Agile Security Using an Incremental Security Architecture

Chivers, Howard; Paige, Richard F.; Ge, Xiaocheng

doi:10.1007/11499053_7

Cited by 33 publications

(23 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Chivers et al discuss how a security architecture can evolve iteratively [10]. Another interesting example of a development process with explicit support for security requirements is AEGIS, which builds on the spiral model for software development [12].…”

Section: Related Workmentioning

confidence: 99%

“…The problems within security engineering mirror some of the inherent problems with traditional, waterfall based and documentdriven software development [10]. Existing security engineering standards are based on a sequential, non-iterative lifecycle and assume stable development environments where project plans and security requirements are defined, fixed and documented upfront.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Extending XP practices to support security requirements engineering

Boström¹,

Wäyrynen

Bodén

et al. 2006

Proceedings of the 2006 International Workshop on Software Engineering for Secure Systems

View full text Add to dashboard Cite

This paper proposes a way of extending eXtreme Programming (XP) practices, in particular the original planning game and the coding guidelines, to aid the developers and the customer to engineer security requirements while maintaining the iterative and rapid feedback-driven nature of XP. More specifically, these steps result in two new security-specific flavours of XP User stories: Abuser stories (threat scenarios) and Security-related User stories (security functionalities). The introduced extensions also aid in formulating security-specific coding and design standards to be used in the project, as well as in understanding the need for supporting specific Security-related User stories by the system. The proposed extensions have been tested in a student project.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Extending XP practices to support security requirements engineering

Boström¹,

Wäyrynen

Bodén

et al. 2006

Proceedings of the 2006 International Workshop on Software Engineering for Secure Systems

View full text Add to dashboard Cite

show abstract

“…Several works propose the coexistence of software architectures and ASD [1] [3][5] [13][14] [19], and a few approaches present successful cases of agile architecture [18] or iterative architecture [8]. Agile architecture can defined as "the one that develops with the system, and includes only features that are necessary for the current iteration or delivery" [8].…”

Section: Introductionmentioning

confidence: 99%

Change-Impact Driven Agile Architecting

Díaz

Pérez

Garbajosa

et al. 2013

2013 46th Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

“…-Security is difficult to retrofit [5], so that security ideally needs to be considered from the beginning. In Agile development, where having modifications of the plan is common, the functional requirements are by definition not clear at the beginning.…”

Section: Agile Security Engineeringmentioning

confidence: 99%

Supporting Agile Development of Authorization Rules for SME Applications

Bartsch

Sohr

Bormann

2009

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Abstract. Custom SME applications for collaboration and workflow have become affordable when implemented as Web applications employing Agile methodologies. Security engineering is still difficult with Agile development, though: heavy-weight processes put the improvements of Agile development at risk. We propose Agile security engineering and increased end-user involvement to improve Agile development with respect to authorization policy development. To support the authorization policy development, we introduce a simple and readable authorization rules language implemented in a Ruby on Rails authorization plugin that is employed in a real-world SME collaboration and workflow application. Also, we report on early findings of the language's use in authorization policy development with domain experts.

show abstract

Agile Security Using an Incremental Security Architecture

Cited by 33 publications

References 7 publications

Extending XP practices to support security requirements engineering

Extending XP practices to support security requirements engineering

Change-Impact Driven Agile Architecting

Supporting Agile Development of Authorization Rules for SME Applications

Contact Info

Product

Resources

About