Abstract
Today’s competitive market demands immediate attention on security issues for developing secure software system. Security must be an integral part of any application development methodology. It becomes more challenging when developers design projects according to agile methodology. Traditional ways of development are sequential considering major changes during analysis. Agile methodology is required as there is a need for an iterative approach which encourages changes in requirements at any stage in software development lifecycle. In this paper, we are presenting a framework which effectively implements security practices in agile development and adopts additional features proposed by other researchers. The key point in our framework is that we are embedding a hybrid technique for requirement elicitation with Agile Software Development (ASD). This technique would combine abuser stories and attack trees drawing best features of each of their individual methods. This hybrid technique maps security threats found during security requirements effectively as compared to individual techniques.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ge, X., Paige, R.F., Polack, F., Brooke, P.: Extreme Programming Security Practices. In: Concas, G., et al. (eds.) XP 2007. LNCS, vol. 4536, pp. 226–230. Springer, Heidelberg (2007)
Siponen, M., Baskerville, R., Kuivalainen, T.: Integrating security into agile development methods. In: 38th Annual Hawaii International Conference on System Sciences (2005)
Gandotra, V., Singhal, A., Bedi, P.: Identifying Security Requirements Hybrid Technique. In: Proceedings of the 4th International Conference on Software Engineering Advances, Porto, Portugal, pp. 407–412. IEEE Computer Society, Los Alamitos (September 2009)
Peeters, J.: Agile Security Requirements Engineering. In: Requirements Engineering for Information Security (2005)
Beznosov, K.: Extreme Security Engineering: On Employing XP Practices to Achieve ’Good Enough Security’ without Defining It. In: First ACM Workshop on Business Driven Security Engineering (BizSec), Fairfax,VA (October 31, 2003)
Chivers, H., Paige, R.F., Ge, X.: Agile security using an incremental security architecture. In: Baumeister, H., Marchesi, M., Holcombe, M. (eds.) XP 2005. LNCS, vol. 3556, pp. 57–65. Springer, Heidelberg (2005)
Myagmar, S., Lee, A.J., Yurcik, W.: Threat Modeling as a Basis for Security Requirements National Centre for Supercomputing Applications. Univ. of Illinois at Urbana-Champaign (2005)
Beznosov, K., Kruchten, P.: Towards Agile Security Assurance. In: The New Security Paradigms Workshop, White Point Beach Resort, Nova Scotia, Canada, September 20-23 (2004)
Ge, X., Paige, R.F., Polack, F., Chivers, H., Brooke, P.J.: Agile Development of Secure Web Applications. In: ICWE 2006, July 11-14. ACM, New York (2006)
Kotonya, G., Sommerville, I.: Requirements Engineering: Processes & Techniques. John Wiley & Sons, Chichester (1998)
Davies, R.: The power of stories. WWW Retrieved, Citeseer (2001)
Mellado, D., Fernández-Medina, E., Piattini, M.: A Comparative Study of Proposals for Establishing Security Requirements for the Development of Secure Information Systems. In: Gavrilova, M., et al. (eds.) ICCSA 2006. LNCS, vol. 3982, pp. 1044–1053. Springer, Heidelberg (2006)
Daud, M.I.: Secure Software Development Model: A Guide for Secure Software Life Cycle. In: International MultiConference of Engineers & Computer Scientists, Hong Kong (2010)
Baskerville, R., Levine, L., Pries-Heje, J., Ramesh, B., Slaughter, S.: Is Internet speed Software Development Different? IEEE Software 20(6), 102–107 (2003)
Kongsli, V.: Towards Agile Security in Web Applications. In: The Proceedings of OOPSLA, Portland, Oregon, USA, October 22-26. ACM, New York (2006)
Schneier, B.: Attack trees: Modeling Security Threats. Dr. Dobb’s Journal
Mauwl, S., Oostdijk, M.: Foundations of Attack Trees. P.1/32 (September 26, 2005)
Boström, G., Wäyrynen, J., Bodén, M., Beznosov, K.: Extending XP Practices to Support Security Requirements Engineering. In: SESS 2006, Shanghai, China, May 20-21 (2006)
Wäyrynen, J., Bodén, M., Boström, G.: Security Engineering and eXtreme Programming: An Impossible Marriage? In: Zannier, C., Erdogmus, H., Lindstrom, L. (eds.) XP/Agile Universe 2004. LNCS, vol. 3134, p. 117. Springer, Heidelberg (2004)
Beck, K., et al.: Manifesto for Agile Software Development (February 2001)
The Agile Alliance Home Page, http://www.agilealliance.org/home
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sonia, Singhal, A. (2011). Development of Agile Security Framework Using a Hybrid Technique for Requirements Elicitation. In: Unnikrishnan, S., Surve, S., Bhoir, D. (eds) Advances in Computing, Communication and Control. ICAC3 2011. Communications in Computer and Information Science, vol 125. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-18440-6_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-18440-6_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-18439-0
Online ISBN: 978-3-642-18440-6
eBook Packages: Computer ScienceComputer Science (R0)