SlideShare una empresa de Scribd logo

Towards Secure Agile Agent-Oriented Digital Services

Descargar como PPTX, PDF
I
ifi8106tlu

This document outlines a research proposal to enhance agile software development approaches to integrate security when developing digital services. The researcher aims to identify security challenges and benefits related to changes in software. They will use agent-oriented modeling techniques to link security attributes to goals and principles. A case study of university software projects in Afghanistan will be used to analyze how challenges can be isolated from XP practices and benefits incorporated. The relationship between software changes, agile practices, and security will be examined. This will help answer how to holistically integrate security into XP practices for developing secure digital services.

Educación
1 de 41
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 1 Towards Secure Agile Agent-Oriented System Design Hassan Adelyar, PhD Student, Tallinn University Supervisor: Alexander Norta PhD., Senior Researcher of Tallinn University of Technology March 2015
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 2 Aim of this Research  To enhance agile software development approaches for developing secure digital services using agent-oriented modelling techniques.  Our main objectives are:  To identifying security challenges / benefits of agile during changes to software.  To isolate security challenges from agile practices.  To integrate security benefits into agile practices. (See agile practices in appendix A)
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 3 Agenda  Introduction  Agile Software Development Approach  Software Security  Advancements of the State of the Art  Analysis of the Literature  Our Proposed Approach  Relationship between changes-to-software, agile and security  Methodology  Conclusion  Bibliography  Appendices
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 4 Introduction
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 5 Agile Software Development Approach  Software Development Approaches:  Plan-driven (Waterfall)  Incremental (Agile)  Agile is a common software development approach.  Focus on delivering working software to customers.  Incremental development method, each increment contain new functionality.  Adaptive to support continuous changes at any stage of software development.
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 6  Agile Manifesto  Individuals and interactions over processes and tools  Working software over comprehensive documentation  Customer collaboration over contract negotiation  Responding to change over following a plan
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 7 Software Security  Describes techniques that control who may use, modify or access the software.  Secure system is able to prevent all unauthorized use, modification and access of software.
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 8 Security Attributes [1]: • Un-exposure of software execution to unauthorized. • Un-exposure of code to unauthorized. Confidentiality • Software work accordance to its designer desire • Adversaries should not be able to tamper with a program and cause sub-sequent execution to produce incorrect output. Integrity • Be available when needed • Execute in a predictable way • Deliver results in a predictable time frame Availability
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 9  Importance of Security  Software is a critical component for all systems.  Cloud based systems.  Agile is suitable for cloud based systems.  The Internet of Things (IoT) is also governed by cloud based systems [15].  Sociotechnical systems and service oriented computing mostly depend on secure digital services.  Absence of security in these systems can be catastrophic.
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 10  On the other hand, agility in the digital services development process does not embrace security practices [2].  Security is difficult to achieve in a software system because of a wide range of security properties and continuous changes of security threats.  Regardless, it is possible to enhance the agile software development process for secure software production.
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 11 Advancements for the State of the Art
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 12  Many researchers contribute in various ways to secure agile software development processes.  Their studies and methods differ with respect to where and how to integrate security into agile software development approaches.
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 13 Analysis of the Previous Researches  Categories (From 21 articles):  Studying / Examining / Analyzing / Explaining XP (Extreme Programming) for security (9 articles) [3], [20], [13], [4], [21], [26], [12], [24],[25].  Integrating Security into a Specific Practice of XP (4 articles) [7], [14], [19], [9].  Integrating Security in all Lifecycle of Software Development (2 articles) [23], [6].  Framework and Model for Security Guidelines (4 articles) [11], 17], [8], [10].  Other Agile Method (2 article) [27], [28].
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 14  The relevant papers lack a holistic review of security challenges and benefits in XP’s practices.  Since security is an emergent system property [30] which means properties of the system as a whole, depend on both the system components and the relationships between them and can only be evaluated once the system has been assembled.  Therefore it is not a good idea to apply security mechanisms only at some practices.  The Microsoft SDL from agile viewpoint is heavyweight because it was design to secure very large product such as Windows and Office with long development cycles.
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 15 Our Proposed Approach
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 16  The aim of our PhD research is to:  To Enhance agile software development approaches for secure digital services using agent-oriented modelling techniques.  The enhancement we study through the adaptation of extreme programming (XP) practices for the development of secure digital services.
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 17  The angle of our research is the analysis of the relationship between:  Software and changes  Need to changes  Agile and changes  Security attributes and changes ?  Security principles and changes?  Agile practices and changes ?
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 18  Agent-oriented models allow to attach quality goals to goal model and constraints to role model.  For our research we use goal model, knowledge model, role model and behavior scenario of agent-oriented modelling technique.  We link security attributes to goal model and security principles to knowledge model. We also benefit from role model and behavior scenarios to identify challenges and benefits and then properly relate them to XP practices.
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 19 Relationship Changes Need for Changes Software Agile Security Attributes Security Principles XP Practices
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 20p
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 21 Research Question  The main objective of our research is to enhance agile software development approaches for digital services security.  We identify the security challenges and benefits of XP- practices that relate to the “embrace-changes” principle of agile. Then the challenges can be isolated from XP practices and benefits can be integrated into XP practices.  Our objective is refined into the following main research question:
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 22  “How to enhance / improve XP practices for holistically integrating the security of digital services”.  The main research question is divided into the following sub-questions:  Q1) How to identify security challenges / benefits during the changes to software?  Q2) How to isolate / avoid security challenges from XP practices?  Q3) How to incorporate security benefits into XP practices?
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 23  q.1: What are security challenges for the response-to- changes?  q.2: What are security benefits for response-to-changes?  q.3: Which security attributes are affected by these challenges and benefits?
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 24  For answering these question we conduct a case-study research approach [10].  During the case study we intend to evaluate, and analyze the relative roles of the following aspects in an agile software-development process:  Software security attributes  General security principles  Agile “embrace-changes” challenges  Agile “embrace-changes” benefits  XP practices
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 25 Data Collection  Our case studies focus on practical software projects for universities in Afghanistan.  Assets for our case study are student data, passwords and software code that need to be secure.  During the case study, we conduct qualitative interviews and brainstorming sessions for identifying and discussing intangible assets with the management.
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 26  The main steps in our case study:  1) We study the negative and positive effects of changes on the security-attributes based on the security principles.  From the observation of the “changes-to- software”, we deduce hypotheses for security challenges and benefits. When a hypothesis is confirmed either as a security-challenge or security-benefits, we categorize it based on the security attributes.
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 27  The result of this step is two separate sets of challenges and benefits in the form of theories. At the same time these two opposite sets of theories support theory triangulation that is necessary for qualitative case study research.
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 28  2) The confirmed challenges are new hypotheses and through the observation process they are related to a specific XP practice(s). At this point, we are able to isolate these challenges from XP practices.  3) The confirmed benefits are also treated as new hypotheses and through the observation process they are related to a specific XP practice(s). At this point, we are able to incorporate them into XP practices.
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 29 Data Analysis  Since we conduct qualitative case studies, therefore, a qualitative data analysis method is used for all the above three cases.  We categorize the challenges and benefits based on the security attributes and our decision is based on security principles.  During the analysis we try to derive conclusions based on the chains of evidence.
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 30  The cases for our study:  Identifying security challenges and benefits,  Isolation of challenges from XP practices,  Incorporation of benefits into XP practices.  Unit of analysis:  Confidentiality  Integrity  Availability
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 31  We employ Nvivo as tool support for the analysis. (Detail in case study protocol)
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 32 Conclusion  Agile is a very flexible software development approach and we seek to use agile for satisfying security as a quality goal.  By identifying security challenges and benefits of XP’s practices, in the real-world context, we believe that agile security improve the development of secure digital services.  Our initial findings show that changes to software are an important factor for both security challenges- and benefits. Identifying security challenges and benefits for the “embrace-changes” can explore new security insights in the context of XP’s practices.
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 33  We do have a contribution of understanding in that we can integrate security features into the novel agile agent- oriented modelling (AAOM) technique and then use this method for security-aware change management in XP practices [14].
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 34 REFERENCES 1. Algirdas A., Jean-Claude Laprie, Brian Randell, and Carl Landwehr, (2004). Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transaction on Dependable and Secure Computing. 2. Bejan Baca. (2011). Agile Development with Security Engineering Activities. ACM, USA. 3. Beznosov K., (2003). Extreme Security Engineering: On Employing XP Practices to Achieve “Good Enough Security” without defining it, ACM Press. 4. Chandrabose A. and Alagarsamy K., (2011). Security Requirements Engineering – A Strategic Approach. International Journal of Computer Applications, Madurai, India. 5. Charette R., the Decision is in: Agile versus Heavy Methodologies. Agile development and Project Management, Cutter Consortium, Vol. 2 (19), February 2004. p
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 35 6. Daniel Owens, Integrating Software Security into the Software Development Lifecycle System Securities. San Diego, CA 92123, USA. 7. Emine G. Aydal, and Richard F., (2006). Security Planning and Refactoring in Extreme Programming. Department of Computer Science, University of York, UK. 8. Eystein Mathisen, and Terje Fallmyr, Using business process modelling to reduce the effects of requirements changes in software projects. 9. Gustav Boström, and Beznosov K., Extending XP Practices to Support Security Requirements Engineering. University of British Columbia, Canada. 10. Haley C. B., Laney R., (2008). Security Requirements Engineering: A Framework for Representation and Analysis. 11. Imran Daud. (2010). Secure Software Development Model: A Guide for Secure Software Life Cycle. Proceeding of the International MultiConference of Engineers and Computer Scientists, IMECS Hong Kong. p
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 36 12. Imran Ghani and Adila Firdaus, (2013). Role-based Extreme Programming (XP) for Secure Software Development. University Teknologi Malaysia, Skudai, Malaysia. 13. Imran Ghani and Izzaty Yasin, (2013). Software Security Engineering in Extreme Programming Methodology: A Systematic Literature Review. Universiti Teknologi Malaysia, Skudai, Johor, Malaysia. 14. Johan Peeters, Agile Security Requirements Engineering. 15. Ovidiu Vermesan & Peter Friess Internet of Things – From Research and Innovation to Market Deployment, River Publishers, Chicago, USA, 2014. 16. Per Runeson, Martin Host, and Austen Rainer, (2012), Case Study Research in Software Engineering. John Wiley & Sons, Inc., Hoboken, New Jersey, USA. 17. Salini P. and Kanmani S., (2010). A Model Based Security Requirements Engineering Framework. International Journal of Computer Engineering and Technology (IJCET). Volume 1, Number 1 p
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 37 18. Saltzer, Jerome H. & Schroeder, (1975). The Protection of Information in Computer Systems. 1278-1308. in Proceedings of the IEEE. 19. Sonia Archana Singhal, Jyoti Balwani, (2014). Analysing Security and Software Requirements using Multi-Layered Iterative Model. Delhi, India. 20. Steffen Bartsch. Practitioners’ Perspectives on Security in Agile Development. TZI, University of Bremen, Bremen, Germany. 21. Stephen Wood, and Chris Thomson, (2014). Successful extreme programming: Fidelity to the methodology or good team working? University of Leicester, Leicester, UK. 22. Tanel Tenso and Kuldar Taveter, Requirements Engineering With Agent-Oriented Models, Department of Informatics, Tallinn University of Technology. 23. Security Development Lifecycle for Agile Development, 2009 Microsoft Corporation. p
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 38 24. Christopher Wood & Gregory Knox, (Guidelines for Agile Security Requirements Engineering. 25. George Grispos & William Bradley Glisson, Rethinking Security Incident Response: The Integration of Agile Principles, AMCIS 2014. 26. J. Wäyrynen, M. Bodén, and G. Boström, "Security Engineering and eXtreme Programming: an Impossible marriage?," in Extreme programming and agile methodsXP/Agile Universe 2004, C. Zannier, H. Erdogmus, and L. Lindstrom, Eds. LNSC3134, Berlin: Springer-Verlag, 2004, pp. 117-128. 27. Adila Firdaus, Imran Ghani, and Nor Izzaty Mohd Yasin, Developing Secure Websites Using Feature Driven Development (FDD): A Case Study. Journal of Clean Energy Technologies, Vol. 1, No. 4, October 2013. 28. Abdullahi Sani, Adila Firdaus, Seung Ryul Jeong, Imran Ghani, A Review on Software Development Security Engineering using Dynamic System Method (DSDM). International Journal of Computer Applications (0975 – 8887) Volume 69– No.25, May 2013. 29. Ian Sommerville, SOFTWARE ENGINEERING Ninth Edition, Addison-Wesley, USA, 2011. p
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 39 Appendix A: XP Practices  XP carries out agile principles through its own practices. There are 12 related practices and works best for small teams of 5 to 15 developers. The following is the list for XP practices:  Small release  Simple Design  Planning game  Continuous integration  On-site customer p
Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 40  Codding standard  Refactoring  Pair programming  Testing  Metaphor  Collective ownership  40-hour weeks p
Thank You

Recomendados

Building a security strategy?
Building a security strategy?Building a security strategy?
Building a security strategy?Lori McInnes
 
Manning Information Security Strategy
Manning Information Security StrategyManning Information Security Strategy
Manning Information Security StrategyDonald Tabone
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...IJECEIAES
 
Conducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class DesignConducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class DesignIJCSIS Research Publications
 
A New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsA New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsPECB
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo
 
Itpi metricon 0906a final
Itpi metricon 0906a finalItpi metricon 0906a final
Itpi metricon 0906a finalGene Kim
 

Recomendados

Building a security strategy?
Building a security strategy?Building a security strategy?
Building a security strategy?Lori McInnes
 
Manning Information Security Strategy
Manning Information Security StrategyManning Information Security Strategy
Manning Information Security StrategyDonald Tabone
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...IJECEIAES
 
Conducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class DesignConducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class DesignIJCSIS Research Publications
 
A New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsA New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsPECB
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo
 
Itpi metricon 0906a final
Itpi metricon 0906a finalItpi metricon 0906a final
Itpi metricon 0906a finalGene Kim
 
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D cscpconf
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
 
Securitymetrics
SecuritymetricsSecuritymetrics
SecuritymetricsManish Kumar
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistIvan Piskunov
 
SECURING SOFTWARE DEVELOPMENT STAGES USING ASPECT-ORIENTATION CONCEPTS
SECURING SOFTWARE DEVELOPMENT STAGES USING ASPECT-ORIENTATION CONCEPTSSECURING SOFTWARE DEVELOPMENT STAGES USING ASPECT-ORIENTATION CONCEPTS
SECURING SOFTWARE DEVELOPMENT STAGES USING ASPECT-ORIENTATION CONCEPTSijseajournal
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security BaselineBarry Caplin
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2newbie2019
 
ISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust FrameworkISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust FrameworkMaganathin Veeraragaloo
 
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...CSCJournals
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...iFour Consultancy
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationNetwork Intelligence India
 
Redspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin, Inc.
 
Security
SecuritySecurity
Securitya1aass
 
BSI 100-30
BSI 100-30BSI 100-30
BSI 100-30Sergey Erohin
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001powertech
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistLloyd's Register Quality Assurance Nederland
 
Sncs2015 cybersecurityy risk and control jakarta 3-4 juni 2015 ver01
Sncs2015 cybersecurityy risk and control jakarta 3-4 juni 2015 ver01Sncs2015 cybersecurityy risk and control jakarta 3-4 juni 2015 ver01
Sncs2015 cybersecurityy risk and control jakarta 3-4 juni 2015 ver01Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
2016-04-27 research seminar
2016-04-27 research seminar2016-04-27 research seminar
2016-04-27 research seminarifi8106tlu
 
2016-02-03 research seminar
2016-02-03 research seminar2016-02-03 research seminar
2016-02-03 research seminarifi8106tlu
 

Más contenido relacionado

La actualidad más candente

SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D cscpconf
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistIvan Piskunov
 
SECURING SOFTWARE DEVELOPMENT STAGES USING ASPECT-ORIENTATION CONCEPTS
SECURING SOFTWARE DEVELOPMENT STAGES USING ASPECT-ORIENTATION CONCEPTSSECURING SOFTWARE DEVELOPMENT STAGES USING ASPECT-ORIENTATION CONCEPTS
SECURING SOFTWARE DEVELOPMENT STAGES USING ASPECT-ORIENTATION CONCEPTSijseajournal
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security BaselineBarry Caplin
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2newbie2019
 
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...CSCJournals
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...iFour Consultancy
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationNetwork Intelligence India
 
Redspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin, Inc.
 
Security
SecuritySecurity
Securitya1aass
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001powertech
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 

La actualidad más candente (20)

SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
 
Securitymetrics
SecuritymetricsSecuritymetrics
Securitymetrics
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
 
SECURING SOFTWARE DEVELOPMENT STAGES USING ASPECT-ORIENTATION CONCEPTS
SECURING SOFTWARE DEVELOPMENT STAGES USING ASPECT-ORIENTATION CONCEPTSSECURING SOFTWARE DEVELOPMENT STAGES USING ASPECT-ORIENTATION CONCEPTS
SECURING SOFTWARE DEVELOPMENT STAGES USING ASPECT-ORIENTATION CONCEPTS
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security Baseline
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
 
ISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust FrameworkISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust Framework
 
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
 
Redspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP Template
 
Security
SecuritySecurity
Security
 
BSI 100-30
BSI 100-30BSI 100-30
BSI 100-30
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
 
Sncs2015 cybersecurityy risk and control jakarta 3-4 juni 2015 ver01
Sncs2015 cybersecurityy risk and control jakarta 3-4 juni 2015 ver01Sncs2015 cybersecurityy risk and control jakarta 3-4 juni 2015 ver01
Sncs2015 cybersecurityy risk and control jakarta 3-4 juni 2015 ver01
 

Destacado

2016-04-27 research seminar
2016-04-27 research seminar2016-04-27 research seminar
2016-04-27 research seminarifi8106tlu
 
2016-02-03 research seminar
2016-02-03 research seminar2016-02-03 research seminar
2016-02-03 research seminarifi8106tlu
 
2015-02-25 research seminal, Paul Seitlinger
2015-02-25 research seminal, Paul Seitlinger2015-02-25 research seminal, Paul Seitlinger
2015-02-25 research seminal, Paul Seitlingerifi8106tlu
 
2015-04-29 research seminar
2015-04-29 research seminar2015-04-29 research seminar
2015-04-29 research seminarifi8106tlu
 
Mihai Bizoi: "Three FP7 projects at University of Valahia: PROFILES, IRRESIST...
Mihai Bizoi: "Three FP7 projects at University of Valahia: PROFILES, IRRESIST...Mihai Bizoi: "Three FP7 projects at University of Valahia: PROFILES, IRRESIST...
Mihai Bizoi: "Three FP7 projects at University of Valahia: PROFILES, IRRESIST...ifi8106tlu
 
2015-02-11 research seminar
2015-02-11 research seminar2015-02-11 research seminar
2015-02-11 research seminarifi8106tlu
 
Doc@home, April 2014
Doc@home, April 2014Doc@home, April 2014
Doc@home, April 2014ifi8106tlu
 
Agnieszka Szóstek: Positive psychology
Agnieszka Szóstek: Positive psychologyAgnieszka Szóstek: Positive psychology
Agnieszka Szóstek: Positive psychologyifi8106tlu
 
2015-04-22 research seminar
2015-04-22 research seminar2015-04-22 research seminar
2015-04-22 research seminarifi8106tlu
 
2015-03-11 research seminar part 1
2015-03-11 research seminar part 12015-03-11 research seminar part 1
2015-03-11 research seminar part 1ifi8106tlu
 
Mart Laanpere: EDU cloud IFI seminar
Mart Laanpere: EDU cloud IFI seminarMart Laanpere: EDU cloud IFI seminar
Mart Laanpere: EDU cloud IFI seminarifi8106tlu
 
2015-10-21 research seminar
2015-10-21 research seminar2015-10-21 research seminar
2015-10-21 research seminarifi8106tlu
 
2015-02-12 research seminar
2015-02-12 research seminar2015-02-12 research seminar
2015-02-12 research seminarifi8106tlu
 
2015-10-28 research seminar
2015-10-28 research seminar2015-10-28 research seminar
2015-10-28 research seminarifi8106tlu
 
2015-12-09 research seminar
2015-12-09 research seminar2015-12-09 research seminar
2015-12-09 research seminarifi8106tlu
 
Research seminar opening 2015
Research seminar opening 2015Research seminar opening 2015
Research seminar opening 2015ifi8106tlu
 
2016-02-17 research seminar
2016-02-17 research seminar2016-02-17 research seminar
2016-02-17 research seminarifi8106tlu
 
2016-04-13 research seminar presentation
2016-04-13 research seminar presentation2016-04-13 research seminar presentation
2016-04-13 research seminar presentationifi8106tlu
 
2015-02-25-1 research-seminar
2015-02-25-1 research-seminar2015-02-25-1 research-seminar
2015-02-25-1 research-seminarifi8106tlu
 
2015-02-04 research seminar
2015-02-04 research seminar2015-02-04 research seminar
2015-02-04 research seminarifi8106tlu
 

Destacado (20)

2016-04-27 research seminar
2016-04-27 research seminar2016-04-27 research seminar
2016-04-27 research seminar
 
2016-02-03 research seminar
2016-02-03 research seminar2016-02-03 research seminar
2016-02-03 research seminar
 
2015-02-25 research seminal, Paul Seitlinger
2015-02-25 research seminal, Paul Seitlinger2015-02-25 research seminal, Paul Seitlinger
2015-02-25 research seminal, Paul Seitlinger
 
2015-04-29 research seminar
2015-04-29 research seminar2015-04-29 research seminar
2015-04-29 research seminar
 
Mihai Bizoi: "Three FP7 projects at University of Valahia: PROFILES, IRRESIST...
Mihai Bizoi: "Three FP7 projects at University of Valahia: PROFILES, IRRESIST...Mihai Bizoi: "Three FP7 projects at University of Valahia: PROFILES, IRRESIST...
Mihai Bizoi: "Three FP7 projects at University of Valahia: PROFILES, IRRESIST...
 
2015-02-11 research seminar
2015-02-11 research seminar2015-02-11 research seminar
2015-02-11 research seminar
 
Doc@home, April 2014
Doc@home, April 2014Doc@home, April 2014
Doc@home, April 2014
 
Agnieszka Szóstek: Positive psychology
Agnieszka Szóstek: Positive psychologyAgnieszka Szóstek: Positive psychology
Agnieszka Szóstek: Positive psychology
 
2015-04-22 research seminar
2015-04-22 research seminar2015-04-22 research seminar
2015-04-22 research seminar
 
2015-03-11 research seminar part 1
2015-03-11 research seminar part 12015-03-11 research seminar part 1
2015-03-11 research seminar part 1
 
Mart Laanpere: EDU cloud IFI seminar
Mart Laanpere: EDU cloud IFI seminarMart Laanpere: EDU cloud IFI seminar
Mart Laanpere: EDU cloud IFI seminar
 
2015-10-21 research seminar
2015-10-21 research seminar2015-10-21 research seminar
2015-10-21 research seminar
 
2015-02-12 research seminar
2015-02-12 research seminar2015-02-12 research seminar
2015-02-12 research seminar
 
2015-10-28 research seminar
2015-10-28 research seminar2015-10-28 research seminar
2015-10-28 research seminar
 
2015-12-09 research seminar
2015-12-09 research seminar2015-12-09 research seminar
2015-12-09 research seminar
 
Research seminar opening 2015
Research seminar opening 2015Research seminar opening 2015
Research seminar opening 2015
 
2016-02-17 research seminar
2016-02-17 research seminar2016-02-17 research seminar
2016-02-17 research seminar
 
2016-04-13 research seminar presentation
2016-04-13 research seminar presentation2016-04-13 research seminar presentation
2016-04-13 research seminar presentation
 
2015-02-25-1 research-seminar
2015-02-25-1 research-seminar2015-02-25-1 research-seminar
2015-02-25-1 research-seminar
 
2015-02-04 research seminar
2015-02-04 research seminar2015-02-04 research seminar
2015-02-04 research seminar
 

Similar a Towards Secure Agile Agent-Oriented Digital Services

Penetration testing in agile software
Penetration testing in agile softwarePenetration testing in agile software
Penetration testing in agile softwareijcisjournal
 
An integrated security testing framework and tool
An integrated security testing framework and toolAn integrated security testing framework and tool
An integrated security testing framework and toolMoutasm Tamimi
 
Integrating of security activates in agile process
Integrating of security activates in agile processIntegrating of security activates in agile process
Integrating of security activates in agile processZubair Rahim
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramMichael Davis
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORKPROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORKIJCSEA Journal
 
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...IJNSA Journal
 
Security Level Analysis of Academic Information Systems Based on Standard ISO...
Security Level Analysis of Academic Information Systems Based on Standard ISO...Security Level Analysis of Academic Information Systems Based on Standard ISO...
Security Level Analysis of Academic Information Systems Based on Standard ISO...IJCSIS Research Publications
 
Suitability of Agile Methods for Safety-Critical Systems Development: A Surve...
Suitability of Agile Methods for Safety-Critical Systems Development: A Surve...Suitability of Agile Methods for Safety-Critical Systems Development: A Surve...
Suitability of Agile Methods for Safety-Critical Systems Development: A Surve...Editor IJCATR
 
Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...hack2s
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
A SYSTEMATIC LITERATURE REVIEW ON SECURE SOFTWARE DEVELOPMENT AGILE PERSPECT...
A SYSTEMATIC LITERATURE REVIEW ON SECURE SOFTWARE DEVELOPMENT AGILE PERSPECT...A SYSTEMATIC LITERATURE REVIEW ON SECURE SOFTWARE DEVELOPMENT AGILE PERSPECT...
A SYSTEMATIC LITERATURE REVIEW ON SECURE SOFTWARE DEVELOPMENT AGILE PERSPECT...Hannah Baker
 
A REVIEW OF SECURITY INTEGRATION TECHNIQUE IN AGILE SOFTWARE DEVELOPMENT
A REVIEW OF SECURITY INTEGRATION TECHNIQUE IN AGILE SOFTWARE DEVELOPMENTA REVIEW OF SECURITY INTEGRATION TECHNIQUE IN AGILE SOFTWARE DEVELOPMENT
A REVIEW OF SECURITY INTEGRATION TECHNIQUE IN AGILE SOFTWARE DEVELOPMENTijseajournal
 
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...cscpconf
 
Comparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC ModelsComparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC ModelsIRJET Journal
 
SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)
SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)
SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)ijcsit
 
SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)
SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)
SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)AIRCC Publishing Corporation
 

Similar a Towards Secure Agile Agent-Oriented Digital Services (20)

Se project-methodology-for-security-project-web
Se project-methodology-for-security-project-webSe project-methodology-for-security-project-web
Se project-methodology-for-security-project-web
 
Penetration testing in agile software
Penetration testing in agile softwarePenetration testing in agile software
Penetration testing in agile software
 
An integrated security testing framework and tool
An integrated security testing framework and toolAn integrated security testing framework and tool
An integrated security testing framework and tool
 
Integrating of security activates in agile process
Integrating of security activates in agile processIntegrating of security activates in agile process
Integrating of security activates in agile process
 
Agile security
Agile securityAgile security
Agile security
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit Program
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORKPROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
 
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...
AN EXTENDED SECURITY MEASUREMENT FRAMEWORK FOR OPEN-SOURCE ENTERPRISE RESOURC...
 
Security Level Analysis of Academic Information Systems Based on Standard ISO...
Security Level Analysis of Academic Information Systems Based on Standard ISO...Security Level Analysis of Academic Information Systems Based on Standard ISO...
Security Level Analysis of Academic Information Systems Based on Standard ISO...
 
E1804012536
E1804012536E1804012536
E1804012536
 
Suitability of Agile Methods for Safety-Critical Systems Development: A Surve...
Suitability of Agile Methods for Safety-Critical Systems Development: A Surve...Suitability of Agile Methods for Safety-Critical Systems Development: A Surve...
Suitability of Agile Methods for Safety-Critical Systems Development: A Surve...
 
Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
A SYSTEMATIC LITERATURE REVIEW ON SECURE SOFTWARE DEVELOPMENT AGILE PERSPECT...
A SYSTEMATIC LITERATURE REVIEW ON SECURE SOFTWARE DEVELOPMENT AGILE PERSPECT...A SYSTEMATIC LITERATURE REVIEW ON SECURE SOFTWARE DEVELOPMENT AGILE PERSPECT...
A SYSTEMATIC LITERATURE REVIEW ON SECURE SOFTWARE DEVELOPMENT AGILE PERSPECT...
 
A REVIEW OF SECURITY INTEGRATION TECHNIQUE IN AGILE SOFTWARE DEVELOPMENT
A REVIEW OF SECURITY INTEGRATION TECHNIQUE IN AGILE SOFTWARE DEVELOPMENTA REVIEW OF SECURITY INTEGRATION TECHNIQUE IN AGILE SOFTWARE DEVELOPMENT
A REVIEW OF SECURITY INTEGRATION TECHNIQUE IN AGILE SOFTWARE DEVELOPMENT
 
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...
 
Comparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC ModelsComparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC Models
 
SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)
SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)
SECURETI: ADVANCED SDLC AND PROJECT MANAGEMENT TOOL FOR TI(PHILIPPINES)
 
SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)
SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)
SECURETI: Advanced SDLC and Project Management Tool for TI (Philippines)
 

Más de ifi8106tlu

2016-05-30 Venia Legendi (CEITER): Minna Huotilainen
2016-05-30 Venia Legendi (CEITER): Minna Huotilainen2016-05-30 Venia Legendi (CEITER): Minna Huotilainen
2016-05-30 Venia Legendi (CEITER): Minna Huotilainenifi8106tlu
 
2016-05-31 Venia Legendi (CEITER): Adolfo Ruiz Calleja
2016-05-31 Venia Legendi (CEITER): Adolfo Ruiz Calleja2016-05-31 Venia Legendi (CEITER): Adolfo Ruiz Calleja
2016-05-31 Venia Legendi (CEITER): Adolfo Ruiz Callejaifi8106tlu
 
2016-05-31 Venia Legendi (CEITER): Sergey Sosnovsky
2016-05-31 Venia Legendi (CEITER): Sergey Sosnovsky2016-05-31 Venia Legendi (CEITER): Sergey Sosnovsky
2016-05-31 Venia Legendi (CEITER): Sergey Sosnovskyifi8106tlu
 
2016-05-30 Venia Legendi (CEITER): Luis Pablo Prieto
2016-05-30 Venia Legendi (CEITER): Luis Pablo Prieto2016-05-30 Venia Legendi (CEITER): Luis Pablo Prieto
2016-05-30 Venia Legendi (CEITER): Luis Pablo Prietoifi8106tlu
 
2016-05-30 Venia Legendi (CEITER): Maria Jesus Rodriguez Triana
2016-05-30 Venia Legendi (CEITER): Maria Jesus Rodriguez Triana2016-05-30 Venia Legendi (CEITER): Maria Jesus Rodriguez Triana
2016-05-30 Venia Legendi (CEITER): Maria Jesus Rodriguez Trianaifi8106tlu
 
2016-05-27 Venia Legendi (CEITER): Paul Seitlinger
2016-05-27 Venia Legendi (CEITER): Paul Seitlinger2016-05-27 Venia Legendi (CEITER): Paul Seitlinger
2016-05-27 Venia Legendi (CEITER): Paul Seitlingerifi8106tlu
 
2016-05-27 Venia Legendi (CEITER): Terje Väljataga
2016-05-27 Venia Legendi (CEITER): Terje Väljataga2016-05-27 Venia Legendi (CEITER): Terje Väljataga
2016-05-27 Venia Legendi (CEITER): Terje Väljatagaifi8106tlu
 
2016-05-11 research seminar
2016-05-11 research seminar2016-05-11 research seminar
2016-05-11 research seminarifi8106tlu
 
2016-05-04 research seminar
2016-05-04 research seminar2016-05-04 research seminar
2016-05-04 research seminarifi8106tlu
 
Venia Legendi 2016: Pille Eslon
Venia Legendi 2016: Pille EslonVenia Legendi 2016: Pille Eslon
Venia Legendi 2016: Pille Eslonifi8106tlu
 
Venia Legendi 2016: Maria Zeltser
Venia Legendi 2016: Maria ZeltserVenia Legendi 2016: Maria Zeltser
Venia Legendi 2016: Maria Zeltserifi8106tlu
 
Venia legendi 2016 Andi Kivinukk
Venia legendi 2016 Andi KivinukkVenia legendi 2016 Andi Kivinukk
Venia legendi 2016 Andi Kivinukkifi8106tlu
 
2016-04-27 research seminar, 2nd presenter
2016-04-27 research seminar, 2nd presenter2016-04-27 research seminar, 2nd presenter
2016-04-27 research seminar, 2nd presenterifi8106tlu
 
EstCORE veebinar
EstCORE veebinarEstCORE veebinar
EstCORE veebinarifi8106tlu
 
2016-04-20 research seminar
2016-04-20 research seminar2016-04-20 research seminar
2016-04-20 research seminarifi8106tlu
 
2016-04-13 research seminar appendix
2016-04-13 research seminar appendix2016-04-13 research seminar appendix
2016-04-13 research seminar appendixifi8106tlu
 
2016-04-06 research seminar
2016-04-06 research seminar2016-04-06 research seminar
2016-04-06 research seminarifi8106tlu
 
2016 03-16 research seminar
2016 03-16 research seminar2016 03-16 research seminar
2016 03-16 research seminarifi8106tlu
 
2016 03-09 research seminar
2016 03-09 research seminar2016 03-09 research seminar
2016 03-09 research seminarifi8106tlu
 
2016-03-02 research seminar
2016-03-02 research seminar2016-03-02 research seminar
2016-03-02 research seminarifi8106tlu
 

Más de ifi8106tlu (20)

2016-05-30 Venia Legendi (CEITER): Minna Huotilainen
2016-05-30 Venia Legendi (CEITER): Minna Huotilainen2016-05-30 Venia Legendi (CEITER): Minna Huotilainen
2016-05-30 Venia Legendi (CEITER): Minna Huotilainen
 
2016-05-31 Venia Legendi (CEITER): Adolfo Ruiz Calleja
2016-05-31 Venia Legendi (CEITER): Adolfo Ruiz Calleja2016-05-31 Venia Legendi (CEITER): Adolfo Ruiz Calleja
2016-05-31 Venia Legendi (CEITER): Adolfo Ruiz Calleja
 
2016-05-31 Venia Legendi (CEITER): Sergey Sosnovsky
2016-05-31 Venia Legendi (CEITER): Sergey Sosnovsky2016-05-31 Venia Legendi (CEITER): Sergey Sosnovsky
2016-05-31 Venia Legendi (CEITER): Sergey Sosnovsky
 
2016-05-30 Venia Legendi (CEITER): Luis Pablo Prieto
2016-05-30 Venia Legendi (CEITER): Luis Pablo Prieto2016-05-30 Venia Legendi (CEITER): Luis Pablo Prieto
2016-05-30 Venia Legendi (CEITER): Luis Pablo Prieto
 
2016-05-30 Venia Legendi (CEITER): Maria Jesus Rodriguez Triana
2016-05-30 Venia Legendi (CEITER): Maria Jesus Rodriguez Triana2016-05-30 Venia Legendi (CEITER): Maria Jesus Rodriguez Triana
2016-05-30 Venia Legendi (CEITER): Maria Jesus Rodriguez Triana
 
2016-05-27 Venia Legendi (CEITER): Paul Seitlinger
2016-05-27 Venia Legendi (CEITER): Paul Seitlinger2016-05-27 Venia Legendi (CEITER): Paul Seitlinger
2016-05-27 Venia Legendi (CEITER): Paul Seitlinger
 
2016-05-27 Venia Legendi (CEITER): Terje Väljataga
2016-05-27 Venia Legendi (CEITER): Terje Väljataga2016-05-27 Venia Legendi (CEITER): Terje Väljataga
2016-05-27 Venia Legendi (CEITER): Terje Väljataga
 
2016-05-11 research seminar
2016-05-11 research seminar2016-05-11 research seminar
2016-05-11 research seminar
 
2016-05-04 research seminar
2016-05-04 research seminar2016-05-04 research seminar
2016-05-04 research seminar
 
Venia Legendi 2016: Pille Eslon
Venia Legendi 2016: Pille EslonVenia Legendi 2016: Pille Eslon
Venia Legendi 2016: Pille Eslon
 
Venia Legendi 2016: Maria Zeltser
Venia Legendi 2016: Maria ZeltserVenia Legendi 2016: Maria Zeltser
Venia Legendi 2016: Maria Zeltser
 
Venia legendi 2016 Andi Kivinukk
Venia legendi 2016 Andi KivinukkVenia legendi 2016 Andi Kivinukk
Venia legendi 2016 Andi Kivinukk
 
2016-04-27 research seminar, 2nd presenter
2016-04-27 research seminar, 2nd presenter2016-04-27 research seminar, 2nd presenter
2016-04-27 research seminar, 2nd presenter
 
EstCORE veebinar
EstCORE veebinarEstCORE veebinar
EstCORE veebinar
 
2016-04-20 research seminar
2016-04-20 research seminar2016-04-20 research seminar
2016-04-20 research seminar
 
2016-04-13 research seminar appendix
2016-04-13 research seminar appendix2016-04-13 research seminar appendix
2016-04-13 research seminar appendix
 
2016-04-06 research seminar
2016-04-06 research seminar2016-04-06 research seminar
2016-04-06 research seminar
 
2016 03-16 research seminar
2016 03-16 research seminar2016 03-16 research seminar
2016 03-16 research seminar
 
2016 03-09 research seminar
2016 03-09 research seminar2016 03-09 research seminar
2016 03-09 research seminar
 
2016-03-02 research seminar
2016-03-02 research seminar2016-03-02 research seminar
2016-03-02 research seminar
 

Último

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 

Último (20)

Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 

Towards Secure Agile Agent-Oriented Digital Services

  • 1. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 1 Towards Secure Agile Agent-Oriented System Design Hassan Adelyar, PhD Student, Tallinn University Supervisor: Alexander Norta PhD., Senior Researcher of Tallinn University of Technology March 2015
  • 2. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 2 Aim of this Research  To enhance agile software development approaches for developing secure digital services using agent-oriented modelling techniques.  Our main objectives are:  To identifying security challenges / benefits of agile during changes to software.  To isolate security challenges from agile practices.  To integrate security benefits into agile practices. (See agile practices in appendix A)
  • 3. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 3 Agenda  Introduction  Agile Software Development Approach  Software Security  Advancements of the State of the Art  Analysis of the Literature  Our Proposed Approach  Relationship between changes-to-software, agile and security  Methodology  Conclusion  Bibliography  Appendices
  • 4. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 4 Introduction
  • 5. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 5 Agile Software Development Approach  Software Development Approaches:  Plan-driven (Waterfall)  Incremental (Agile)  Agile is a common software development approach.  Focus on delivering working software to customers.  Incremental development method, each increment contain new functionality.  Adaptive to support continuous changes at any stage of software development.
  • 6. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 6  Agile Manifesto  Individuals and interactions over processes and tools  Working software over comprehensive documentation  Customer collaboration over contract negotiation  Responding to change over following a plan
  • 7. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 7 Software Security  Describes techniques that control who may use, modify or access the software.  Secure system is able to prevent all unauthorized use, modification and access of software.
  • 8. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 8 Security Attributes [1]: • Un-exposure of software execution to unauthorized. • Un-exposure of code to unauthorized. Confidentiality • Software work accordance to its designer desire • Adversaries should not be able to tamper with a program and cause sub-sequent execution to produce incorrect output. Integrity • Be available when needed • Execute in a predictable way • Deliver results in a predictable time frame Availability
  • 9. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 9  Importance of Security  Software is a critical component for all systems.  Cloud based systems.  Agile is suitable for cloud based systems.  The Internet of Things (IoT) is also governed by cloud based systems [15].  Sociotechnical systems and service oriented computing mostly depend on secure digital services.  Absence of security in these systems can be catastrophic.
  • 10. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 10  On the other hand, agility in the digital services development process does not embrace security practices [2].  Security is difficult to achieve in a software system because of a wide range of security properties and continuous changes of security threats.  Regardless, it is possible to enhance the agile software development process for secure software production.
  • 11. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 11 Advancements for the State of the Art
  • 12. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 12  Many researchers contribute in various ways to secure agile software development processes.  Their studies and methods differ with respect to where and how to integrate security into agile software development approaches.
  • 13. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 13 Analysis of the Previous Researches  Categories (From 21 articles):  Studying / Examining / Analyzing / Explaining XP (Extreme Programming) for security (9 articles) [3], [20], [13], [4], [21], [26], [12], [24],[25].  Integrating Security into a Specific Practice of XP (4 articles) [7], [14], [19], [9].  Integrating Security in all Lifecycle of Software Development (2 articles) [23], [6].  Framework and Model for Security Guidelines (4 articles) [11], 17], [8], [10].  Other Agile Method (2 article) [27], [28].
  • 14. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 14  The relevant papers lack a holistic review of security challenges and benefits in XP’s practices.  Since security is an emergent system property [30] which means properties of the system as a whole, depend on both the system components and the relationships between them and can only be evaluated once the system has been assembled.  Therefore it is not a good idea to apply security mechanisms only at some practices.  The Microsoft SDL from agile viewpoint is heavyweight because it was design to secure very large product such as Windows and Office with long development cycles.
  • 15. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 15 Our Proposed Approach
  • 16. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 16  The aim of our PhD research is to:  To Enhance agile software development approaches for secure digital services using agent-oriented modelling techniques.  The enhancement we study through the adaptation of extreme programming (XP) practices for the development of secure digital services.
  • 17. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 17  The angle of our research is the analysis of the relationship between:  Software and changes  Need to changes  Agile and changes  Security attributes and changes ?  Security principles and changes?  Agile practices and changes ?
  • 18. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 18  Agent-oriented models allow to attach quality goals to goal model and constraints to role model.  For our research we use goal model, knowledge model, role model and behavior scenario of agent-oriented modelling technique.  We link security attributes to goal model and security principles to knowledge model. We also benefit from role model and behavior scenarios to identify challenges and benefits and then properly relate them to XP practices.
  • 19. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 19 Relationship Changes Need for Changes Software Agile Security Attributes Security Principles XP Practices
  • 20. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 20p
  • 21. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 21 Research Question  The main objective of our research is to enhance agile software development approaches for digital services security.  We identify the security challenges and benefits of XP- practices that relate to the “embrace-changes” principle of agile. Then the challenges can be isolated from XP practices and benefits can be integrated into XP practices.  Our objective is refined into the following main research question:
  • 22. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 22  “How to enhance / improve XP practices for holistically integrating the security of digital services”.  The main research question is divided into the following sub-questions:  Q1) How to identify security challenges / benefits during the changes to software?  Q2) How to isolate / avoid security challenges from XP practices?  Q3) How to incorporate security benefits into XP practices?
  • 23. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 23  q.1: What are security challenges for the response-to- changes?  q.2: What are security benefits for response-to-changes?  q.3: Which security attributes are affected by these challenges and benefits?
  • 24. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 24  For answering these question we conduct a case-study research approach [10].  During the case study we intend to evaluate, and analyze the relative roles of the following aspects in an agile software-development process:  Software security attributes  General security principles  Agile “embrace-changes” challenges  Agile “embrace-changes” benefits  XP practices
  • 25. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 25 Data Collection  Our case studies focus on practical software projects for universities in Afghanistan.  Assets for our case study are student data, passwords and software code that need to be secure.  During the case study, we conduct qualitative interviews and brainstorming sessions for identifying and discussing intangible assets with the management.
  • 26. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 26  The main steps in our case study:  1) We study the negative and positive effects of changes on the security-attributes based on the security principles.  From the observation of the “changes-to- software”, we deduce hypotheses for security challenges and benefits. When a hypothesis is confirmed either as a security-challenge or security-benefits, we categorize it based on the security attributes.
  • 27. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 27  The result of this step is two separate sets of challenges and benefits in the form of theories. At the same time these two opposite sets of theories support theory triangulation that is necessary for qualitative case study research.
  • 28. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 28  2) The confirmed challenges are new hypotheses and through the observation process they are related to a specific XP practice(s). At this point, we are able to isolate these challenges from XP practices.  3) The confirmed benefits are also treated as new hypotheses and through the observation process they are related to a specific XP practice(s). At this point, we are able to incorporate them into XP practices.
  • 29. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 29 Data Analysis  Since we conduct qualitative case studies, therefore, a qualitative data analysis method is used for all the above three cases.  We categorize the challenges and benefits based on the security attributes and our decision is based on security principles.  During the analysis we try to derive conclusions based on the chains of evidence.
  • 30. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 30  The cases for our study:  Identifying security challenges and benefits,  Isolation of challenges from XP practices,  Incorporation of benefits into XP practices.  Unit of analysis:  Confidentiality  Integrity  Availability
  • 31. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 31  We employ Nvivo as tool support for the analysis. (Detail in case study protocol)
  • 32. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 32 Conclusion  Agile is a very flexible software development approach and we seek to use agile for satisfying security as a quality goal.  By identifying security challenges and benefits of XP’s practices, in the real-world context, we believe that agile security improve the development of secure digital services.  Our initial findings show that changes to software are an important factor for both security challenges- and benefits. Identifying security challenges and benefits for the “embrace-changes” can explore new security insights in the context of XP’s practices.
  • 33. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 33  We do have a contribution of understanding in that we can integrate security features into the novel agile agent- oriented modelling (AAOM) technique and then use this method for security-aware change management in XP practices [14].
  • 34. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 34 REFERENCES 1. Algirdas A., Jean-Claude Laprie, Brian Randell, and Carl Landwehr, (2004). Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transaction on Dependable and Secure Computing. 2. Bejan Baca. (2011). Agile Development with Security Engineering Activities. ACM, USA. 3. Beznosov K., (2003). Extreme Security Engineering: On Employing XP Practices to Achieve “Good Enough Security” without defining it, ACM Press. 4. Chandrabose A. and Alagarsamy K., (2011). Security Requirements Engineering – A Strategic Approach. International Journal of Computer Applications, Madurai, India. 5. Charette R., the Decision is in: Agile versus Heavy Methodologies. Agile development and Project Management, Cutter Consortium, Vol. 2 (19), February 2004. p
  • 35. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 35 6. Daniel Owens, Integrating Software Security into the Software Development Lifecycle System Securities. San Diego, CA 92123, USA. 7. Emine G. Aydal, and Richard F., (2006). Security Planning and Refactoring in Extreme Programming. Department of Computer Science, University of York, UK. 8. Eystein Mathisen, and Terje Fallmyr, Using business process modelling to reduce the effects of requirements changes in software projects. 9. Gustav Boström, and Beznosov K., Extending XP Practices to Support Security Requirements Engineering. University of British Columbia, Canada. 10. Haley C. B., Laney R., (2008). Security Requirements Engineering: A Framework for Representation and Analysis. 11. Imran Daud. (2010). Secure Software Development Model: A Guide for Secure Software Life Cycle. Proceeding of the International MultiConference of Engineers and Computer Scientists, IMECS Hong Kong. p
  • 36. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 36 12. Imran Ghani and Adila Firdaus, (2013). Role-based Extreme Programming (XP) for Secure Software Development. University Teknologi Malaysia, Skudai, Malaysia. 13. Imran Ghani and Izzaty Yasin, (2013). Software Security Engineering in Extreme Programming Methodology: A Systematic Literature Review. Universiti Teknologi Malaysia, Skudai, Johor, Malaysia. 14. Johan Peeters, Agile Security Requirements Engineering. 15. Ovidiu Vermesan & Peter Friess Internet of Things – From Research and Innovation to Market Deployment, River Publishers, Chicago, USA, 2014. 16. Per Runeson, Martin Host, and Austen Rainer, (2012), Case Study Research in Software Engineering. John Wiley & Sons, Inc., Hoboken, New Jersey, USA. 17. Salini P. and Kanmani S., (2010). A Model Based Security Requirements Engineering Framework. International Journal of Computer Engineering and Technology (IJCET). Volume 1, Number 1 p
  • 37. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 37 18. Saltzer, Jerome H. & Schroeder, (1975). The Protection of Information in Computer Systems. 1278-1308. in Proceedings of the IEEE. 19. Sonia Archana Singhal, Jyoti Balwani, (2014). Analysing Security and Software Requirements using Multi-Layered Iterative Model. Delhi, India. 20. Steffen Bartsch. Practitioners’ Perspectives on Security in Agile Development. TZI, University of Bremen, Bremen, Germany. 21. Stephen Wood, and Chris Thomson, (2014). Successful extreme programming: Fidelity to the methodology or good team working? University of Leicester, Leicester, UK. 22. Tanel Tenso and Kuldar Taveter, Requirements Engineering With Agent-Oriented Models, Department of Informatics, Tallinn University of Technology. 23. Security Development Lifecycle for Agile Development, 2009 Microsoft Corporation. p
  • 38. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 38 24. Christopher Wood & Gregory Knox, (Guidelines for Agile Security Requirements Engineering. 25. George Grispos & William Bradley Glisson, Rethinking Security Incident Response: The Integration of Agile Principles, AMCIS 2014. 26. J. Wäyrynen, M. Bodén, and G. Boström, "Security Engineering and eXtreme Programming: an Impossible marriage?," in Extreme programming and agile methodsXP/Agile Universe 2004, C. Zannier, H. Erdogmus, and L. Lindstrom, Eds. LNSC3134, Berlin: Springer-Verlag, 2004, pp. 117-128. 27. Adila Firdaus, Imran Ghani, and Nor Izzaty Mohd Yasin, Developing Secure Websites Using Feature Driven Development (FDD): A Case Study. Journal of Clean Energy Technologies, Vol. 1, No. 4, October 2013. 28. Abdullahi Sani, Adila Firdaus, Seung Ryul Jeong, Imran Ghani, A Review on Software Development Security Engineering using Dynamic System Method (DSDM). International Journal of Computer Applications (0975 – 8887) Volume 69– No.25, May 2013. 29. Ian Sommerville, SOFTWARE ENGINEERING Ninth Edition, Addison-Wesley, USA, 2011. p
  • 39. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 39 Appendix A: XP Practices  XP carries out agile principles through its own practices. There are 12 related practices and works best for small teams of 5 to 15 developers. The following is the list for XP practices:  Small release  Simple Design  Planning game  Continuous integration  On-site customer p
  • 40. Towards Secure Agile Agent-Oriented System Design 4, Mar. 2015 40  Codding standard  Refactoring  Pair programming  Testing  Metaphor  Collective ownership  40-hour weeks p