Agile security using an incremental security architecture

被引:0
|
作者
Chivers, H [1 ]
Paige, RF [1 ]
Ge, XC [1 ]
机构
[1] Univ York, Dept Comp Sci, York YO10 5DD, N Yorkshire, England
来源
EXTREME PROGRAMMING AND AGILE PROCESSES IN SOFTWARE ENGINEERING, PROCEEDINGS | 2005年 / 3556卷
关键词
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This paper describes how to grow security, organically, within an agile project, by using an incremental security architecture which evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The paper also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and 'top-down' architectures.
引用
收藏
页码:57 / 65
页数:9
相关论文
共 50 条
  • [31] Overview of Security Enhanced Android's Security Architecture
    Zheng, Chaowen
    PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON TEACHING AND COMPUTATIONAL SCIENCE, 2014, : 48 - 50
  • [32] Scheduling of Security Resources in Software Defined Security Architecture
    Zhang, Gang
    Qiu, Xiaofeng
    Chang, Wei
    2017 INTERNATIONAL CONFERENCE ON CYBER-ENABLED DISTRIBUTED COMPUTING AND KNOWLEDGE DISCOVERY (CYBERC), 2017, : 494 - 503
  • [33] Application of Java']Java Security Architecture in Information Security
    Shen Guicheng
    Zheng Xuefeng
    PROCEEDINGS OF FIRST INTERNATIONAL CONFERENCE OF MODELLING AND SIMULATION, VOL III: MODELLING AND SIMULATION IN ELECTRONICS, COMPUTING, AND BIO-MEDICINE, 2008, : 66 - 69
  • [34] Architecture Security Evaluation Method based on Security of the Components
    Du, Changxiao
    Li, Xiaohong
    Shi, Hong
    Hu, Jing
    Feng, Ruitao
    Feng, Zhiyong
    2013 20TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC 2013), VOL 1, 2013, : 523 - 528
  • [35] DEPENDENT INCREMENTAL MODELING OF SECURITY PRICES
    LACKMAN, CL
    RIVISTA INTERNAZIONALE DI SCIENZE ECONOMICHE E COMMERCIALI, 1984, 31 (02): : 156 - 171
  • [36] The Security Council and Iraq: An incremental practice
    Grant, TD
    AMERICAN JOURNAL OF INTERNATIONAL LAW, 2003, 97 (04) : 823 - 842
  • [37] Effective Security Monitoring Using Efficient SIEM Architecture
    Sheeraz, Muhammad
    Paracha, Muhammad Arsalan
    Ul Haque, Mansoor
    Durad, Muhammad Hanif
    Mohsin, Syed Muhammad
    Band, Shahab S.
    Mosavi, Amir
    HUMAN-CENTRIC COMPUTING AND INFORMATION SCIENCES, 2023, 13
  • [38] Security architecture testing using IDS - a case study
    Verwoerd, T
    Hunt, R
    COMPUTER COMMUNICATIONS, 2002, 25 (15) : 1402 - 1412
  • [39] Addressing ICS Security Challenges using Simplex Architecture
    Karnoor, Sahil Bhandary
    Mathiyazhagan, Prahadheeswaran
    Dagale, Haresh
    Singh, Chandramani
    2021 IEEE INTERNATIONAL CONFERENCE ON ADVANCED NETWORKS AND TELECOMMUNICATIONS SYSTEMS (IEEE ANTS), 2021,
  • [40] Security architecture for control networks using IPsec and KINK
    Okabe, N
    Sakane, S
    Miyazawa, K
    Kamada, K
    Inoue, A
    Ishiyama, M
    2005 SYMPOSIUM ON APPLICATIONS AND THE INTERNET, PROCEEDINGS, 2005, : 414 - 420
12345