Supporting evolving security models for an agile security evaluation

Author

Raschke, Wolfgang ; Zilli, Massimiliano ; Baumgartner, Philip ; Loinig, Johannes ; Steger, Christian ; Kreiner, Christian

Author_Institution

Inst. for Tech. Inf., Graz Univ. of Technol., Graz, Austria

fYear

2014

fDate

25-25 Aug. 2014

Firstpage

31

Lastpage

36

Abstract

At present, security-related engineering usually requires a big up-front design (BUFD) regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In today´s volatile markets customers want to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash with traditional security design and evaluation processes. In this paper, we propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree.

Keywords

formal verification; security of data; software prototyping; BUFD; agile security evaluation method; big up-front design; change detection analysis; common criteria standard; model-based security requirements; security design; security evaluation process; security-related engineering; software design; software development process; volatile markets; Biological system modeling; Computational modeling; Documentation; Engines; Security; Software; Standards;

fLanguage

English

Publisher

ieee

Conference_Titel

Evolving Security and Privacy Requirements Engineering (ESPRE), 2014 IEEE 1st Workshop on

Conference_Location

Karlskrona

Type

conf

DOI

10.1109/ESPRE.2014.6890525

Filename

6890525