Title :
Supporting evolving security models for an agile security evaluation
Author :
Raschke, Wolfgang ; Zilli, Massimiliano ; Baumgartner, Philip ; Loinig, Johannes ; Steger, Christian ; Kreiner, Christian
Author_Institution :
Inst. for Tech. Inf., Graz Univ. of Technol., Graz, Austria
Abstract :
At present, security-related engineering usually requires a big up-front design (BUFD) regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In today´s volatile markets customers want to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash with traditional security design and evaluation processes. In this paper, we propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree.
Keywords :
formal verification; security of data; software prototyping; BUFD; agile security evaluation method; big up-front design; change detection analysis; common criteria standard; model-based security requirements; security design; security evaluation process; security-related engineering; software design; software development process; volatile markets; Biological system modeling; Computational modeling; Documentation; Engines; Security; Software; Standards;
Conference_Titel :
Evolving Security and Privacy Requirements Engineering (ESPRE), 2014 IEEE 1st Workshop on
Conference_Location :
Karlskrona
DOI :
10.1109/ESPRE.2014.6890525
