Agile Security Using an Incremental Security Architecture

Chivers, Howard; Paige, Richard F.; Ge, Xiaocheng

doi:10.1007/11499053_7

Howard Chivers¹⁹,
Richard F. Paige¹⁹ &
Xiaocheng Ge¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 3556))

Included in the following conference series:

International Conference on Extreme Programming and Agile Processes in Software Engineering

3644 Accesses
22 Citations

Abstract

The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This paper describes how to grow security, organically, within an agile project, by using an incremental security architecture which evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The paper also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and ‘top-down’ architectures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Wäyrynen, J., Bodén, M., Boström, G.: Security Engineering and eXtreme Programming: An Impossible Marriage? in XP/Agile Universe 2004. In: 4th Conference on Extreme Programming and Agile Methods. LNCS, p. 117. Springer, Heidelberg (2004)
Google Scholar
Beznosov, K., Kruchten, P.: Towards Agile Security Assurance. In: The New Security Paradigms Workshop (2004)
Google Scholar
Endiktsson, O., Dalcher, D., Thorbergsson, H.: Choosing a Development Life Cycle: Comparing Project and Product Measures. In: Génie Logiciel & Ingénierie de Systèmes et leurs Applications, ICSSEA 2004 (2004)
Google Scholar
Beznosov, K.: Extreme Security Engineering: On Employing XP Practices to Achieve.Good Enough Security. without Defining It. In: The first ACM Workshop on business Driven Security Engineering (BizSec), ACM Press, New York (2003)
Google Scholar
Risk Management Guide for Information Technology Systems. National Institute of Standards and Technology (NIST)SP 800-30 (2002), http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
Chivers, H., Fletcher, M.: Adapting Security Risk Analysis to Service-Based Systems. In: Grid Security Practice and Experience Workshop. University of York, Department of Computer Science, Technical Report YCS 380 (2004)
Google Scholar
Amey, P., Chapman, R.: Static Verification and Extreme Programming. In: The 2003 annual ACM SIGAda international conference on Ada: the engineering of correct and reliable software for real-time & distributed systems using ada and related technologies, pp. 4–9. ACM Press, New York (2003)
Chapter Google Scholar
Hoo, K.S., Sudbury, A.W., Jaquith, A.R.: Tangible ROI through Secure Software Engineering. Secure Business Quarterly 1(2) (2001)
Google Scholar
Fowler, M.: Refactoring: Improving the Design of Existing Code. The Addison-Wesley Object Technology Series. Addison Wesley Longman, Amsterdam (1999)
Google Scholar
Beck, K.: Extreme Programming Explained. Addison Wesley Longman, Amsterdam (2000)
Google Scholar
Murru, O., Deias, R., Mugheddu, G.: Assessing XP at a European Internet Company. IEEE Software 20(3), 37–43 (2003)
Article Google Scholar
Shore, J.: Continuous Design. IEEE Software 21(1), 20–22 (2004)
Article MathSciNet Google Scholar
Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way, Professional Computing. Addison-Wesley, Reading (2001)
Google Scholar
Paige, R.F., Cakic, J., Ge, X., Chivers, H.: Towards Agile Re-Engineering of Dependable Grid Applications. Génie Logiciel & Ingénierie de Systèmes et leurs Applications, ICSSEA 2004 (2004)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science, University of York, York, YO10 5DD, UK
Howard Chivers, Richard F. Paige & Xiaocheng Ge

Authors

Howard Chivers
View author publications
You can also search for this author in PubMed Google Scholar
Richard F. Paige
View author publications
You can also search for this author in PubMed Google Scholar
Xiaocheng Ge
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Informatik og Matematisk Modellering, Danmarks Tekniske Universitet, Lyngby
Hubert Baumeister
FlossLab s.r.l., viale Elmas, 142, 09122, Cagliari, Italy
Michele Marchesi
Department of Computer Science, University of Sheffield, UK
Mike Holcombe

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Chivers, H., Paige, R.F., Ge, X. (2005). Agile Security Using an Incremental Security Architecture. In: Baumeister, H., Marchesi, M., Holcombe, M. (eds) Extreme Programming and Agile Processes in Software Engineering. XP 2005. Lecture Notes in Computer Science, vol 3556. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11499053_7

Download citation

DOI: https://doi.org/10.1007/11499053_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26277-0
Online ISBN: 978-3-540-31487-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics