Agile Security Using an Incremental Security Architecture

Howard Chivers, Richard F. Paige, Xiaocheng Ge

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

22 Citations (Scopus)


The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This paper describes how to grow security, organically, within an agile project, by using an incremental security architecture which evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The paper also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and 'top-down' architectures.

Original languageEnglish
Title of host publicationExtreme Programming and Agile Processes in Software Engineering
Subtitle of host publication6th International Conference, XP 2005, Sheffield, UK, June 18-23, 2005, Proceedings
EditorsHubert Baumeister, Michele Marchesi, Mike Holcombe
PublisherSpringer-Verlag Berlin Heidelberg
Number of pages9
VolumeLNCS 3556
ISBN (Electronic)9783540314875
ISBN (Print)9783540262770
Publication statusPublished - 2005
Externally publishedYes
EventThe 6th International Conference on Extreme Programming and Agile Processes in Software Engineering - Sheffield, United Kingdom
Duration: 18 Jun 200523 Jun 2005
Conference number: 6

Publication series

NameLecture Notes in Computer Science (Programming and Software Engineering)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceThe 6th International Conference on Extreme Programming and Agile Processes in Software Engineering
Abbreviated titleXP 2005
Country/TerritoryUnited Kingdom
Internet address


Dive into the research topics of 'Agile Security Using an Incremental Security Architecture'. Together they form a unique fingerprint.

Cite this