Design of FAHP based Security Framework under Agile Software Development
Keywords:
Software security, Agile software development, Analytic Hierarchy Process (AHP), Fuzzy AHPAbstract
Software security is becoming complex under projects development phase. It has challenges for assessment of security type and level with cost-effective solutions. Agile Software Development (ASD) is significantly associated with self-management. Thus, product development team and the owners expects to manage security prioritization. This paper is addressing a framework that influences the priority given to security under Agile Software Development through support & interactions of teams rather than fixed priorities and activities. To perform this task effectively it is desired to understand the factors that supports or hinders in decision of prioritizing the security. Based on the deep study of vast number of literature an insight of strategy applied for influencing the priority of security by security professional is framed under environment of agile software development process. The result are helpful in influencing the process of finding factors under priority during security framework design using approach of Fuzzy Analytic Hierarchy Process (FAHP) that helps to understand the key features for security system design.
Downloads
References
F. Moyon, K. Beckers, S. Klepper, P. Lachberger, and B. Bruegge,“Towards continuous security compliance in agile software development at scale,” in 4th International Workshop RCoSE. Sweden: ACM, 2018.
J. Wayrynen, M. Bod ¨ en, and G. Bostr ´ om, “Security Engineering and ¨ eXtreme Programming: An Impossible Marriage?” in Extreme Programming and Agile Methods-XP/Agile Universe. Germany: Springer, 2004.
K. Rindell, S. Hyrynsalmi, and V. Leppanen, “A comparison of security ¨ assurance support of agile software development methods,” in Proceedings of the 16th International on CompSysTech. Ireland: ACM, 2015.
K. Rindell, S. Hyrynsalmi, and V. Leppanen, “Case Study of Security Development in an Agile Environment: Building Identity Management for a Government Agency,” in 11th ARES. Austria: IEEE, 2016.
S. Dannart, F. Moy ¨ on, and K. Beckers, “An Assessment Model for ´ Continuous Security Compliance in Large Scale Agile Environments: Exploratory Paper,” in Advanced Information Systems Engineering. Switzerland: Springer, 2019.
Tondel, I.A., Cruzes, D.S., Jaatun, M.G., 2020a. Achieving" Good Enough" software security: the role of objectivity. In: EASE ’20: Proceedings of the Evaluation and Assessment in Software Engineering, pp. 360–365. doi:10.1145/3383219. 3383267.
K. Beck, M. Beedle, A. Van Bennekum, A. Cockburn, W. Cunningham, M. Fowler, J. Grenning, J. Highsmith, A. Hunt, R. Jeffries (2001) Manifesto for agile software development. https://agilemanifesto.org/
Blaine, J.D., Cleland-Huang, J., 2008. Software quality requirements: how to balance competing priorities. IEEE Softw. 25 (2), 22–24. doi:10.1109/MS.2008.46.
S. Türpe, A. Poller (2017) Managing security work in scrum: tensions and challenges. SecSE@ ESORICS 2017:34–49.
Inayat, I., Salim, S.S., Marczak, S., Daneva, M., Shamshirband, S., 2015. A systematic literature review on agile requirements engineering practices and challenges. Comput. Hum. Behav. 51, 915–929. doi:10.1016/j.chb.2014.10.046.
Oueslati, H., Rahman, M.M., Lb, O., 2015. Literature Review of the challenges of developing secure software using the agile approach. In: Proceedings of the 10th International Conference on Availability, Reliability and Security, pp. 540–547. doi:10.1109/ares.2015.69 24-27 Aug. 2015.
Khaim, R., Naz, S., Abbas, F., Iqbal, N., Hamayun, M., 2016. A review of security integration technique in agile software development. Int. J. Softw. Eng. Appl. 7, 49–68 IJSEA3.
Alsaqaf, W., Daneva, M., Wieringa, R., 2019. Quality requirements challenges in the context of large-scale distributed agile: an empirical study. Inf. Softw. Technol.110, 39–55. doi:10.1016/j.infsof.2019.01.009
Behutiye, W., Karhapää, P., López, L., Burgués, X., Martínez-Fernández, S., Vollmer, A.M., Rodríguez, P., Franch, X., Oivo, M., 2020. Management of quality requirements in agile and rapid software development: a systematic mapping study. Inf. Softw. Technol. 123, 106225. doi:10.1016/j.infsof.2019.106225.
Jarzebowicz, ˛ A., Weichbroth, P., Przybyłek, A., Miler, J., Poth, A., Riel, A., 2021. A Systematic literature review on implementing non-functional requirements in agile software development: issues and facilitating practices. In: Lean and Agile Software Development, LASD 2021, 408. Springer, Cham, pp. 91–110. doi:10.1007/ 978-3-030-67084-9_6.
Rindell, K., Hyrynsalmi, S., Leppänen, V., 2017. Busting a myth: review of agile security engineering methods. In: ARES ’17: Proceedings of the 12th International Conference on Availability, Reliability and Security, pp. 1–10. doi:10.1145/ 3098954.3103170.
Schwaber, K., 2004. Agile Project Management with Scrum. Microsoft press.
Williams, L., Meneely, A., Shipley, G., 2010. Protection poker: the new software security "Game". IEEE Secur. Priv. 14–20. doi:10.1109/msp.2010.58, 8.3.
Pohl, C., Hof, H.J., 2015. Secure scrum: development of secure software with scrum. arXiv Prepr. arXiv:1507.02992.
Koç, G., Aydos, M., 2017. Trustworthy scrum: development of secure software with scrum. In: Proceedings of the International Conference on Computer Science and Engineering (UBMK), IEEE.
Baldassarre, M.T., Barletta, V.S., Caivano, D., Piccinno, A., 2021. Integrating Security and Privacy in HCD-Scrum. In: Proceedings of the 14th Biannual Conference of the Italian SIGCHI Chapter. Bolzano, Italy, p. 37. doi:10.1145/3464385.3464746.
Weir, C., Rashid, A., Noble, J., 2020b. Challenging software developers: dialectic as a foundation for security assurance techniques. J. Cybersecur. 6 (1). doi:10.1093/ cybsec/tyaa007.
Siddiqui, Z. A., & Haroon, M. (2023). Research on significant factors affecting adoption of blockchain technology for enterprise distributed applications based on integrated MCDM FCEM-MULTIMOORA-FG method. Engineering Applications of Artificial Intelligence, 118, 105699.
Khan, M., &Haroon, M. (2023, August). Artificial Neural Network-based Intrusion Detection in Cloud Computing using CSE-CIC-IDS2018 Datasets. In 2023 3rd Asian Conference on Innovation in Technology (ASIANCON) (pp. 1-4). IEEE.
Siddiqui, Z. A., &Haroon, M. (2023). Research on significant factors affecting adoption of blockchain technology for enterprise distributed applications based on integrated MCDM FCEM-MULTIMOORA-FG method. Engineering Applications of Artificial Intelligence, 118, 105699.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
