Balancing Product and Process Assurance for Evolving Security Systems

International journal of secure software engineering Pub Date : 2015-01-01 DOI:10.4018/ijsse.2015010103

Wolfgang Raschke, Massimiliano Zilli, Philip Baumgartner, Johannes Loinig, C. Steger, Christian Kreiner

{"title":"Balancing Product and Process Assurance for Evolving Security Systems","authors":"Wolfgang Raschke, Massimiliano Zilli, Philip Baumgartner, Johannes Loinig, C. Steger, Christian Kreiner","doi":"10.4018/ijsse.2015010103","DOIUrl":null,"url":null,"abstract":"At present, security-related engineering usually requires a big up-front design BUFD regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In today's volatile markets customers want to be able to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash between traditional security design and evaluation processes. In this paper, the authors propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree. However, the application of the proposed evaluation method is limited by several constraints. The authors discuss these constraints and show how traditional certification schemes could be extended to better support modern industrial software development processes.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"51 1","pages":"47-75"},"PeriodicalIF":0.0000,"publicationDate":"2015-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/ijsse.2015010103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

At present, security-related engineering usually requires a big up-front design BUFD regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In today's volatile markets customers want to be able to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash between traditional security design and evaluation processes. In this paper, the authors propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree. However, the application of the proposed evaluation method is limited by several constraints. The authors discuss these constraints and show how traditional certification schemes could be extended to better support modern industrial software development processes.

查看原文本刊更多论文

为发展中的安全系统平衡产品和过程保证

目前，与安全相关的工程通常需要一个关于安全需求和安全设计的大的前期设计BUFD。除了BUFD之外，在开发结束时，安全评估过程可能需要长达几个月的时间。在当今多变的市场中，客户希望能够在开发过程中影响软件设计。敏捷过程已经被证明能够支持这些需求。然而，传统的安全设计和评估过程之间存在冲突。本文针对通用准则标准提出了一种敏捷安全评估方法。此方法由基于模型的安全需求的变更检测分析的实现来补充。该系统在很大程度上促进了敏捷安全评估过程。然而，所提出的评价方法的应用受到一些约束条件的限制。作者讨论了这些限制，并展示了如何扩展传统的认证方案以更好地支持现代工业软件开发过程。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International journal of secure software engineering

自引率

0.00%

发文量