Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Simplifying development of secure software: Aspects and Agile methods
KTH, School of Computer Science and Communication (CSC), Numerical Analysis and Computer Science, NADA.
2006 (English)Licentiate thesis, comprehensive summary (Other scientific)
Abstract [en]

Reducing the complexity of building secure software systems is an important goal as increased complexity can lead to more security flaws. This thesis aims at helping to reduce this complexity by investigating new programming techniques and software development methods for implementing secure software. We provide case studies on the use and effects of applying Aspect-oriented software development to Confidentiality, Access Control and Quality of Service implementation. We also investigate how eXtreme Programming can be used for simplifying the secure software development process by comparing it to the security engineering standards Common Criteria and the Systems Security Engineering Capability Maturity Model. We also explore the relationship between Aspect-oriented programming and Agile software development methods, such as eXtreme Programming.

Place, publisher, year, edition, pages
Kista: Data- och systemvetenskap , 2006. , 20 p.
Series
Report series / DSV, ISSN 1101-8526 ; 06-007
Keyword [en]
AOP Security Engineering Software Engineering
National Category
Information Science
Identifiers
URN: urn:nbn:se:kth:diva-3913OAI: oai:DiVA.org:kth-3913DiVA: diva2:9994
Presentation
2006-04-26, 6405, Forum, Isafjordsgatan 39, Kista, 13:00
Opponent
Supervisors
Note
QC 20101130Available from: 2006-04-10 Created: 2006-04-10 Last updated: 2010-11-30Bibliographically approved
List of papers
1. Database Encryption as an Aspect
Open this publication in new window or tab >>Database Encryption as an Aspect
2004 (English)In: AOSD'04 International Conference on Aspect-Oriented Software Development  : Papers, 2004Conference paper, Published paper (Refereed)
Abstract [en]

Encryption is an important method for implementing confidentiality in information systems. Unfortunately applying encryption effectively can be quite complicated. Encryption, as well as other security concerns, is also often spread out in an application making implementation difficult. This crosscutting nature of encryption makes it a potentially ideal candidate for implementation using AOP. In this article we provide an example of how database encryption was applied using AOP with AspectJ on a real-life healthcare database application. Although the attempt was promising with regards to modularity, amount of effort and security engineering, it also revealed problems related to substring queries that need to be solved to make the approach really useful.

Keyword
Aspect Oriented Programming, Encryption, Separation of Concern, Java, Database Management, Confidentiality, Security
National Category
Information Science
Identifiers
urn:nbn:se:kth:diva-5576 (URN)
Conference
AOSD Conference 2004, Workshop AOSDSEC, March 22-26, 2004, Lancaster UK
Note
QC 20101130. Uppdaterad från Manuskript till Konferensbidrag (20101130).Available from: 2006-04-10 Created: 2006-04-10 Last updated: 2010-11-30Bibliographically approved
2. A case study on estimating the software engineering properties of implementing database encryption as and aspect
Open this publication in new window or tab >>A case study on estimating the software engineering properties of implementing database encryption as and aspect
2005 (English)In:  SPLAT 05: Papers, 2005Conference paper, Published paper (Refereed)
National Category
Information Science
Identifiers
urn:nbn:se:kth:diva-5577 (URN)
Conference
SPLAT, Workshop in conjunction with the Fourth International Conference on Aspect-Oriented Software Development (AOSD 2005), March 14–18, 2005, Chicago, Illinois, USA
Note
QC 20101130Available from: 2006-04-10 Created: 2006-04-10 Last updated: 2010-11-30Bibliographically approved
3. Aspects in the user interface: the case of access control
Open this publication in new window or tab >>Aspects in the user interface: the case of access control
(English)Article in journal (Other academic) Submitted
National Category
Information Science
Identifiers
urn:nbn:se:kth:diva-5578 (URN)
Note
QC 20101130Available from: 2006-04-10 Created: 2006-04-10 Last updated: 2010-11-30Bibliographically approved
4. Security engineering and eXtreme programming: An impossible marriage?
Open this publication in new window or tab >>Security engineering and eXtreme programming: An impossible marriage?
2004 (English)In: EXTREME PROGRAMMING AND AGILE METHODS - XP/ AGILE UNIVERSE 2004, PROCEEDINGS / [ed] Zannier C, Erdogmus H, Lindstrom L, Berlin: Springer , 2004, 117-128 p.Conference paper, Published paper (Refereed)
Abstract [en]

Agile methods, such as eXtreme Programming (XP), have been criticised for being inadequate for the development of secure software. In this paper, we analyse XP from a security engineering standpoint, to assess to what extent the method can be used for development of security critical software. This is done by analysing XP in the light of two security engineering standards; the Systems Security Engineering-Capability Maturity Model (SSE-CMM) and the Common Criteria (CC). The result is that XP is more aligned with security engineering than one might think at first. However, XP also needs to be tailored to better support and to more explicitly deal with security engineering issues. Tailoring XP for secure software development, without removing the agility that is the trademark of agile methods, may be a solution that would make XP more compatible with current security engineering practices.

Place, publisher, year, edition, pages
Berlin: Springer, 2004
Series
LECTURE NOTES IN COMPUTER SCIENCE, ISSN 0302-9743 ; 3134
National Category
Information Science
Identifiers
urn:nbn:se:kth:diva-5579 (URN)000223609400012 ()2-s2.0-35048816560 (Scopus ID)
Conference
4th Conference on Extreme Programming and Agile Methods (XP Agile Universe 2004) Calgary, CANADA, AUG 15-18, 2004
Note
QC 20101109Available from: 2006-04-10 Created: 2006-04-10 Last updated: 2011-11-01Bibliographically approved
5. Aspects in the Agile toobox
Open this publication in new window or tab >>Aspects in the Agile toobox
2005 (English)In:   SPLAT 05: Papers, 2005Conference paper, Published paper (Refereed)
National Category
Information Science
Identifiers
urn:nbn:se:kth:diva-5580 (URN)
Conference
SPLAT, Workshop in conjunction with the Fourth International Conference on Aspect-Oriented Software Development (AOSD 2005), March 14–18, 2005, Chicago, Illinois, USA
Note
QC 20101130Available from: 2006-04-10 Created: 2006-04-10 Last updated: 2010-11-30Bibliographically approved
6. Moving from internal to external services using aspects
Open this publication in new window or tab >>Moving from internal to external services using aspects
2006 (English)In: Interoperability of Enterprise Software and Applications, Springer, 2006, 301-310 p.Conference paper, Published paper (Refereed)
Abstract [en]

Service oriented computing and web service technology provide the means to structure an organisation’s internal IT resources into a highly integrated network of services. In e-business and business process integration the internal services are interconnected with other, external organisations’ resources to form virtual organisations. This move from using services internally to external use puts new non-functional requirements on the service implementation. Without any supporting technologies, meeting these new requirements can result in re-writing or changing a large part of the service implementation. In this paper we argue that aspect oriented programming is an important technique that can be used to facilitate the implementation of the new requirements that arises when moving from internal to external services. The suggested solution is illustrated by an example where quality of service metrics is implemented by using aspect oriented programming.

Place, publisher, year, edition, pages
Springer, 2006
Keyword
Service oriented computing, Non-functional requirements, Interoperability, Aspect oriented programming
National Category
Information Science
Identifiers
urn:nbn:se:kth:diva-5581 (URN)10.1007/1-84628-152-0_27 (DOI)000235866800027 ()1-84628-151-2 (ISBN)
Conference
INTEROP-ESA’2005, 1st International Conference on Interoperability of Enterprise Software and Applications,Geneva, Switzerland, 2005-02-23/25.
Note

QC 20101129

Available from: 2006-04-10 Created: 2006-04-10 Last updated: 2012-10-17Bibliographically approved

Open Access in DiVA

fulltext(165 kB)2103 downloads
File information
File name FULLTEXT01.pdfFile size 165 kBChecksum MD5
617c6332ac3435c12b2b73076db373712e1bfefadd57f9f7302d26e83465f7646ec92660
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Boström, Gustav
By organisation
Numerical Analysis and Computer Science, NADA
Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 2103 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 799 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf