Agile development of security- critical enterprise system

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This chapter describes how to grow security, organically, within an agile project, by using an incremental security architecture that evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The chapter also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and "top-down" architectures.

Original languageEnglish
Title of host publicationStandards and Standardization
Subtitle of host publicationConcepts, Methodologies, Tools, and Applications
PublisherIGI Global
Pages629-651
Number of pages23
ISBN (Electronic)9781466681125
ISBN (Print)146668111X, 9781466681118
DOIs
Publication statusPublished - 28 Feb 2015
Externally publishedYes

Fingerprint

Industry

Cite this

Ge, X. (2015). Agile development of security- critical enterprise system. In Standards and Standardization: Concepts, Methodologies, Tools, and Applications (pp. 629-651). IGI Global. https://doi.org/10.4018/978-1-4666-8111-8.ch029
Ge, Xiaocheng. / Agile development of security- critical enterprise system. Standards and Standardization: Concepts, Methodologies, Tools, and Applications. IGI Global, 2015. pp. 629-651
@inbook{768232c419a748cd82495acde6c8df2e,
title = "Agile development of security- critical enterprise system",
abstract = "The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This chapter describes how to grow security, organically, within an agile project, by using an incremental security architecture that evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The chapter also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and {"}top-down{"} architectures.",
author = "Xiaocheng Ge",
year = "2015",
month = "2",
day = "28",
doi = "10.4018/978-1-4666-8111-8.ch029",
language = "English",
isbn = "146668111X",
pages = "629--651",
booktitle = "Standards and Standardization",
publisher = "IGI Global",

}

Ge, X 2015, Agile development of security- critical enterprise system. in Standards and Standardization: Concepts, Methodologies, Tools, and Applications. IGI Global, pp. 629-651. https://doi.org/10.4018/978-1-4666-8111-8.ch029

Agile development of security- critical enterprise system. / Ge, Xiaocheng.

Standards and Standardization: Concepts, Methodologies, Tools, and Applications. IGI Global, 2015. p. 629-651.

Research output: Chapter in Book/Report/Conference proceedingChapter

TY - CHAP

T1 - Agile development of security- critical enterprise system

AU - Ge, Xiaocheng

PY - 2015/2/28

Y1 - 2015/2/28

N2 - The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This chapter describes how to grow security, organically, within an agile project, by using an incremental security architecture that evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The chapter also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and "top-down" architectures.

AB - The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This chapter describes how to grow security, organically, within an agile project, by using an incremental security architecture that evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The chapter also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and "top-down" architectures.

UR - http://www.scopus.com/inward/record.url?scp=84959210669&partnerID=8YFLogxK

U2 - 10.4018/978-1-4666-8111-8.ch029

DO - 10.4018/978-1-4666-8111-8.ch029

M3 - Chapter

SN - 146668111X

SN - 9781466681118

SP - 629

EP - 651

BT - Standards and Standardization

PB - IGI Global

ER -

Ge X. Agile development of security- critical enterprise system. In Standards and Standardization: Concepts, Methodologies, Tools, and Applications. IGI Global. 2015. p. 629-651 https://doi.org/10.4018/978-1-4666-8111-8.ch029