubernetes fuzzy logic multi-attribute risk assessment cloud computing |
| title | Fuzzyfortify: a multi-attribute risk assessment for multi-factor authentication and cloud container orchestration |
| title_full | Fuzzyfortify: a multi-attribute risk assessment for multi-factor authentication and cloud container orchestration |
| title_fullStr | Fuzzyfortify: a multi-attribute risk assessment for multi-factor authentication and cloud container orchestration |
| title_full_unstemmed | Fuzzyfortify: a multi-attribute risk assessment for multi-factor authentication and cloud container orchestration |
| title_short | Fuzzyfortify: a multi-attribute risk assessment for multi-factor authentication and cloud container orchestration |
| title_sort | fuzzyfortify a multi attribute risk assessment for multi factor authentication and cloud container orchestration |
| topic | MFA Docker Kubernetes fuzzy logic multi-attribute risk assessment cloud computing |
| url | https://www.frontiersin.org/articles/10.3389/fcomp.2025.1557918/full |
| work_keys_str_mv | AT mohammadhafizhersyah fuzzyfortifyamultiattributeriskassessmentformultifactorauthenticationandcloudcontainerorchestration AT mohammadhafizhersyah fuzzyfortifyamultiattributeriskassessmentformultifactorauthenticationandcloudcontainerorchestration AT mddelwarhossain fuzzyfortifyamultiattributeriskassessmentformultifactorauthenticationandcloudcontainerorchestration AT yuzotaenaka fuzzyfortifyamultiattributeriskassessmentformultifactorauthenticationandcloudcontainerorchestration AT youkikadobayashi fuzzyfortifyamultiattributeriskassessmentformultifactorauthenticationandcloudcontainerorchestration |