Abstract
Security is a critical part of systems development, particularly for web-based systems. There is little known about how to effectively integrate security into incremental development processes such as Extreme Programming. This paper presents the results of a project that used Extreme Programming practices and deferred consideration of security until system functionality was complete. The findings suggest that refactorings within incremental development processes are capable of delivering high quality security solutions, and provide insights into how security requirements can be incorporated in the planning game.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Aydal, E.G.: Extreme Programming and Refactoring for Building Secure Web-Based Applications and Web-Services, MSc Thesis, University of York, p. 102 (2005), http://www.cs.york.ac.uk/~aydal/thesis.pdf
Chivers, H., Paige, R.F., Ge, X.: Agile Security using an Incremental Security Architecture. In: Baumeister, H., Marchesi, M., Holcombe, M. (eds.) XP 2005. LNCS, vol. 3556, Springer, Heidelberg (2005)
Fowler, M.: Refactoring. Addison-Wesley, Reading (1999)
Beznosov, K., Kruchten, P.: Towards Agile Security Assurance. In: Proc. New Security Paradigms Workshop (2004)
Beznosov, K.: Extreme Security Engineering: On Employing XP Practices to Achieve “Good Enough Security” without defining it. In: The First ACM Workshop on business Driven Security Engineering (BizSec). ACM Press, New York (2003)
Fowler, M.: Refactoring Home Page (2005), http://www.refactoring.com/
Paige, R.F., Cakic, J., Ge, X., Chivers, H.: Towards Agile Re-Engineering of Dependable Grid Applications. In: Proc. Genie Logiciel & Ingenierie de Systemes et leurs Applications (ICS-SEA 2004), CNAM (2004)
Introduction to Risk Analysis, http://www.security-risk-analysis.com/introduction.htm
Failure Mode and Affects Analysis, http://www.parnassus.org/FMEA_top.pdf
Lippert, M.: Towards a Proper Integration of Large Refactorings in Agile Software Development. University of Hamburg (2004)
The Common Criteria, Common Criteria Support Environment (CCSE) (August 1999), http://www.commoncriteria.org/cc/cc.html
Beck, K.: Extreme Programming Explained. Addison-Wesley, Reading (1999)
Wäyrynen, J., Bodén, M., Boström, G.: Security Engineering and eXtreme Programming: An Impossible Marriage? In: Zannier, C., Erdogmus, H., Lindstrom, L. (eds.) XP/Agile Universe 2004. LNCS, vol. 3134, pp. 117–128. Springer, Heidelberg (2004)
Kim, S., Clark, J.A., McDermid, J.A.: Rigorous Generation of Java Mutation Operations using HAZOPs. In: Proc. Genie Logiciel & Ingenierie de Systemes et leurs Applications (ICS-SEA) (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aydal, E.G., Paige, R.F., Chivers, H., Brooke, P.J. (2006). Security Planning and Refactoring in Extreme Programming. In: Abrahamsson, P., Marchesi, M., Succi, G. (eds) Extreme Programming and Agile Processes in Software Engineering. XP 2006. Lecture Notes in Computer Science, vol 4044. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11774129_16
Download citation
DOI: https://doi.org/10.1007/11774129_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-35094-1
Online ISBN: 978-3-540-35095-8
eBook Packages: Computer ScienceComputer Science (R0)