Agile security using an incremental security architecture

被引:0
|
作者
Chivers, H [1 ]
Paige, RF [1 ]
Ge, XC [1 ]
机构
[1] Univ York, Dept Comp Sci, York YO10 5DD, N Yorkshire, England
来源
EXTREME PROGRAMMING AND AGILE PROCESSES IN SOFTWARE ENGINEERING, PROCEEDINGS | 2005年 / 3556卷
关键词
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This paper describes how to grow security, organically, within an agile project, by using an incremental security architecture which evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The paper also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and 'top-down' architectures.
引用
收藏
页码:57 / 65
页数:9
相关论文
共 50 条
  • [1] An Agile Enterprise Regulation Architecture for Health Information Security Management
    Chen, Ying-Pei
    Hsieh, Sung-Huai
    Cheng, Po-Hsun
    Chien, Tsan-Nan
    Chen, Heng-Shuen
    Luh, Jer-Junn
    Lai, Jin-Shin
    Lai, Feipei
    Chen, Sao-Jie
    TELEMEDICINE JOURNAL AND E-HEALTH, 2010, 16 (07): : 807 - 817
  • [2] Supporting Evolving Security Models for an Agile Security Evaluation
    Raschke, Wolfgang
    Zilli, Massimiliano
    Baumgartner, Philip
    Loinig, Johannes
    Steger, Christian
    Kreiner, Christian
    2014 IEEE 1ST WORKSHOP ON EVOLVING SECURITY AND PRIVACY REQUIREMENTS ENGINEERING (ESPRE), 2014, : 31 - 36
  • [3] Assessment of the Security Architecture of Control System Using Discretionary Security Models
    Promyslov, Vitaly G.
    2017 TENTH INTERNATIONAL CONFERENCE MANAGEMENT OF LARGE-SCALE SYSTEM DEVELOPMENT (MLSD), 2017,
  • [4] ASPECTS: Agile Spectrum Security
    Polyzos, George C.
    Marias, Giannis F.
    Arkoulis, Stamatios
    Frangoudis, Pantelis A.
    Fiedler, Markus
    Popescu, Alexandru
    de Meer, Hermann
    Herkenhoener, Ralph
    Fischer, Andreas
    Oberender, Jens
    2011 7TH EURO-NGI CONFERENCE ON NEXT GENERATION INTERNET (NGI), 2011,
  • [5] Agile Development for System of Systems: Cyber Security Integration into Information Repositories Architecture
    Farroha, Deborah L.
    Farroha, Bassam S.
    2011 IEEE INTERNATIONAL SYSTEMS CONFERENCE (SYSCON 2011), 2011, : 182 - 188
  • [6] A security architecture for data privacy and security
    Weaver, Alfred C.
    ETFA 2005: 10TH IEEE INTERNATIONAL CONFERENCE ON EMERGING TECHNOLOGIES AND FACTORY AUTOMATION, VOL 1, PTS 1 AND 2, PROCEEDINGS, 2005, : 673 - 676
  • [7] Built-in Security Computer: Deploying Security-First Architecture Using Active Security Processor
    Meng, Dan
    Hou, Rui
    Shi, Gang
    Tu, Bibo
    Yu, Aimin
    Zhu, Ziyuan
    Jia, Xiaoqi
    Wen, Yu
    Yang, Yun
    IEEE TRANSACTIONS ON COMPUTERS, 2020, 69 (11) : 1571 - 1583
  • [8] Incremental information security certification
    von Solms, B
    von Solms, R
    COMPUTERS & SECURITY, 2001, 20 (04) : 308 - 310
  • [9] Security Practices in Agile Software Development
    Selva-Mora, Alejandra
    Quesada-Lopez, Christian
    PROCEEDINGS 2024 IEEE/ACM INTERNATIONAL WORKSHOP ON SOFTWARE-INTENSIVE BUSINESS, IWSIB 2024, 2024, : 56 - 63
  • [10] Security as a Service - A Reference Architecture for SOA Security
    Memon, Mukhtiar
    Hafner, Michael
    Breu, Ruth
    SECURITY IN INFORMATION SYSTEMS, PROCEEDINGS, 2009, : 79 - 89
12345