S-Scrum: a Secure Methodology for Agile Development of Web Services

Widely used in development of web services, Scrum contributes to agile service development, reducing the Time To Market (TTM) and increasing the profit to service providers. Caring for dynamic requirement changes and incremental development of web services are other advantages of employing Scrum for development of web services. However there are several problems with this methodology limiting its applicability to web service development. Scrum overlooks precise documentation of development activities to increase the development speed. Nonetheless this approach negatively affects the quality of the web services through incorporating imprecision and lack of tractability into the development process. On the other hand security as a quality attribute has always been one of the most important concerns of the web service development. To care for security of the web service we always need to incorporate security analysis and design into the development life cycle. Although there have been some attempts to care for analysis activities within the Scrum iterations, it is not clear yet how to achieve this automatically through the Scrum processes. On the other words careful engineering of security into the overall system analysis and design is often neglected. In this paper we propose a security-enhanced version of scrum i.e. Secure Scrum (S-Scrum) to accommodate security analysis and design activities within the Scrum. We have modified the scum process to care for security analysis and design through the standard Scum processes. The validity of the proposed approach is verified through formal modeling and description of the process steps. We propose a grammar for formal description of Scum process model. Keywords-Scrum; Web Service; Security; Automata.