1 / 35

AGILE SOFTWARE DEVELOPMENT SCOPE MANAGEMENT AND SECURITY ASSURANCE

AGILE SOFTWARE DEVELOPMENT SCOPE MANAGEMENT AND SECURITY ASSURANCE. Outline Traditional Software Development (RE) Agile Software Development Applying RE to Agile Development Scope of Software Development Security Assurance in Agile Summary.

zilya
Télécharger la présentation

AGILE SOFTWARE DEVELOPMENT SCOPE MANAGEMENT AND SECURITY ASSURANCE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AGILE SOFTWARE DEVELOPMENT SCOPE MANAGEMENT AND SECURITY ASSURANCE

  2. Outline • Traditional Software Development (RE) • Agile Software Development • Applying RE to Agile Development • Scope of Software Development • Security Assurance in Agile • Summary

  3. Requirements Engineering and Agile Software Development • Traditional Software Development: • It involves Requirements Engineering, • More ordered • Requiring stable requirements

  4. Agile Development Methods • They are less document-centric and more code-oriented. • The major factors are: • Agile methods are adaptive than predictive. • Agile methods are people-oriented than process-oriented.

  5. Common Agile Methods: • Extreme Programming (XP) • Agile Modelling (AM) • Scrum • Crystal Methodologies • Feature Driven Development • Dynamic Systems Development Method • Adaptive Software Development

  6. What’s Agile Development? Characteristics • Iterative lifecycle • Requirements and design emergence • Direct communication • Tacit knowledge Sample methodologies • Crystal • Adaptive Development • Feature-driven Development • Scrum • Lean Software Development • XP

  7. Requirements Engineering: • It involves 5 main activities: • Requirements Elicitation. • Requirements Analysis and Negotiation. • Requirements Documentation. • Requirements Validation. • Requirements Management.

  8. Requirements Elicitation: • Important techniques user here are: • Interviews • Closed • Open • Use Cases/Scenarios • Observation and Social Analysis • Focus Groups • Brainstorming • Prototyping

  9. Requirements Analysis • It checks requirements for: • Consistency • Completeness • Feasibility • Priorities

  10. Techniques in • Requirement Analysis: • Joint Application Development(JAD) • Requirements Prioritization • Modeling

  11. Requirements Documentation • The main aim here is to produce a requirements document. • Used for evaluating subsequent products and processes: • Design • Testing • Verification and Validation

  12. Good Requirements Document: • Unambiguous • Complete • Correct • Understandable • Consistent • Concise • Feasible

  13. Requirements Validation: • To certify that the requirements are acceptable description of the system. • Inputs for Validation are: • Requirements document. • Organizational Standards. • Organizational Knowledge. • Techniques used here are: • Requirements reviews. • Requirements testing.

  14. Requirements Management: • Goal is to capture, store, disseminate and manage information. • It includes all activities dealing with: • Change and Revision Control. • Requirements tracing. • Requirements status tracking.

  15. Applying RE Techniques for Agile Approaches • Customer Involvement • Interviews • Prioritization • JAD Sessions • Modeling

  16. Applying RE Techniques for Agile Approaches (contd…) • Documentation • Validation • Management • Observation and Social Analysis, Brainstorming • Non-functional Requirements.

  17. Scope Management in Software Development • Scope Management in Traditional Software Development • Well Defined Scope • Scope Management in Agile Software Development • Flexible Scope

  18. Agile Development Process

  19. Problem Mismatch between • agile methodologies for software development • conventional methods for security assurance Hard to assure with agile development

  20. Why is addressing the mismatch important? • More security-critical software • Agile methods are there to stay

  21. Contribution • Examine mismatch between security assurance and agile methods. • Classify conventional security assurance practices • according to degree of clash • Suggest ways of alleviating the conflict.

  22. Conventional Security Assurance

  23. Solution(s)? If the mountain will not go to Mahomet, let Mahomet go to the mountain. (proverb) Adapt Assurance Adapt Agility

  24. Examination Results: Assurance relies on third party: • reviews • evaluation • testing

  25. Points of clash • Direct communication and tacit knowledge • Iterative lifecycle • Design refactoring • Testing “philosophy”

  26. (Mis)match Classification • Natural Match • e.g., XP pair programming ♥ internal review & coding standards • Methodology-neutral • e.g., language (e.g., Java, C# vs. C, C++), version control and change tracking • Can be (semi-)automated • e.g., code static analysis, security testing/scanning • Mismatch (≈ 50%) • e.g., external review, analysis, testing, validation change authorization

  27. Alleviating the Mismatch For (semi)-automatable • Increase acceptance through tools • Codify security knowledge in tools • automated fault injection, test generation

  28. For mismatching • Search for new agile-friendly assurance methods • direct communication and tacit knowledge • iterative lifecycle • design refactoring • testing “philosophy” • Intermittent assurance • apply at the first and last iterations • use the results to “align” the development • Have a security engineer (role) involved in all iterations

  29. Future Work: Protection mechanism architectures • Resource access decision (RAD) • Attribute function Multi-channel SSL • End-to-end security with partially trusted proxies • Selective data protection Middleware security Usability of security administration

  30. Summary: • RE is not just confined to traditional development, can also be applied to agile development. • Defining Scope exactly is more important for traditional development than agile development. • Problems with SA in Agile Development: • mismatch between agile development & security assurance • Contributions • Examine (pain points) • Classify assurance methods • Alleviate (tools, knowledge codification, new methods research, intermittent assurance) • Security Assurance in traditional development is easier than in agile development.

  31. References: Konstantin Beznosovand Philippe Kruchten, Towards Agile Security Assurance , Nova Scotia, Canada, 2004 . FraukePaetsch, Dr. Armin Eberlein, Dr. Frank Maurer, Requirements Engineering and Agile Software Development, Infrastructure for Collaborative Enterprises, 2003. Israr Ur Rehman, SajidUllah, AdulRauf, Arshad Ali Shahid, Scope Management in Agile Versus Traditional Software Development Methods, NSEC, 2010.

More Related