Xiaocheng Ge

Agile development of secure web applications

A secure system is one that is protected against specific undesired outcomes.Delivering a secure system, and particularly a secure web application, is not easy.Integrating general-purpose information systems development methods withsecurity development activities could be a useful means to surmount thesedifficulties Agile processes, such as Extreme Programming, are of increasing interest insoftware development. Most significantly for web applications, agile processesencourage and embrace requirements change, which is a desirable characteristicfor web application development.In this paper, we present an agile process to deliver secure web applications.The contribution of the research is not the development of a new method or processthat addresses security concerns. Rather, we investigate general-purpose informationsystemdevelopment methods (e.g., Feature-Driven Development (FDD)) and mature security methods, namely risk analysis, and integrate them to address the development of secure web applications. The key features of our approach are(1) a process capable of dealing with the key challenges of web applicationsdevelopment, namely decreasing life-cycle times and frequently changing requirements; and (2) an iterative approach to risk analysis that integrates security design throughout the development process.

An Iterative Approach for Development of Safety-Critical Software and Safety Arguments

The benefits ascribed to Agile methods are attractive to software engineers working in the safety-critical software domain. There is limited industrial experience and evidence of successful applications of Agile methods in this domain, however, academic research has identified some of the key challenges of their adoption and application, and has started to present feasibility studies. In this paper, we propose an iterative approach for developing safety-critical software, making two novel contributions. Firstly, we address the notion of up-front design in safety-critical software development, and describe the characteristics fan up-front design that is minimal from the perspective of achieving safety objectives. Secondly, we identify a key difficulty of using iterative development for building safety-critical software, and present a way to develop both a software system and a safety argument iteratively. We also give details of a proof-of-concept example illustrating the use of the approach.

Probabilistic Failure Propagation and Transformation Analysis

A key concern in safety engineering is understanding the overall emergent failure behaviour of a system, i.e., behaviour exhibited by the system that is outside its specification of acceptable behaviour. A system can exhibit failure behaviour in many ways, including that from failures of individual or a small number of components. It is important for safety engineers to understand how system failure behaviour relates to failures exhibited by individual components. In this paper, we propose a safety analysis technique, failure propagation and transformation analysis (FPTA), which automatically and quantitatively analyses failures based on a model of failure logic. The technique integrates previous work on automated failure analysis with probabilistic model checking supported by the PRISM tool. We demonstrate the technique and tool on a small, yet realistic safety-related application.

FPTC: Automated Safety Analysis for Domain-Specific Languages

Critical systems must be shown to be acceptably safe to deploy and use in their environment. The size, scale, heterogeneity, and distributed nature of these increasingly complex systems makes them difficult to verify and analyse. Additionally, domain experts use a variety of languages to model and build their systems. We present an automated safety analysis technique, Fault Propagation and Transformation Analysis, and explain how it can be used for automatically calculating the failure behaviour of an entire system from the failure behaviours of its components. We outline an implementation of the technique in the Epsilon model management platform, allowing it to be used with state-of-the-art model management languages and tools, and making it applicable to a variety of different domain-specific modelling languages.

Extreme programming security practices

Current practice suggests that security is considered through all stages of the software development life cycle, and that a risk-based and plan-driven approach is best suited to establish security criteria. Based on experience in applying security practices, this paper proposes two new security practices, security training and a fundamental security architecture, for applying Extreme Programming.

Towards Agile Engineering of High-Integrity Systems

We describe the results of a pilot study on the application of an agile process to building a high-integrity software system. The challenges in applying an agile process in this domain are outlined, and potential solutions for dealing with issues of communication, scalability, and system complexity are proposed. We report on the safety process, argumentation generated to support the process, and the technology and tools used to strengthen the agile process in terms of support for verification and validation.

Analysing System Failure Behaviours with PRISM

The verification of safety-critical systems using formal techniques is not something new. Traditionally, safety-critical systems are verified using hazard analysis techniques, e.g., fault tree analysis. As safety-critical systems have become larger and more complex, several analysis techniques with compositional capabilities were developed. However, these techniques were not able to analyse stochastic systems. In this paper, we present a model-based compositional safety analysis technique (i.e., failure propagation analysis) and explore the feasibility of integrating this safety analysis technique with techniques of probabilistic model checking, more precisely the PRISM model checker. By doing so, we make it possible to rigorously verify a model while system failure behaviours are quantitatively analysed.

Secure Databases: An Analysis of Clark-Wilson Model in a Database Environment

Information systems are vulnerable to accidental or malicious attacks. Security models for commercial computer systems exist, but information systems security is often ignored or added at or after implementation. The paper explores common security models, and their relevance to databases. It demonstrates how security-relevant concepts can be extracted during a conventional database development.

High-integrity agile processes for the development of safety critical software

Typically, safety critical software systems are developed using plan-driven development processes. Agile processes have evolved to help reduce costs of software development and seek to minimise documentation overheads. For safety critical systems that must undergo certification, documentation is essential. The question this paper addresses is: can a process based on agile principles be used to deliver a safety critical software product, but also the evidence needed to satisfy assurance objectives? The paper makes three contributions. Firstly, it presents an analysis of agile processes and their applicability in this domain. It reviews positive indicators for their use, outlines challenges associated with their deployment and proposes strategies for addressing these challenges. Secondly, it makes a number of recommendations for adapting an agile process to the domain. Finally, the paper reports on an experiment to demonstrate the plausibility of using of an adapted agile process for building a safety critical software system.

Failures of a Business Process in Enterprise Systems

A business process model typically describes a desired flow of events in an ideal environment. However, the reality tends to be more complicated than what is designed in the model. During the execution of business process instances, a lot of exceptions may occur. These exceptions are deviations from the correct, specified sequence of events. Thus it is important to know the behaviours of process instances in the presence of exceptions. The classical approach of incorporating exception analysis in process models has been trying to anticipate beforehand all possible exceptional conditions that might arise and argue the process model with those additional conditions in order to determine the exception handling actions. This approach, however, might be problematic because the identification of all possible exceptions relies on the experience and intuition of the participants.To have a clear understand of the failure behaviour of a business process is equal important, but first of all, it has to be studied what characteristics of failure often have. In this paper, we present the initial findings of our project that targets to the enterprise issues of healthcare systems.