Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Using Assurance Cases to Develop Iteratively Security Features Using Scrum
Date
2014-09-12
Author
BEN OTHMANE, Lotfi
Angın, Pelin
BHARGAVA, Bharat
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
199
views
0
downloads
Cite This
A security feature is a customer-valued capability of software for mitigating a set of security threats. Incremental development of security features, using the Scrum method, often leads to developing ineffective features in addressing the threats they target due to factors such as incomplete security tests. This paper proposes the use of security assurance cases to maintain a global view of the security claims as the feature is being developed iteratively and a process that enables the incremental development of security features while ensuring the security requirements of the feature are fulfilled.
Subject Keywords
Security
,
Software
,
Iterative methods
,
Complexity theory
,
Libraries
,
Games
,
Algorithm design and analysis
URI
https://hdl.handle.net/11511/36458
DOI
https://doi.org/10.1109/ares.2014.73
Collections
Department of Computer Engineering, Conference / Seminar
Suggestions
OpenMETU
Core
Creating application security layer based on resource access decision service
Metin, Mehmet Özer; Şener, Cevat; Department of Computer Engineering (2007)
Different solutions have been used for each security aspects (access control, application security) to secure enterprise web applications. However combining "enterprise-level" and "application-level" security aspects in one layer could give great benefits such as reusability, manageability, and scalability. In this thesis, adding a new layer to n-tier web application architectures to provide a common evaluation and enforcement environment for both enterprise-level and application level policies to bring tog...
Creating application security layer based on resource access decision service
Metin, Mehmet Özer; Şener, Cevat; Göǧebakan, Yenal (2008-01-01)
Different solutions have been implemented for different security aspects (access control, application security) of enterprise web applications. However combining "enterprise-level" and "application-level" security aspects in one layer could give great benefits such as reusability, manageability, and scalability. In this paper, we propose adding a new layer to n-tier web application architectures, which use RAD service implementations to execute enterprise and application security policies. Proposed architec...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
Improving the security and flexibility of one-time passwords by signature chains
Bıçakçı, Kemal; Baykal, Nazife (TÜBİTAK, 2003)
While the classical attack of ``monitor the network and intercept the password'' can be avoided by advanced protocols like SSH, one-time passwords are still considered a viable alternative or a supplement for software authentica since they are the only ones that safeguard against attacks on insecure client machines. In this paper by using public-key techniques we present a method called signature chain alternative to Lamport's hash chain to improve security and flexibility of one-time passwords. Our proposi...
Analysis of Password Attacks From The Perspective Of The Attacker By Multiple Honeypots
Aydın, Kıvanç; Acartürk, Cengiz; Department of Cybersecurity (2021-8-19)
Authentication is vital for secure operation of ICT systems. Since the past several decades, alternative solutions have been developed for authentication, such as biometric authentication methods, aiming at replacing passwords. Nevertheless, their success has been limited as evidenced by intensive use of passwords. Today, an average user uses dozens of different passwords in daily practice. The frequent use of passwords in authentication also leads to a close interest of attackers due to rapid the expansion...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
L. BEN OTHMANE, P. Angın, and B. BHARGAVA, “Using Assurance Cases to Develop Iteratively Security Features Using Scrum,” 2014, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/36458.