Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Security engineering and eXtreme programming: An impossible marriage?
KTH, Superseded Departments, Computer and Systems Sciences, DSV.
2004 (English)In: EXTREME PROGRAMMING AND AGILE METHODS - XP/ AGILE UNIVERSE 2004, PROCEEDINGS / [ed] Zannier C, Erdogmus H, Lindstrom L, Berlin: Springer , 2004, 117-128 p.Conference paper, Published paper (Refereed)
Abstract [en]

Agile methods, such as eXtreme Programming (XP), have been criticised for being inadequate for the development of secure software. In this paper, we analyse XP from a security engineering standpoint, to assess to what extent the method can be used for development of security critical software. This is done by analysing XP in the light of two security engineering standards; the Systems Security Engineering-Capability Maturity Model (SSE-CMM) and the Common Criteria (CC). The result is that XP is more aligned with security engineering than one might think at first. However, XP also needs to be tailored to better support and to more explicitly deal with security engineering issues. Tailoring XP for secure software development, without removing the agility that is the trademark of agile methods, may be a solution that would make XP more compatible with current security engineering practices.

Place, publisher, year, edition, pages
Berlin: Springer , 2004. 117-128 p.
Series
LECTURE NOTES IN COMPUTER SCIENCE, ISSN 0302-9743 ; 3134
National Category
Information Science
Identifiers
URN: urn:nbn:se:kth:diva-5579ISI: 000223609400012Scopus ID: 2-s2.0-35048816560OAI: oai:DiVA.org:kth-5579DiVA: diva2:9991
Conference
4th Conference on Extreme Programming and Agile Methods (XP Agile Universe 2004) Calgary, CANADA, AUG 15-18, 2004
Note
QC 20101109Available from: 2006-04-10 Created: 2006-04-10 Last updated: 2011-11-01Bibliographically approved
In thesis
1. Simplifying development of secure software: Aspects and Agile methods
Open this publication in new window or tab >>Simplifying development of secure software: Aspects and Agile methods
2006 (English)Licentiate thesis, comprehensive summary (Other scientific)
Abstract [en]

Reducing the complexity of building secure software systems is an important goal as increased complexity can lead to more security flaws. This thesis aims at helping to reduce this complexity by investigating new programming techniques and software development methods for implementing secure software. We provide case studies on the use and effects of applying Aspect-oriented software development to Confidentiality, Access Control and Quality of Service implementation. We also investigate how eXtreme Programming can be used for simplifying the secure software development process by comparing it to the security engineering standards Common Criteria and the Systems Security Engineering Capability Maturity Model. We also explore the relationship between Aspect-oriented programming and Agile software development methods, such as eXtreme Programming.

Place, publisher, year, edition, pages
Kista: Data- och systemvetenskap, 2006. 20 p.
Series
Report series / DSV, ISSN 1101-8526 ; 06-007
Keyword
AOP Security Engineering Software Engineering
National Category
Information Science
Identifiers
urn:nbn:se:kth:diva-3913 (URN)
Presentation
2006-04-26, 6405, Forum, Isafjordsgatan 39, Kista, 13:00
Opponent
Supervisors
Note
QC 20101130Available from: 2006-04-10 Created: 2006-04-10 Last updated: 2010-11-30Bibliographically approved

Open Access in DiVA

No full text

Scopus

Search in DiVA

By author/editor
Boström, Gustav
By organisation
Computer and Systems Sciences, DSV
Information Science

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 76 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf