论文信息 - Agile Security Using an Incremental Security Architecture

Agile Security Using an Incremental Security Architecture

The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This paper describes how to grow security, organically, within an agile project, by using an incremental security architecture which evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The paper also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and ‘top-down' architectures.

Richard F. Paige | Xiaocheng Ge | Howard Chivers

[1] Kent L. Beck,et al. Extreme programming explained - embrace change , 1990 .

[2] Jim Shore. Continuous design , 2004, IEEE Software.

[3] O. Murru,et al. Assessing XP at a European Internet Company , 2003, IEEE Softw..

[4] Peter Amey,et al. Static verification and extreme programming , 2004 .

[5] Darren Dalcher,et al. Choosing a development life cycle : Comparing project and product measures , 2004 .

[6] Richard F. Paige,et al. Towards agile re-engineering of dependable grid applications , 2004 .

[7] G. Stoneburner,et al. Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[8] Ravi S. Sandhu. Good-Enough Security: Toward a Pragmatic Business-Driven Discipline , 2003, IEEE Internet Comput..

[9] Konstantin Beznosov,et al. Extreme Security Engineering: On Employing XP Practices to Achieve , 2003 .

[10] Gustav Boström,et al. Security Engineering and eXtreme Programming: An Impossible Marriage? , 2004, XP/Agile Universe.

[11] Martin Fowler,et al. Refactoring - Improving the Design of Existing Code , 1999, Addison Wesley object technology series.

[12] Philippe Kruchten,et al. Towards agile security assurance , 2004, NSPW '04.