Fuzzyfortify: A Multi-Attribute Risk Assessment for Multi-Factor Authentication and Cloud Container Orchestration

Mohammad Hafiz Hersyah^1,2*MD Delwar Hossain³Yuzo Taenaka¹Youki Kadobayashi¹

• ¹Nara Institute of Science and Technology (NAIST), Ikoma, Japan
• ²Andalas University, Padang, West Sumatra, Indonesia
• ³Angelo State University, San Angelo, Texas, United States

Securing Multi-Factor Authentication (MFA) and container orchestration technologies such as FIDO2, Kubernetes, and Docker in cloud computing environments requires addressing internal and external threats, misconfigurations, and architectural interdependencies. Without effective methods to prioritize these risks, attackers can exploit systemic vulnerabilities to launch sophisticated attacks. Existing risk assessment frameworks often rely on static scoring and subjective judgment, limiting their ability to address complexity and uncertainty. To overcome these limitations, this study proposes a three-step multi-attribute risk assessment framework.First, a complexity resilience index is developed by modifying the fuzzy analytical hierarchy process (AHP) to prioritize CIA (Confidentiality, Integrity, Availability) and AAN (Authentication, Authorization, Non-Repudiation) properties with a domain mapping matrix to quantify structural complexity. Second, fuzzy logic is applied to integrate this index with real-world CVE metrics, enabling adaptive and uncertainty-aware risk prioritization. Third, the entire framework is deployed as a web-based tool to facilitate practitioner adoption. This framework uses MITRE ATT&CK threat intelligence to stay aligned with real-world threats. It improves current methods by measuring system complexity, supporting data-driven decisions, and connecting theory with practical security for cloud-native systems.