Abstract
This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree. However, the application of the proposed evaluation method is limited by several constraints. The authors discuss these constraints and show how traditional certification schemes could be extended to better support modern industrial software development processes.
| Original language | English |
|---|---|
| Pages (from-to) | 47 |
| Number of pages | 29 |
| Journal | International Journal of Secure Software Engineering |
| Volume | 6 |
| Issue number | 1 |
| DOIs | |
| Publication status | Published - 2015 |
Fingerprint
Cite this
Balancing Product and Process Assurance for Evolving Security Systems. / Raschke, Wolfgang; Zilli, Massimiliano; Baumgartner, Philipp; Loinig, Johannes; Steger, Christian; Kreiner, Christian Josef.
In: International Journal of Secure Software Engineering, Vol. 6, No. 1, 2015, p. 47.Research output: Contribution to journal › Article › Research › peer-review
}
TY - JOUR
T1 - Balancing Product and Process Assurance for Evolving Security Systems
AU - Raschke, Wolfgang
AU - Zilli, Massimiliano
AU - Baumgartner, Philipp
AU - Loinig, Johannes
AU - Steger, Christian
AU - Kreiner, Christian Josef
PY - 2015
Y1 - 2015
N2 - At present, security-related engineering usually requires a big up-front design (BUFD) regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In today’s volatile markets customers want to be able to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash between traditional security design and evaluation processes. In this paper, the authors propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree. However, the application of the proposed evaluation method is limited by several constraints. The authors discuss these constraints and show how traditional certification schemes could be extended to better support modern industrial software development processes.
AB - At present, security-related engineering usually requires a big up-front design (BUFD) regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In today’s volatile markets customers want to be able to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash between traditional security design and evaluation processes. In this paper, the authors propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree. However, the application of the proposed evaluation method is limited by several constraints. The authors discuss these constraints and show how traditional certification schemes could be extended to better support modern industrial software development processes.
U2 - 10.4018/ijsse.2015010103
DO - 10.4018/ijsse.2015010103
M3 - Article
VL - 6
SP - 47
JO - International Journal of Secure Software Engineering
JF - International Journal of Secure Software Engineering
SN - 1947-3036
IS - 1
ER -