增量式软件开发的有效安全保障——以Zen Cart应用程序为例

2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI:10.1109/ARES.2016.86

L. B. Othmane, Azmat Ali

{"title":"增量式软件开发的有效安全保障——以Zen Cart应用程序为例","authors":"L. B. Othmane, Azmat Ali","doi":"10.1109/ARES.2016.86","DOIUrl":null,"url":null,"abstract":"Incremental software development methods, such as Scrum embrace code changes to meet changing customer requirements. However, changing the code of a given software invalidates the security assurance of the software. Thus, each new version of a given software requires a new full security assessment. This paper investigates the impact of incremental development of software on their security assurances using the e-commerce software Zen Cart as a case study. It also describes a prototype we are developing to design security assurance cases and trace the impact of code changes on the security assurance of the given software. A security assurance case shows how a claim, such as \"The system is acceptably secure\" is supported by objective evidence.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"93 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Towards Effective Security Assurance for Incremental Software Development the Case of Zen Cart Application\",\"authors\":\"L. B. Othmane, Azmat Ali\",\"doi\":\"10.1109/ARES.2016.86\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Incremental software development methods, such as Scrum embrace code changes to meet changing customer requirements. However, changing the code of a given software invalidates the security assurance of the software. Thus, each new version of a given software requires a new full security assessment. This paper investigates the impact of incremental development of software on their security assurances using the e-commerce software Zen Cart as a case study. It also describes a prototype we are developing to design security assurance cases and trace the impact of code changes on the security assurance of the given software. A security assurance case shows how a claim, such as \\\"The system is acceptably secure\\\" is supported by objective evidence.\",\"PeriodicalId\":216417,\"journal\":{\"name\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"volume\":\"93 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2016.86\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th International Conference on Availability, Reliability and Security (ARES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2016.86","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

增量式软件开发方法，比如Scrum，采用代码变更来满足不断变化的客户需求。但是，更改给定软件的代码会使软件的安全保证失效。因此，给定软件的每个新版本都需要一个新的完整的安全评估。本文以电子商务软件Zen Cart为例，研究了软件增量开发对其安全保障的影响。它还描述了我们正在开发的一个原型，用于设计安全保证用例，并跟踪代码更改对给定软件的安全保证的影响。安全保证案例显示了诸如“系统是可接受的安全”之类的索赔如何得到客观证据的支持。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Towards Effective Security Assurance for Incremental Software Development the Case of Zen Cart Application

Incremental software development methods, such as Scrum embrace code changes to meet changing customer requirements. However, changing the code of a given software invalidates the security assurance of the software. Thus, each new version of a given software requires a new full security assessment. This paper investigates the impact of incremental development of software on their security assurances using the e-commerce software Zen Cart as a case study. It also describes a prototype we are developing to design security assurance cases and trace the impact of code changes on the security assurance of the given software. A security assurance case shows how a claim, such as "The system is acceptably secure" is supported by objective evidence.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 11th International Conference on Availability, Reliability and Security (ARES)

自引率

0.00%

发文量