Using Assurance Cases to Develop Iteratively Security Features Using Scrum

2014-09-12
BEN OTHMANE, Lotfi
Angın, Pelin
BHARGAVA, Bharat
A security feature is a customer-valued capability of software for mitigating a set of security threats. Incremental development of security features, using the Scrum method, often leads to developing ineffective features in addressing the threats they target due to factors such as incomplete security tests. This paper proposes the use of security assurance cases to maintain a global view of the security claims as the feature is being developed iteratively and a process that enables the incremental development of security features while ensuring the security requirements of the feature are fulfilled.

Suggestions

Creating application security layer based on resource access decision service
Metin, Mehmet Özer; Şener, Cevat; Department of Computer Engineering (2007)
Different solutions have been used for each security aspects (access control, application security) to secure enterprise web applications. However combining "enterprise-level" and "application-level" security aspects in one layer could give great benefits such as reusability, manageability, and scalability. In this thesis, adding a new layer to n-tier web application architectures to provide a common evaluation and enforcement environment for both enterprise-level and application level policies to bring tog...
Creating application security layer based on resource access decision service
Metin, Mehmet Özer; Şener, Cevat; Göǧebakan, Yenal (2008-01-01)
Different solutions have been implemented for different security aspects (access control, application security) of enterprise web applications. However combining "enterprise-level" and "application-level" security aspects in one layer could give great benefits such as reusability, manageability, and scalability. In this paper, we propose adding a new layer to n-tier web application architectures, which use RAD service implementations to execute enterprise and application security policies. Proposed architec...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Özdemir Sönmez, Ferda ; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
Improving the security and flexibility of one-time passwords by signature chains
Bıçakçı, Kemal; Baykal, Nazife (TÜBİTAK, 2003)
While the classical attack of ``monitor the network and intercept the password'' can be avoided by advanced protocols like SSH, one-time passwords are still considered a viable alternative or a supplement for software authentica since they are the only ones that safeguard against attacks on insecure client machines. In this paper by using public-key techniques we present a method called signature chain alternative to Lamport's hash chain to improve security and flexibility of one-time passwords. Our proposi...
Analysis of Password Attacks From The Perspective Of The Attacker By Multiple Honeypots
Aydın, Kıvanç; Acartürk, Cengiz; Department of Cybersecurity (2021-8-19)
Authentication is vital for secure operation of ICT systems. Since the past several decades, alternative solutions have been developed for authentication, such as biometric authentication methods, aiming at replacing passwords. Nevertheless, their success has been limited as evidenced by intensive use of passwords. Today, an average user uses dozens of different passwords in daily practice. The frequent use of passwords in authentication also leads to a close interest of attackers due to rapid the expansion...
Citation Formats
L. BEN OTHMANE, P. Angın, and B. BHARGAVA, “Using Assurance Cases to Develop Iteratively Security Features Using Scrum,” 2014, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/36458.