当前位置: X-MOL 学术Int. J. Inf. Technol. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Identification and integration of security activities for secure agile development
International Journal of Information Technology Pub Date : 2020-03-05 , DOI: 10.1007/s41870-020-00446-4
Amit Sharma , R. K. Bawa

Agile software development is receiving the attention of software developers and researchers thanks to its fast software delivery and flexible development plan capabilities. The fast release and simplified documentation thus leads to the preference of the agile development model over several other traditional models. This, however, also raises critical concerns about the security issues. In this research work, we propose a framework for secure agile development. The selection of development methodology among agile versus plan driven approaches and the particular agile development method among Extreme Programming (XP), Crystal Clear, Scrum, Lean Development, Dynamic Software Development Method and Feature-Driven Development is made on the basis of the specific requirements of the project using empirical methods like AHP and PROMETHEE. Systematic Literature Review (SLR) and survey study are used to obtain the authentic industrial feedback, followed by the application of non-parametric statistical tests to identify and select the most suitable and beneficial security activities from well known security engineering processes like CLASP, Common Criteria, Cigital Touchpoints and Microsoft’s SDL. A lightweight method is also introduced for integrating these security activities identified from SLR and survey study, using a dynamic integration algorithm without compromising the agility of the process. The proposed framework for integration of these security activities is implemented in java to automate the entire process and provides maximum benefit at a low integration cost.



中文翻译:

识别和集成安全活动以实现安全敏捷开发

敏捷的软件开发因其快速的软件交付和灵活的开发计划功能而受到软件开发人员和研究人员的关注。因此,快速发布和简化的文档导致敏捷开发模型优于其他几种传统模型。但是,这也引起了对安全问题的严重关注。在这项研究工作中,我们提出了安全敏捷开发的框架。根据特定需求,在敏捷与计划驱动方法之间选择开发方法,并在极限编程(XP),Crystal Clear,Scrum,精益开发,动态软件开发方法和功能驱动开发中选择特定的敏捷开发方法。使用AHP和PROMETHEE等经验方法进行项目评估。系统文献综述(SLR)和调查研究用于获取真实的行业反馈,然后应用非参数统计测试从著名的安全工程流程(如CLASP,通用标准)中识别和选择最合适,最有益的安全活动。 ,Cigital接触点和Microsoft的SDL。还引入了一种轻量级方法,使用动态集成算法来集成从SLR和调查研究中识别出的这些安全活动,而不会影响过程的敏捷性。提议的用于集成这些安全活动的框架以Java实现,以使整个过程自动化,并以较低的集成成本提供最大的收益。然后应用非参数统计测试从著名的安全工程流程(例如CLASP,Common Criteria,Cigital Touchpoints和Microsoft的SDL)中识别并选择最合适,最有益的安全活动。还引入了一种轻量级方法,使用动态集成算法来集成从SLR和调查研究中识别出的这些安全活动,而不会影响流程的敏捷性。提议的用于集成这些安全活动的框架是用Java实现的,以使整个过程自动化,并以较低的集成成本提供最大的收益。然后应用非参数统计测试从著名的安全工程流程(例如CLASP,Common Criteria,Cigital Touchpoints和Microsoft的SDL)中识别并选择最合适,最有益的安全活动。还引入了一种轻量级方法,使用动态集成算法来集成从SLR和调查研究中识别出的这些安全活动,而不会影响过程的敏捷性。提议的用于集成这些安全活动的框架是用Java实现的,以使整个过程自动化,并以较低的集成成本提供最大的收益。Cigital接触点和Microsoft的SDL。还引入了一种轻量级方法,使用动态集成算法来集成从SLR和调查研究中识别出的这些安全活动,而不会影响流程的敏捷性。提议的用于集成这些安全活动的框架是用Java实现的,以使整个过程自动化,并以较低的集成成本提供最大的收益。Cigital接触点和Microsoft的SDL。还引入了一种轻量级方法,使用动态集成算法来集成从SLR和调查研究中识别出的这些安全活动,而不会影响流程的敏捷性。提议的用于集成这些安全活动的框架以Java实现,以使整个过程自动化,并以较低的集成成本提供最大的收益。

更新日期:2020-04-16
down
wechat
bug