research-article

FISA-XP: an agile-based integration of security activities with extreme programming

Authors:

Archana Singhal,

Hema BanatiAuthors Info & Claims

ACM SIGSOFT Software Engineering Notes, Volume 39, Issue 3

Pages 1 - 14

https://doi.org/10.1145/2597716.2597728

Published: 04 June 2014 Publication History

Abstract

The steep rise in security threats has forced organizations to adopt sound security practices right from the development stage of any software project. With the rising popularity of lightweight, agile methodologies, this becomes more complicated. This paper proposes a framework, FISA-XP, which can be adopted for the development of a secure software system. The proposed framework integrates security activities with the core activities of Extreme Programming based on their degree of agility. In order to calculate agility degree, some agility features are selected using a threshold value. The compatibility of the agile activities with security activities is subsequently assessed by introducing an integration matrix that describes whether integration of an agile activity with each security activity is possible or not. This framework assists in integrating security activities with agile activities, keeping the combined agility degree within acceptable limits. Thus, our approach introduces an Acceptable Agility Reduction Factor, which gives a threshold value for an acceptable reduction in agility degree. If reduction in combined agility degree is below the threshold value then that security activity is not accepted for integration. TISA-XP, an automated tool, has been designed to enable developers to use FISA-XP practically. This tool has been used by a software-developing company on an experimental basis and the feedback reflects its practical feasibility.

References

[1]

Sonia, A. Singhal, Integration Analysis of Security Activities from the perspective of agility. In International Conference on Agile and Lean software methods (AI 2012), FEBRUARY 17-19, Bengaluru, India.

Digital Library

[2]

Sonia, A. Singhal, H. Banati, Measuring Relative Importance of Agility Features Contributing Towards Agility of a Software Process. In Fifth International Conference on Advances in Recent Technologies in Communication and Computing, ARTCom 2013, Bangalore, India, Elsevier.

[3]

W. Al-Ahmad, Building Secure Software using XP. International Journal of Secure Software Engineering (IJSSE) Volume 2, Issue 3, 2011. 14 pages.

Digital Library

[4]

K. Beznosov, Extreme Security Engineering: On Employing XP Practices to Achieve 'Good Enough Security' without Defining It. First ACM Workshop on Business Driven Security Engineering (BizSec), Fairfax, VA, 31 October, 2003.

[5]

K. Beck, Embracing Change with Extreme Programming. IEEE Computer, vol. 32 no. 10. October 1999, pp. 70--77.

Digital Library

[6]

A. Qumer, B. Henderson-Sellers, An evaluation of the degree of agility in six agile methods and its applicability for method engineering. Information and Software Technology 50 (2008), Elsevier PP. 280--295

Digital Library

[7]

H. Keramati, S. Hassan, M. Hosseinabadi, Integrating software development security activities with agile methodologies. IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2008.

Digital Library

[8]

J. Wäyrynen, M. Bodén, G. Boström, Security Engineering and eXtreme Programming: An Impossible Marriage? In Proceedings of the 4th Conference on Extreme Programming and Agile Methods. 2004, Springer-Verlag, Lecture Notes in Computer Science. p. 117.

[9]

X. Ge, R.F. Paige, F. Polack, P. Brooke, Extreme Programming Security Practices. Concas, G. et al. (eds.) XP 2007, LNCS 4536, pp. 226--230. Springer, Heidelberg, 2007.

Digital Library

[10]

M. Siponen, R. Baskerville, T. Kuivalainen, Integrating security into agile development methods. In Proceedings of the 38th Annual Hawaii International Conference on System Sciences, 2005.

Digital Library

[11]

Sonia, A. Singhal, Development of Agile Security Framework using a Hybrid Technique for Requirements Elicitation. In International Conference on Advances in Computing, Communication and Control (ICAC3) 2011, Mumbai, India, Vol. 125, Part1, pp. 178--188.

[12]

Sonia, A. Singhal, H. Banati, Fuzzy Logic Approach for Threat Prioritization in Agile Security Framework using DREAD model. In IJCSI International Journal of Computer Science Issues, Vol. 8, Issue 4, No. 1, July 2011, Mauritius.

[13]

Extreme Programming: a gentle introduction http://www.extremeprogramming.org/

[14]

Saaty, Thomas L., "How to Make a Decision: The Analytical Hierarchy Process" Interfaces 24: 6, pp19--43, November-December 1994.

Digital Library

[15]

Saaty, Thomas L., "Decision making with the analytic hierarchy process", In International Journal of Services Sciences, Vol. 1, No. 1,2008.

[16]

Sarker, S., Munson, C.L., Sarker, S., and Chakraborty, S., "Assessing relative contribution of facets of agility to distributed systems development success: An analytic hierarchy process approach." European Journal of Information Systems, 18(4), 285--299, 2009.

[17]

Yang, S.L., Li, T.F., "Agility evaluation of mass customization product manufacturing" Journal of Materials Processing Technology 129 (1-3) 2002, 640--644.

[18]

K. Beznosov, P. Kruchten, Towards Agile Security Assurance. In Proceedings of The New Security Paradigms Workshop,White Point Beach Resort, Nova Scotia, Canada, 20--23 September 2004.

Digital Library

[19]

G. Boström, J. Wäyrynen, M. Bodén, K. Beznosov, Extending XP Practices to Support Security Requirements Engineering.SESS'06, May 20-21, 2006, Shanghai, China.

Digital Library

[20]

Ren, J., Yusuf, Y.Y., Burns, N.D., "A prototype of measurement system for agile enterprise. In: International Conference on Quality, Reliability, and Maintenance". Oxford, UK, pp. 247--252, 2000.

[21]

Ren, J., Yusuf, Y.Y., Burns, N.D., "A decision-support framework for agile enterprise partnering". In The International Journal of Advanced Manufacturing Technology, March 2009, Volume 41, Issue 1-2, pp 180--192.

[22]

B. Sherehiy, W. Karwowski, J. K. Layer, A review of enterprise agility: Concepts, frameworks, and attributes. International Journal of industrial ergonomics 37 (2007), Elsevier PP. 445--460.

[23]

K. Beck, Manifesto for Agile Software Development, February 2001.

[24]

The Agile Alliance Home Page, http://www.agilealliance.org/home.

[25]

Safe Code Review, A guide to most effective secure development practice in use today, 2008. http://www.safecode.org/publications/SAFECode_Dev_Practices1008.pdf

[26]

White Paper Review, Application Security by Designweb.securityinnovation.com/whitepaper-library/

[27]

B. D. Win, R. Scandariato, K. Buyens, J. Grégoire, W. Joosen, On the secure software development process: CLASP, SDL and touchpoints compared. Information and Software Technology. Volume 51, Issue 7, July 2009, Pages 1152--1171. Elsevier.

Digital Library

[28]

R.G. Epstein, A software engineering course with an emphasis on software processes and security. Software Engineering Education and Training, 2008. CSEET '08 pp. 67--73. IEEE April 2008

Digital Library

[29]

Jalote, P.: An Integrated Approach To Software Engineering, Narosa Publishing House, Second Edition. Pg. 199

Digital Library

[30]

OWASP,https://www.owasp.org/index.php/Category:OWASP_CLASP_Project

[31]

Build Security In, https://buildsecurityin.uscert.gov/bsi/articles/bestpractices/requirements/548BSI.html

[32]

D. Baca, B. Carlsson, Agile development with security engineering activities. Proceedings of the 2011 International Conference on Software and Systems Process ICSSP 2011:149--158, ACM New York, USA.

Digital Library

Cited By

Shafik W(2024)Agile Security StrategiesSmart and Agile Cybersecurity for IoT and IIoT Environments10.4018/979-8-3693-3451-5.ch004(82-101)Online publication date: 30-Jun-2024
https://doi.org/10.4018/979-8-3693-3451-5.ch004
Selva-Mora AQuesada-López C(2024)Security Practices in Agile Software Development: A Mapping StudyProceedings of the 7th ACM/IEEE International Workshop on Software-intensive Business10.1145/3643690.3648241(56-63)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.1145/3643690.3648241
Rindell KHyrynsalmi SLeppänen V(2022)Security Assurance in Agile Software Development MethodsResearch Anthology on Agile Software, Software Development, and Testing10.4018/978-1-6684-3702-5.ch046(929-946)Online publication date: 2022
https://doi.org/10.4018/978-1-6684-3702-5.ch046
Show More Cited By

FISA-XP: an agile-based integration of security activities with extreme programming
1. Software and its engineering
  1. Software creation and management

Recommendations

Integration Analysis of Security Activities from the Perspective of Agility
AGILEINDIA '12: Proceedings of the 2012 Agile India

To combat the increasing trends of security breaches reported nowadays, there is a need to deploy strict security activities with various development methodologies. In the present work we are focusing on an extremely popular agile development ...
Securing Agile: Assessing the Impact of Security Activities on Agile Development
EASE '24: Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering

Software systems are expected to be secure and robust. To verify and ensure software security, it is vital to include security activities, or development practices to detect and prevent security vulnerabilities, into the software development process. ...
Agile Practices: The Impact on Trust in Software Project Teams

Agile software development involves self-managing teams that are empowered and responsible for meeting project goals in whatever way they deem suitable. Managers must place more trust in such teams than they do in teams following more traditional ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGSOFT Software Engineering Notes

ACM SIGSOFT Software Engineering Notes Volume 39, Issue 3

May 2014

73 pages

ISSN:0163-5948

DOI:10.1145/2597716

Editor:
Mike Wing

Issue’s Table of Contents

Copyright © 2014 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 June 2014

Published in SIGSOFT Volume 39, Issue 3

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
426
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)1

Reflects downloads up to 21 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shafik W(2024)Agile Security StrategiesSmart and Agile Cybersecurity for IoT and IIoT Environments10.4018/979-8-3693-3451-5.ch004(82-101)Online publication date: 30-Jun-2024
https://doi.org/10.4018/979-8-3693-3451-5.ch004
Selva-Mora AQuesada-López C(2024)Security Practices in Agile Software Development: A Mapping StudyProceedings of the 7th ACM/IEEE International Workshop on Software-intensive Business10.1145/3643690.3648241(56-63)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.1145/3643690.3648241
Rindell KHyrynsalmi SLeppänen V(2022)Security Assurance in Agile Software Development MethodsResearch Anthology on Agile Software, Software Development, and Testing10.4018/978-1-6684-3702-5.ch046(929-946)Online publication date: 2022
https://doi.org/10.4018/978-1-6684-3702-5.ch046
Tashtoush YDarweesh DHusari GDarwish ODarwish YIssa LAshqar H(2022)Agile Approaches for Cybersecurity Systems, IoT and Intelligent TransportationIEEE Access10.1109/ACCESS.2021.313686110(1360-1375)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2021.3136861
Jabangwe RKuusinen KRiisom KHubel MAlradhi HNielsen N(2021)Challenges and Solutions for Addressing Software Security in Agile Software DevelopmentResearch Anthology on Recent Trends, Tools, and Implications of Computer Programming10.4018/978-1-7998-3016-0.ch085(1875-1888)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-3016-0.ch085
Rindell KHyrynsalmi SLeppänen V(2019)Challenges in Agile Security EngineeringExploring Security in Software Architecture and Design10.4018/978-1-5225-6313-6.ch012(287-312)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-6313-6.ch012
Rindell KHyrynsalmi SLeppänen V(2019)Security Assurance in Agile Software Development MethodsExploring Security in Software Architecture and Design10.4018/978-1-5225-6313-6.ch003(47-68)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-6313-6.ch003
Jabangwe RKuusinen KRiisom KHubel MAlradhi HNielsen N(2018)Challenges and Solutions for Addressing Software Security in Agile Software DevelopmentInternational Journal of Systems and Software Security and Protection10.4018/IJSSSP.20180101019:1(1-17)Online publication date: Jan-2018
https://doi.org/10.4018/IJSSSP.2018010101
Rindell KHyrynsalmi SLeppänen V(2017)Busting a MythProceedings of the 12th International Conference on Availability, Reliability and Security10.1145/3098954.3103170(1-10)Online publication date: 29-Aug-2017
https://dl.acm.org/doi/10.1145/3098954.3103170

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents