Using Assurance Cases to Develop Iteratively Effective Security Features
نویسندگان
چکیده
A security feature is a customer-valued capability of software for mitigating a set of security threats. Incremental development of security features, using the Scrum method, often leads to developing ineffective features in addressing the threats they target due to factors such as incomplete security tests. This paper proposes the use of security assurance cases to maintain a global view of the security claims as the feature is being developed iteratively and a process that enables the incremental development of security features while ensuring the traceability of tests to security requirements such that it ensures the effectiveness of implemented features.
منابع مشابه
Acquisition of Software - Reliant Capabilities
To improve the security of software systems, we need to improve the software development processes used to produce them. Software security assurance cases have been proposed as a way of establishing security properties of software at different phases of the software development lifecycle; however, these assurance cases are difficult to write, communicate and introduce into an already burdened s...
متن کاملQuantitative Assessment of Cloud Security Level Agreements - A Case Study
The users of Cloud Service Providers (CSP) often motivate their choice of providers based on criteria such as the offered service level agreements (SLA) and costs, and also recently based on security aspects (i.e., due to regulatory compliance). Unfortunately, it is quite uncommon for a CSP to specify the security levels associated with their services, hence impeding users from making security ...
متن کاملCorporate wireless LAN security: threats and an effective security assessment framework for wireless information assurance
In this paper, we propose the necessary steps in implementing strong WLAN security for companies using our visual security assessment framework for wireless information assurance. Through real case studies on the organisations with various security measures and by showing complete execution paths of our framework, we suggest the importance of continual assessment of the WLAN for strong corporat...
متن کاملA Methodology for Security Assurance Driven Development
In this work we introduce an assurance methodology that integrates assurance case creation with system development. It has been developed in order to provide trust and privacy assurance to the evolving European project PICOS (Privacy and Identity Management for Community Services), an international research project focused on mobile communities and community-supporting services, with special em...
متن کاملRigorous and Automatic Testing of Web Applications
As web applications become more and more prevalent, the quality assurance of web applications has become more and more important. Due to the complexity of the underlying technologies of web applications, it is more challenging to test web applications than conventional software. It is critical to develop effective methodologies and tools for testing web applications. In this paper, we propose a...
متن کامل