A methodology for security assurance-driven system development

Vivas, José Luis; Agudo, Isaac; López, Javier

doi:10.1007/s00766-010-0114-8

Cited by 17 publications

(14 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is achievable using security assurance cases. A Security assurance case [21] is a semi-formal approach for objectively supporting the claim that a software product mitigates its security risks.…”

Section: Iterative Security Assurance Casesmentioning

confidence: 99%

Using Assurance Cases to Develop Iteratively Security Features Using Scrum

Othmane

Angin

Bhargava

2014

2014 Ninth International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

A security feature is a customer-valued capability of software for mitigating a set of security threats. Incremental development of security features, using the Scrum method, often leads to developing ineffective features in addressing the threats they target due to factors such as incomplete security tests. This paper proposes the use of security assurance cases to maintain a global view of the security claims as the feature is being developed iteratively and a process that enables the incremental development of security features while ensuring the security requirements of the feature are fulfilled.

show abstract

Section: Iterative Security Assurance Casesmentioning

confidence: 99%

Using Assurance Cases to Develop Iteratively Security Features Using Scrum

Othmane

Angin

Bhargava

2014

2014 Ninth International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

show abstract

“…Note also that Vivas et al [17] proposed a method for security assurancedriven software development that focuses on relating the assurance cases to the software through the development life-cycle (analysis, design, development, and test). Our method relates the security assurance case to the software as it evolves in increments.…”

Section: Methodology Of Security Reassurance Of Software Incrementsmentioning

confidence: 99%

“…A security assurance case [17], a semi-formal approach for security assurance, is a collection of security-related claims, arguments, and evidences where a claim, i.e., a security goal, is a high-level security requirement, an argument is a justification that a set of (objective) evidences justify that the related claim is satisfied, and an evidence is a result of a verification through, for example, Microsoft Bob would pipe up when the program determined that the user was stuck doing something. Bob's most insecure function occurred when a user attempted three times (unsuccessfully) to type in his or her password.…”

Section: Security Assurance Casesmentioning

confidence: 99%

“…The common approach for security assurance is to use checklists of security verifications (e.g., [16]) that require the verification of all the security requirements for each software increment. We address the issue through using security assurance cases [17]. The tree-like structure of assurance cases supports efficient security reassurance of the software increments.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Extending the Agile Development Process to Develop Acceptably Secure Software

Othmane

Angin

Weffers

et al. 2014

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Abstract. The agile software development approach makes developing secure software challenging. Existing approaches for extending the agile development process, which enables incremental and iterative software development, fall short of providing a method for efficiently ensuring the security of the software increments produced at the end of each iteration. This paper (a) proposes a method for security reassurance of software increments and demonstrates it through a simple case study, (b) integrates security engineering activities into the agile software development process and uses the security reassurance method to ensure producing acceptably secure-for the business owner-software increments at the end of each iteration, and (c) discusses the compliance of the proposed method with the agile values and its ability to produce secure software increments.

show abstract

“…There is also work that shares some synergy with ours and which we plan to further explore and if possible integrate to our approach, such as the work by Vivas et. al [26] on security assurance.…”

Section: Related Workmentioning

confidence: 99%

Evaluating cloud deployment scenarios based on security and privacy requirements

2013

View full text Add to dashboard Cite

Migrating organisational services, data and application on the Cloud is an important strategic decision for organisations due to the large number of benefits introduced by the usage of cloud computing, such as cost reduction and on demand resources. Despite, however, of the many benefits, there are challenges and risks for cloud adaption related to (amongst others) data leakage, insecure APIs, and shared technology vulnerabilities. These challenges need to be understood and analysed in the context of an organisation's security and privacy goals and relevant cloud computing deployment models. Although, the literature provides a large number of references to works that consider cloud computing security issues, no work has been provided, to our knowledge, which supports the elicitation of security and privacy requirements and the selection of an appropriate cloud deployment model based on such requirements. This work contributes towards this gap. In particular, we propose a requirements engineering framework to support the elicitation of security and privacy requirements and the selection of an appropriate deployment model based on the elicited requirements. Our framework provides a modelling language that builds on concepts from requirements, security, privacy and cloud engineering and a systematic process. We use a real case study, based on the Greek National Gazette, to demonstrate the applicability of our work.

show abstract

A methodology for security assurance-driven system development

Cited by 17 publications

References 13 publications

Using Assurance Cases to Develop Iteratively Security Features Using Scrum

Using Assurance Cases to Develop Iteratively Security Features Using Scrum

Extending the Agile Development Process to Develop Acceptably Secure Software

Evaluating cloud deployment scenarios based on security and privacy requirements

Contact Info

Product

Resources

About