Using Assurance Cases to Develop Iteratively Security Features Using Scrum

Othmane, Lotfi ben; Angin, Pelin; Bhargava, Bharat

doi:10.1109/ares.2014.73

Cited by 11 publications

(17 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Rein, C. Rudolph, J. F. Ruiz and M. Arjona [22] described the new Security Engineering Process with the In 2014, L. b. Othmane, P. Angin and B. Bhargava [24] proposed the use of security assurance cases that are developed iteratively. The extension of the Scrum method discovered by Takeuchi and Nonakais are used.…”

Section: Methodologiesmentioning

confidence: 99%

A Categorized Review on Software Security Testing

Mahendra¹,

Khan²

2016

IJCA

View full text Add to dashboard Cite

The main objective of security testing is to check the weaknesses of the implemented security mechanism. It is done for finding the vulnerabilities of a system and to determine whether the system is protected from intruders or not. Security testing can be done prior to production or after the production of the system. But, if the security testing is done after the production, then cost will be more and the huge amount of rework will be required to remove the problems. Also the time between the vulnerability is get known and the malicious attack against it, is becoming less. Therefore it is required to include the security testing in the early phases of software development life cycle. The present paper deals with the review of software security testing approaches and techniques proposed so far. The review is presented in a categorized way and tabulated for the last one and half decade (2000)(2001)(2002)(2003)(2004)(2005)(2006)(2007)(2008)(2009)(2010)(2011)(2012)(2013)(2014)(2015).

show abstract

Section: Methodologiesmentioning

confidence: 99%

A Categorized Review on Software Security Testing

Mahendra¹,

Khan²

2016

IJCA

View full text Add to dashboard Cite

show abstract

“…As a quality check for our search string, we ensured that we would find three relevant, known studies (Finnegan and McCaffery 2014a;Ben Othmane et al 2014;Xu et al 2017) with the search string. This was to make sure that our search string would return all three relevant studies, hence confirming its validity.…”

Section: Constructing the Search Stringmentioning

confidence: 99%

“…-Integrating SAC in the development life-cycle: These approaches suggest mapping the SAC creation activities to the development activities to integrate SACs in the development and security processes (Agudo et al 2009;Ben Othmane et al 2014; Ray and (Sklyar and Kharchenko 2016, 2017a, b, 2019. In general, these approaches suggest that the different stages of software development (requirements, design, implementation, and deployment) correspond to different abstraction levels of the security claims that can be made on the system.…”

Section: Rq2: Approachesmentioning

confidence: 99%

“…The hierarchical structure of SAC makes it possible to document these claims at every development stage as well as the dependencies to claims in the later or earlier stages (Vivas et al 2011). This also applies to incremental development, e.g., using the SCRUM method (Ben Othmane et al 2014). Updating SACs during the development life-cycle is, however, essential for these approaches to work.…”

Section: Rq2: Approachesmentioning

confidence: 99%

See 1 more Smart Citation

Security assurance cases—state of the art of an emerging approach

2021

View full text Add to dashboard Cite

Security Assurance Cases (SAC) are a form of structured argumentation used to reason about the security properties of a system. After the successful adoption of assurance cases for safety, SAC are getting significant traction in recent years, especially in safety-critical industries (e.g., automotive), where there is an increasing pressure to be compliant with several security standards and regulations. Accordingly, research in the field of SAC has flourished in the past decade, with different approaches being investigated. In an effort to systematize this active field of research, we conducted a systematic literature review (SLR) of the existing academic studies on SAC. Our review resulted in an in-depth analysis and comparison of 51 papers. Our results indicate that, while there are numerous papers discussing the importance of SAC and their usage scenarios, the literature is still immature with respect to concrete support for practitioners on how to build and maintain a SAC. More importantly, even though some methodologies are available, their validation and tool support is still lacking.

show abstract

“…Othmane et al [20] proposed integrating security reassurance into the agile software development processes to ensure the security of the developed software with each iteration. In addition, they demonstrated the use of the technique to iteratively develop security features that fulfill their security requirements [21]. The process helps, for example, to identify customer change requests that conflict with the security requirements of the iteration.…”

Section: Related Workmentioning

confidence: 99%

Identification of the Impacts of Code Changes on the Security of Software

Othmane

Jamil

Abdelkhalek

2019

2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)

View full text Add to dashboard Cite

Companies develop their software in versions and iterations. Ensuring the security of each additional version using code review is costly and time consuming. This paper investigates automated tracing of the impacts of code changes on the security of a given software. To this end, we use call graphs to model the software code, and security assurance cases to model the security requirements of the software. Then we relate assurance case elements to code through the entry point methods of the software, creating a map of monitored security functions. This mapping allows to evaluate the security requirements that are affected by code changes. The approach is implemented in a set of tools and evaluated using three open-source ERP/E-commerce software applications. The limited evaluation showed that the approach is effective in identifying the impacts of code changes on the security of the software. The approach promises to considerably reduce the security assessment time of the subsequent releases and iterations of software, keeping the initial security state throughout the software lifetime.

show abstract

Using Assurance Cases to Develop Iteratively Security Features Using Scrum

Cited by 11 publications

References 11 publications

A Categorized Review on Software Security Testing

A Categorized Review on Software Security Testing

Security assurance cases—state of the art of an emerging approach

Identification of the Impacts of Code Changes on the Security of Software

Contact Info

Product

Resources

About