Agile security using an incremental security architecture

H Chivers; R F Paige; X C Ge

Agile security using an incremental security architecture

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This paper describes how to grow security, organically, within an agile project, by using an incremental security architecture which evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The paper also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and 'top-down' architectures.

Original language	English
Title of host publication	EXTREME PROGRAMMING AND AGILE PROCESSES IN SOFTWARE ENGINEERING, PROCEEDINGS
Editors	H Baumeister, M Marchesi, M Holcombe
Place of Publication	BERLIN
Publisher	Springer
Pages	57-65
Number of pages	9
ISBN (Print)	3-540-26277-6
Publication status	Published - 2005
Event	6th International Conference on Extreme Programming and Agile Processes in Software Engineering - Sheffield Duration: 18 Jun 2005 → 23 Jun 2005

Conference

Conference	6th International Conference on Extreme Programming and Agile Processes in Software Engineering
City	Sheffield
Period	18/06/05 → 23/06/05

Cite this

@inproceedings{6594c42c86ec4b109a6d1c25447eaf30,

title = "Agile security using an incremental security architecture",

abstract = "The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This paper describes how to grow security, organically, within an agile project, by using an incremental security architecture which evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The paper also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and 'top-down' architectures.",

author = "H Chivers and Paige, {R F} and Ge, {X C}",

year = "2005",

language = "English",

isbn = "3-540-26277-6",

pages = "57--65",

editor = "H Baumeister and M Marchesi and M Holcombe",

booktitle = "EXTREME PROGRAMMING AND AGILE PROCESSES IN SOFTWARE ENGINEERING, PROCEEDINGS",

publisher = "Springer",

address = "Germany",

note = "6th International Conference on Extreme Programming and Agile Processes in Software Engineering ; Conference date: 18-06-2005 Through 23-06-2005",

}

TY - GEN

T1 - Agile security using an incremental security architecture

AU - Chivers, H

AU - Paige, R F

AU - Ge, X C

PY - 2005

Y1 - 2005

N2 - The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This paper describes how to grow security, organically, within an agile project, by using an incremental security architecture which evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The paper also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and 'top-down' architectures.

AB - The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This paper describes how to grow security, organically, within an agile project, by using an incremental security architecture which evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The paper also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and 'top-down' architectures.

M3 - Conference contribution

SN - 3-540-26277-6

SP - 57

EP - 65

BT - EXTREME PROGRAMMING AND AGILE PROCESSES IN SOFTWARE ENGINEERING, PROCEEDINGS

A2 - Baumeister, H

A2 - Marchesi, M

A2 - Holcombe, M

PB - Springer

CY - BERLIN

T2 - 6th International Conference on Extreme Programming and Agile Processes in Software Engineering

Y2 - 18 June 2005 through 23 June 2005

ER -