International Journal of Engineering Trends and Technology (IJETT) – Volume17 Number 10–Nov 2014
Dependable Privacy Requirements for Agile Security Architecture
Model
M. Upendra Kumar
Associate Professor CSE MGIT Hyderabad India
ideology of having a stable architecture, which can be useful
for adaptability, reusability by refactoring, upon each
iterations and increments. Agile modeling also encourages
assembly of existing components and reuses them which are
already available instead of every time building components
for each iteration from the scratch. Agile software
development produces less documentation and also as success
rate of project is high, it has less maintenance work. Agile
development suggests tailor the methodology they are using
1 INTRODUCTION
on either daily operational basis or weekly bases for changing
1 DEPENDABLE AGILE PRIVACY SECURITY requirements management.
Agile Security Privacy Requirements
REQUIREMENTS
Agile Security Privacy requirements methodology for
Agile development supports change management (for
requirements, security requirements, privacy requirements), integration of security at design phase in iteration I will lead
having many iterations which are incremental, updated upon to knowledge of hidden security requirements for iteration I +
each iteration better in the successive iteration. In an agile 1. The methodology needs to be adaptive and simple to
project validated various strategies are supported such as implement tools utilization in all the phases of development
stable architectures, Tools utilization, reusable components etc. (like requirements, analysis, architecture design coding
salient features of Agile Privacy Security Requirements implementation, and finally testing). Also it needs to support
changing security requirements accommodation at successive
Elicitation process are:
More engagement of customer: Customers are involved in increments and iterations. Subject in security means a user or
project at each phase, for having fast accurate requirements system which accesses an object. Object in security means it
elicitation. Advantages here include customer satisfaction, can be anything which is a asset having data which may be
better requirements enhanced at new release. Accommodation compromised. Authentication and authorization (using access
of Changing requirements: Any changing requirements even control) of subjects and objects, subjects on objects needs to
if they arise late in the project life cycle, developers can easily be designed. Authentication of subject for objects also needs
accommodate in the software in the next iteration as to be designed. Risk identification, risk assessment, and risk
increment.
Pair of Customers and developers: Both management (an attribute of dependability) and privacy
customers and developers should work as a team and have to management needs to be designed. The phases involved in
build upon earlier successful experience. Hence people agile security privacy requirements are agile requirements
involved in agile process should have commitment, courage, phase, design phase, implementation phase and testing phase.
In the requirements analysis phase, first identify the
intelligence and domain knowledge. Good teamwork and
development: Team of programmers and customers as pair security intensive objects, security intensive objects, security
choosing a correct agile process, with adequate knowledge categorization of these security subjects and objects
and experienced work experience, should collaborate as a dependencies and perform the risk identification, risk
assessment and risk mitigation. In the design phase, proper
team for effectiveness and efficiency.
care needs to be taken to include all the earlier phase security
Also Agile Principles strongly advocate:
Parallel concurrent development: Iterations can be done in requirements are included for design. Design is made based on
parallel, for design, development, security (one attribute of the earlier use cases specifying both functional and non
quality assurance) even though sequentially based on earlier functional requirements, UML model diagrams and applies
releases. In this approach it may be a case where even coding appropriate risk management on these assets of subjects and
gets started before all requirements are elicited. More releases objects. In the implementation phase, all the desired security
delivery: Releases delivers new features and new fixes, hence mechanisms specified in the security policy needs to be
it encourages changing requirements in between two implemented with all the security features. Threat modeling
successive releases. Tools development: programmers saves needs to be done. In the testing phase test all the security
any waste of time by repeating development tools, by not implementations are working as desired.
developing them as those tool features are already built by
others. Customers are involved more in the agile development. 2 DEPENDABLE PRIVACY MANAGEMENT FOR
This ensures high customer satisfaction and changing NGSWEA WEB 2.0 SERVICES
Privacy management is one of the attributes of
requirements elicitation is accurate, efficient and effective.
Agile software development now a day is proposing the dependability, as user‟s privacy concerns needs to be
Abstract - In this Paper , Dependability (Privacy
Requirements) for Agile Modelled Layered Security
Architectures is discussed. This is validated on case study of
Web 2.0 Services Privacy Management. Finally validation
for Secure Web Engineering using Agile Modelled Layered
Security Architecture Solutions is discussed.
Keywords — Dependability, Privacy, Security Requirements,
Agile Modelling, Security Architecture.
ISSN: 2231-5381
http://www.ijettjournal.org
Page 511
International Journal of Engineering Trends and Technology (IJETT) – Volume17 Number 10–Nov 2014
maintained by applications in terms of non disclosure of
customer‟s private information to public. For Web 2.0
services privacy management, Patlet 5.1 provides adding of
policy header and Patlet 5.2 provides Policy tailor for Privacy
requirements.
PATLET 1 ADD POLICY HEADER FOR PRIVACY
REQUIREMENTS FOR WEB 2.0 SERVCIES
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0
Transitional//EN">
<html>
<head>
<meta http-equiv=‟P3P‟ content=
„policyref=https://www.sites.google.com/site/upendracsemgi
t.htm”, CP=”NOI DSP COR NID CURa OUR NOR NAV
INT TST”‟
name=vs_targetSchema
content="http://schemas.microsoft.com/intellisense/ie5">
<title>Privacy Demonstration</title> <script>
Fig 1 Privacy Demonstration
PATLET 2 POLICY TRAILOR FOR PRIVACY
REQUIREMENTS FOR WEB 2.0 SERVCIES
<h1 align="center">Privacy Demonstration</h1>
<label id="Input"><span style="TEXT-DECORATION:
underline">
U</span>ser Name:< /label>
<input id="InputVal" type=text value="Dr.D.Sravan Kumar"
name="InputVal" accesskey="U" title="Type your name."
autocomplete=off/><p/>
<input id="SaveCookie" type=button accesskey="S"
value="Save Cookie" onclick="SetCookie()"
name="SaveCookie" title="Click or press Alt+S to save the
cookie."/>
<input id="ReadCookie" type=button accesskey="R"
value="Read Cookie" onclick="ReadCookie()"
name="ReadCookie" title="Click or press Alt+R to read the
cookie."/> </body> </html>
Fig 2 Save Cookie option
Figure 1 provides execution screen shot of Privacy
Demonstration of web 2.0 services. Figure 2 provides
execution screen shot of Save Cookie option and Figure 3
provides execution screen shot of Read Cookie option.
Fig 3 Read Cookie option
Figure 4 provides Class Diagram of the web 2.0 services
privacy application. This application module will be extended
in paper 6 for Secure Stock Market application. Here the
classes are Customer, Manager, Broker and Auditor.
Customer is associated with manager and auditor to perform
various stock market operations. Broker is associated with
auditor to perform auditing of shares information.
ISSN: 2231-5381
http://www.ijettjournal.org
Page 512
International Journal of Engineering Trends and Technology (IJETT) – Volume17 Number 10–Nov 2014
Figure 5 Development Process for Web based Systems
Table 1 provides Program Logic for Secure Web
Engineering Application.
Table 1 PROGRAM LOGIC FOR SECURE WEB
ENGINEERING APPLICATION
Fig.4 Class diagram of the web 2.0 services privacy
application
3 SECURE WEB ENGINEERING USING PROPOSED
AGILE
SECURITY MODEL
The Proposed Agile security model for dependable
privacy requirements can be extended to secure web
engineering. Figure 5.5 provides the process of Web
Engineering process design. The focus is on project
management, documentation, quality control. The phases
involved are Context Analysis ( The Domain of the usage of
this Web Application, the Product Model how the product is
publicized to the customers), The process model (used by the
Web Application like Agile Modeling), Project Plan, Web site
Development using Web Technologies and Web Site
Maintenance Strategy.
Input: Web Application URL
Begin
Input URL
Extract list_of_pages using WebSiteExtractor (URL)
SiteMap = PowerMapper(URL)
PageCount = count(list_of_pages)
Web log = WeblogExpert(URL)
Store SiteMap into WEBApp_STRUCTURE
For i = 1 to PageCount do
Begin
Identify errors(i) using WebPageValidator(i)
Store errors(i) into WEBSITE-ERRORS
Page_Dt(i) = webPageAnalyzer(i)
Broken_Link(i) = LinkChecker(i)
Extract web objects(i) using WebSiteExtractor
Store web objects(i) into WEB_COMPONENTS
Store Page_Dt(i) into WEBOBJECTS_DT
End
End
Output: Web Application errors, web Application structure,
web objects, web log data
Figure 7 provides execution screen shot of Web site
Extractor. It extracts all the components of web Application. It
accepts Web Application address & produces URL addresses
of all Web pages.
ISSN: 2231-5381
http://www.ijettjournal.org
Page 513
International Journal of Engineering Trends and Technology (IJETT) – Volume17 Number 10–Nov 2014
Fig 10 Web log details
Fig 7 Website Extractor
Figure 8 provides Execution screen shot of Web Page
Analyzer. It lists the number of objects available in each web
page, size of Web page, type and required time for
downloading.
4 SUMMARY AND CONCLUSION
In this paper , Dependability (Privacy Requirements) for
Agile Modeled Layered Security Architectures is discussed.
This is validated on case study of Web 2.0 Services Privacy
Management. Finally validation for Secure Web Engineering
using Agile Modeled Layered Security Architecture Solutions
is discussed. In the next paper, putting it all together, a
detailed case study for Next Generation Secure Web
Engineering Application, Secure Stock Market Web
Engineering Application, using Agile Modeled Layered
Security Architecture for Dependable Privacy Security
Requirements.
REFERENCES
1.
2.
Fig 8 Web Page Analyzer
Figure 9 provides Execution screen shot of Web site Errors. 3.
It identifies and display the errors related to pages of HTML 4.
tags. It checks the Web page related to errors in HTML tags,
properties of Web page and web page standards specified by
5.
W3C.
6.
7.
8.
9.
10.
Barry Boehm, Richard Turner “Using Risk to Balance Agile and Plan
Driven Methods” IEEE June 2003, PP. 57-66.
Richard Bhaskarville, “Agile Security for Information warfare - A call
for Research”, ECIS 2004, PP. 1-6.
Florian Roeser, “Can Software security be successfully implemented in
agile software development? A systematic literature review”, PP. 1-12.
M. Siponen, R. Baserville, T. Kuivalainen, “Extending Security in
Agile Software Development Methods”, Idea Group USA, ISBN 159904-147-2, PP. 143-157.
Ahmed alnatheer, Andrew M.Gravell and David Argles “Agile
Security Issues: A Research Study”, PP 1-8
Amit Joyal, Umesh Kumar Tiwan, Lata nautiyal, Shashidhar
G.Koolagudi, “Agile Plus – Comprehensive model for software
development”, International Journal of Computer Technology &
Applications, Vol 3(4), PP. 1378-1383.
Hossein keramati, Seyed-Hassan Mirian-Hosseinabadi, “Integrating
Software Development Security Activities with Agile Methodologies”,
IEEE AICCSA 2008, PP. 749 - 754.
Jeff Laswowski, “Agile IT Security Implementation Methodology”,
Packt Publishing, UK 2011, ISBN 978-1-84968-570-2, PP. 44.
Dejan Baca, “Developing Secure Software – in an Agile Process”,
Doctoral Dissertation, Blekinge Institute of Technology, Sweden. 2012,
ISBN 978-91-7295-229-4, PP. 1-156.
Valter vasid and Miljenko mikue, “Security agility solution
independent of the underlying protocol architecture”, AT 2012, PP. 112.
Fig 9 Website Errors
Figure 10 provides Execution screen shot of Web Log
Expert. It finds the activity information, access time, user,
owner general statistics with log details.
ISSN: 2231-5381
http://www.ijettjournal.org
Page 514