Security Planning and Refactoring in Extreme Programming

  • Emine G. Aydal
  • Richard F. Paige
  • Howard Chivers
  • Phillip J. Brooke
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4044)


Security is a critical part of systems development, particularly for web-based systems. There is little known about how to effectively integrate security into incremental development processes such as Extreme Programming. This paper presents the results of a project that used Extreme Programming practices and deferred consideration of security until system functionality was complete. The findings suggest that refactorings within incremental development processes are capable of delivering high quality security solutions, and provide insights into how security requirements can be incorporated in the planning game.


Security Requirement Security Mechanism Security Feature Estate Agency Security Planning 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aydal, E.G.: Extreme Programming and Refactoring for Building Secure Web-Based Applications and Web-Services, MSc Thesis, University of York, p. 102 (2005),
  2. 2.
    Chivers, H., Paige, R.F., Ge, X.: Agile Security using an Incremental Security Architecture. In: Baumeister, H., Marchesi, M., Holcombe, M. (eds.) XP 2005. LNCS, vol. 3556, Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Fowler, M.: Refactoring. Addison-Wesley, Reading (1999)Google Scholar
  4. 4.
    Beznosov, K., Kruchten, P.: Towards Agile Security Assurance. In: Proc. New Security Paradigms Workshop (2004)Google Scholar
  5. 5.
    Beznosov, K.: Extreme Security Engineering: On Employing XP Practices to Achieve “Good Enough Security” without defining it. In: The First ACM Workshop on business Driven Security Engineering (BizSec). ACM Press, New York (2003)Google Scholar
  6. 6.
    Fowler, M.: Refactoring Home Page (2005),
  7. 7.
    Paige, R.F., Cakic, J., Ge, X., Chivers, H.: Towards Agile Re-Engineering of Dependable Grid Applications. In: Proc. Genie Logiciel & Ingenierie de Systemes et leurs Applications (ICS-SEA 2004), CNAM (2004)Google Scholar
  8. 8.
  9. 9.
    Failure Mode and Affects Analysis,
  10. 10.
    Lippert, M.: Towards a Proper Integration of Large Refactorings in Agile Software Development. University of Hamburg (2004)Google Scholar
  11. 11.
    The Common Criteria, Common Criteria Support Environment (CCSE) (August 1999),
  12. 12.
    Beck, K.: Extreme Programming Explained. Addison-Wesley, Reading (1999)Google Scholar
  13. 13.
    Wäyrynen, J., Bodén, M., Boström, G.: Security Engineering and eXtreme Programming: An Impossible Marriage? In: Zannier, C., Erdogmus, H., Lindstrom, L. (eds.) XP/Agile Universe 2004. LNCS, vol. 3134, pp. 117–128. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Kim, S., Clark, J.A., McDermid, J.A.: Rigorous Generation of Java Mutation Operations using HAZOPs. In: Proc. Genie Logiciel & Ingenierie de Systemes et leurs Applications (ICS-SEA) (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Emine G. Aydal
    • 1
  • Richard F. Paige
    • 1
  • Howard Chivers
    • 2
  • Phillip J. Brooke
    • 3
  1. 1.Department of Computer ScienceUniversity of YorkUK
  2. 2.Department of Information SystemsCranfield UniversityUK
  3. 3.School of ComputingUniversity of TeessideUK

Personalised recommendations