SecureDesignAndArchitecture

 Home
who: JohanPeeters

Security is a blind spot in application development. It is typically retrofitted by security professionals tweaking the infrastructure. However, as the network continues to penetrate deeper into homes and professional systems alike, and the voracious appetite for application integration punches more and more holes through traditional, network-based defenses, this approach is faltering. Today's applications must be developed with security in mind.

In so far as agile teams succeed in writing fewer bugs, their software scores better w.r.t. security as there are fewer incidences of unexpected behavior for attackers to exploit. On the other hand, agile processes by themselves will not guarantee security requirements. This session is one of 3 that explores the principles and techniques developed in the security community and investigates whether and how they can be integrated into an agile process. This session focuses on secure application architecture and design.

Planning game (15 min)

Security requirements serve as input for the architecture and design. In this session, the requirements identified in the Security Requirements Engineering session are presented briefly. The organisers provide a fallback set of requirements in case the former session does not take place.

Security requirements are described as a set of abuser stories, labeled with a costed risk. In the initial phase of the session, each abuser story is assigned an effort estimate. Architecture and design effort is assigned according to the principle of minimizing residual risk for a given time budget.

Architecture and design (1h)

The planning game results in a subset of abuser stories being earmarked for further elaboration. In this part of the session, participants are asked to propose a security architecture to mitigate the risks posed by high-priority abuser stories. Subgroup proposals are consolidated in a plenary session.

The following are classic secure design principles:

  • Least Privilege
  • Fail-Safe Defaults
  • Economy of Mechanism
  • Complete Mediation
  • Open Design
  • Separation of Privilege
  • Least Common Mechanism
  • Psychological Acceptability
  • Defense in Depth
  • Question Assumptions
These are therefore touchstones for security architecture proposals.

Evaluation (15min)

In the final part of the workshop, architectural and design practices are reviewed and evaluated.

Recent changes
Search:
Changed on 27/04/2005 by webcache-kotnet-1.kuleuven.ac.be Keep up to date Contact the site administrator: agileopen Verify if layout is correct!