AUTHOR=Hafiz Hersyah Mohammad , Hossain Md. Delwar , Taenaka Yuzo , Kadobayashi Youki 

TITLE=Fuzzyfortify: a multi-attribute risk assessment for multi-factor authentication and cloud container orchestration

JOURNAL=Frontiers in Computer Science

VOLUME=Volume 7 - 2025

YEAR=2025

URL=https://www.frontiersin.org/journals/computer-science/articles/10.3389/fcomp.2025.1557918

DOI=10.3389/fcomp.2025.1557918

ISSN=2624-9898

ABSTRACT=Securing cloud-native infrastructures that integrate Multi-Factor Authentication (MFA) via FIDO2, container orchestration with Kubernetes, and Dockerized microservices remains a complex challenge due to interdependent vulnerabilities and escalating adversarial threats. To address this, we propose a web-based cybersecurity framework that combines Fuzzy Analytical Hierarchy Process (Fuzzy AHP), Domain Mapping Matrix (DMM), and fuzzy inference to perform multi-attribute risk assessment tailored to containerized environments. The method involves aggregating expert judgments to prioritize six key CIA-AAN criteria-Confidentiality, Integrity, Availability, Authentication, Authorization, and Non-repudiation-followed by structural complexity quantification using DMM enhanced with Singular Value Decomposition. These are then fused into a Complexity Resilience Index and used in a fuzzy logic system that incorporates CVE-derived indicators such as base score, impact, and exploitability. When applied to five real-world adversarial techniques, the framework produced differentiated risk outcomes: Data Destruction and Resource Hijacking emerged as High-Level Risks with scores of 70.47 and 74.60 respectively, while Endpoint DOS, Network DOS, and Inhibit System Recovery were classified as Medium-Level Risks. These results illustrate how layered threat propagation and component interdependence increase vulnerability in FIDO2-integrated orchestration settings. Compared to conventional frameworks like EBIOS and NIST RMF, our approach offers enhanced granularity in quantifying risk and simulating threat propagation. By enabling practitioners to understand not only which adversarial activities are most damaging but also why, this framework empowers more informed and proactive cybersecurity decisions-bridging the gap between technical risk modeling and real-world defense planning.