Abstract: “Identifying threats in the stage of requirements engineering is a big and complex challenge for web services development.The challenge even grows when the massive number of security faults grows. In addition, security threats existing in a web service may increase the risk of security failure. An Electronic Portfolio System (EPS) is introduced as a web service to serve as our running example in this paper. To overcome the security threats in the target EPS, the web service has to be flexible and tolerant. EPS should tolerant in presence of inevitable security threats. This study presents a fuzzy-based approach to establish security requirements of the EPS as a web service and make a fault tolerant model for the security requirements of the service. For this purpose, we have applied a goal-based modeling approach. The approach develops an intrusion tolerant model for security requirements. The model is developed based on the formally described model of security faults (SFM). In order to”

Keywords: fuzzy syntax; RELAX; goal-based modeling intrusion tolerance; web service security.