Extending xp practices to support security requirements engineering

Proceedings - International Conference on Software Engineering

Volumn 2006-May, Issue , 2006, Pages 11-17

  Bostrm, Gustav ^a   W yrynen, Jaana ^b   Bodn, Marine ^c   Beznosov, Konstantin ^d   Kruchten, Philippe ^d  

^a SWEDISH INSTITUTE OF COMPUTER SCIENCE   (Sweden)

^b STOCKHOLM UNIVERSITY   (Sweden)

^c ERICSSON RESEARCH   (Sweden)

^d UNIVERSITY OF BRITISH COLUMBIA   (Canada)

Author keywords

Agile Software Development; Development methodology; EXtreme Programming; Requirements; Security Engineering

Indexed keywords

ITERATIVE METHODS; SOFTWARE DESIGN;

AGILE SOFTWARE DEVELOPMENT; DEVELOPMENT METHODOLOGY; EXTREME PROGRAMMING; REQUIREMENTS; SECURITY ENGINEERING;

SOFTWARE ENGINEERING;

EID: 79960596773     PISSN: 02705257     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1137627.1137631     Document Type: Conference Paper

References (32)

1. Abrams, M. D., Security Engineering in an Evolutionary Acquisition Environment, in Proceedings of New Security Paradigms Workshop, Charlottsville, VA, 1998, pp. 11-20.
2. Aizuddin, A., The Common Criteria ISO/IEC 15408 The insight, Some Thoughts, Questions and Issues Oct. 1, 2001. http://www.sans.org/rr/whitepapers/standards/545.php accessed June 17, 2005
3. Amey P., and Chapman R., Static Verification and Extreme Programming. Proceedings of the ACM SIGAda Annual International Conference, 2003.
4. Beck K., Extreme Programming Explained: Embrace Change 2nd Edition. Addison-Wesley, 2004.
5. Beznosov, K., eXtreme Security Engineering: On Employing XP Practices to Achieve "Good Enough Security" without Defining It, in Proc. of First ACM Workshop on Business Driven Security Engineering (BizSec), Fairfax, VA, USA, Oct. 31, 2003.
6. Beznosov, K. and Kruchten, P., Towards Agile Security Assurance, Proc. of the New Security Paradigm Workshop, White Point Beach, NS, 2004, ACM, pp. 47-54.
7. Blakley B., Heath C. and members of The Open Group Security Forum, Security Design Patterns, The Open Group, 2004.
8. Breu R., Burger K., Hafner M., Jürens J., Popp G., Wimmel G. and Lotz V., Key Issues of a Formally Based Process Model for Security Engineering, 16th International Conference on Software & System Engineering & Their Applications (ICSSEA), 2003.
9. CC, ISO 15408 Common Criteria for Information Technology Sec. Evaluation Version 2.1, August 1999.
10. Chivers, H. Paige, R., Ge, X., Agile Security Using an Incremental Security Architecture. Proceedings of Extreme Programming and Agile Processes in Software Engineering 6th International Conference, XP 2005, Sheffield, UK, 2005.
11. CORAS, http://www2.nr.no/coras/, accessed in Jan. 2006
12. Flechais I M., Sasse A. and Hailes S. M. V., Bringing Security Home: A Process for Developing Secure and Usable Systems, ACM/SIGSAC New Security Paradigms Workshop, Switzerland, August 2003
13. Fowler M. and Foemmel M., Continuous Integration. URL:http://www.martinfowler.com/articles/continuousInte gration.html. Accessed in January 2006.
14. Highsmith J. A., Adaptive Software Development: A Collaborative Approach to Managing Complex Systems, New York: Dorset House, 2000.
15. Hearn, J., Does the Common Criteria paradigm have a future?, IEEE Security and Privacy, Vol. 2, Issue 1, 2004
16. Höglund, G., McGraw, G., Exploiting Software : How to Break Code, Addison-Wesley Professional, 2004
17. Hope P., McGraw G., Anton A.., Misuse and Abuse Cases, IEEE Security and Privacy, 2004
18. ISO/IEC, 4th WD 13335-2-Information Technology-Security Techniques-Management of information and communications technology security-Part 2: Techniques for information and communications technology security risk management.
19. McDermott J. and Fox C., Using abuse case models for security requirements. Proceedings of the 15ths Annual Computer Security Applications Conferences (ACSAC). IEEE Computer Society Press, 1999.
20. McDermott J. Abuse-case-based assurance arguments. Using abuse case models for security requirements, Proceedings of the 17ths Annual Computer Security Applications Conferences, 2003.
21. McGraw G. and Viega J., Building Secure Software: How to Avoid Security Problems the Right Way, Addison-Wesley, 2002.
22. Peeters J. Agile Security Requirements Engineering. Presented at the Symposium on Requirements Engineering for Information Security, 2005.
23. Poppendieck M. and Morsicato R, Using XP for Safety-Critical Software, Cutter IT Journal, 15 (9), 2002, 12-16.
24. Siponen M., Baskerville, R., Kuivalainen, T., Integrating Security into Agile Development Methods, Proc. of the 38th Hawaii International Conference on System Science, 2005
25. SSE-CMM, Systems Security Engineering Capability Maturity Model, Model Description Document Version 3.0. URL: www.sse-cmm.org/model/ssecmmv2final.pdf. Accessed in January 2004.
26. Standish Group, The Chaos Report: Extreme Chaos, West Yarmouth, MA: The Standish Group, 2001.
27. ST-Lite V 1.1, July 2002 http://www.commoncriteriaportal.org/public/expert/in dex.php?menu=6 accessed 2006-02-01
28. Fast Track, Fast Track Assessment Methodology, Information Assurance and Certification Services (IACS), CESG. http://www.cesg.gov.uk/site/iacs/index.cfm?menuSelected =3&displayPage=31 Accessed August 25 2005
29. Vetterling M. and Wimmel G., Secure Systems Development Based on the PalME project, presented at Tenth ACM SIGSOFT Symposium on Foundations of Software Engineering, Charleston, South Carolina, USA, 2002.
30. Verdon D, McGraw, G., Risk Analysis in Software Design. IEEE Security and Privacy, 2(4), 2004, pp.79-84.
31. Wäyrynen J., Bodén M. and Boström G., Security Engineering and eXtreme Programming: an Impossible marriage?, XP/Agile Universe 2004, C. Zannier, H. Erdogmus, and L. Lindstrom, Eds. LNSC3134, Berlin: Springer-Verlag, 2004, pp. 117-128.
32. XP, Extreme Programming: A Gentle Introduction. URL: http://www.extremeprogramming.org, Accessed in September 2005