Skip to main content
SpringerLink
Log in
Book cover

International Conference on Extreme Programming and Agile Processes in Software Engineering

XP 2006: Extreme Programming and Agile Processes in Software Engineering pp 154–163Cite as

Security Planning and Refactoring in Extreme Programming

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 4044))

Abstract

Security is a critical part of systems development, particularly for web-based systems. There is little known about how to effectively integrate security into incremental development processes such as Extreme Programming. This paper presents the results of a project that used Extreme Programming practices and deferred consideration of security until system functionality was complete. The findings suggest that refactorings within incremental development processes are capable of delivering high quality security solutions, and provide insights into how security requirements can be incorporated in the planning game.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aydal, E.G.: Extreme Programming and Refactoring for Building Secure Web-Based Applications and Web-Services, MSc Thesis, University of York, p. 102 (2005), http://www.cs.york.ac.uk/~aydal/thesis.pdf

  2. Chivers, H., Paige, R.F., Ge, X.: Agile Security using an Incremental Security Architecture. In: Baumeister, H., Marchesi, M., Holcombe, M. (eds.) XP 2005. LNCS, vol. 3556, Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  3. Fowler, M.: Refactoring. Addison-Wesley, Reading (1999)

    Google Scholar 

  4. Beznosov, K., Kruchten, P.: Towards Agile Security Assurance. In: Proc. New Security Paradigms Workshop (2004)

    Google Scholar 

  5. Beznosov, K.: Extreme Security Engineering: On Employing XP Practices to Achieve “Good Enough Security” without defining it. In: The First ACM Workshop on business Driven Security Engineering (BizSec). ACM Press, New York (2003)

    Google Scholar 

  6. Fowler, M.: Refactoring Home Page (2005), http://www.refactoring.com/

  7. Paige, R.F., Cakic, J., Ge, X., Chivers, H.: Towards Agile Re-Engineering of Dependable Grid Applications. In: Proc. Genie Logiciel & Ingenierie de Systemes et leurs Applications (ICS-SEA 2004), CNAM (2004)

    Google Scholar 

  8. Introduction to Risk Analysis, http://www.security-risk-analysis.com/introduction.htm

  9. Failure Mode and Affects Analysis, http://www.parnassus.org/FMEA_top.pdf

  10. Lippert, M.: Towards a Proper Integration of Large Refactorings in Agile Software Development. University of Hamburg (2004)

    Google Scholar 

  11. The Common Criteria, Common Criteria Support Environment (CCSE) (August 1999), http://www.commoncriteria.org/cc/cc.html

  12. Beck, K.: Extreme Programming Explained. Addison-Wesley, Reading (1999)

    Google Scholar 

  13. Wäyrynen, J., Bodén, M., Boström, G.: Security Engineering and eXtreme Programming: An Impossible Marriage? In: Zannier, C., Erdogmus, H., Lindstrom, L. (eds.) XP/Agile Universe 2004. LNCS, vol. 3134, pp. 117–128. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  14. Kim, S., Clark, J.A., McDermid, J.A.: Rigorous Generation of Java Mutation Operations using HAZOPs. In: Proc. Genie Logiciel & Ingenierie de Systemes et leurs Applications (ICS-SEA) (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of York, UK

    Emine G. Aydal & Richard F. Paige

  2. Department of Information Systems, Cranfield University, UK

    Howard Chivers

  3. School of Computing, University of Teesside, UK

    Phillip J. Brooke

Authors
  1. Emine G. Aydal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Richard F. Paige
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Howard Chivers
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Phillip J. Brooke
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. VTT Electronics, Oulu, Finland

    Pekka Abrahamsson

  2. FlossLab s.r.l., viale Elmas, 142, 09122, Cagliari, Italy

    Michele Marchesi

  3. Center for Applied Software Engineering Faculty of Computer Science, Free University of Bolzano-Bozen, Piazza Domenicani 1, 39100, Bolzano-Bozen, Italy

    Giancarlo Succi

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Aydal, E.G., Paige, R.F., Chivers, H., Brooke, P.J. (2006). Security Planning and Refactoring in Extreme Programming. In: Abrahamsson, P., Marchesi, M., Succi, G. (eds) Extreme Programming and Agile Processes in Software Engineering. XP 2006. Lecture Notes in Computer Science, vol 4044. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11774129_16

Download citation

  • DOI: https://doi.org/10.1007/11774129_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-35094-1

  • Online ISBN: 978-3-540-35095-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation