Simplifying development of secure software : Aspects and Agile methods

Abstract: Reducing the complexity of building secure software systems is an important goal as increased complexity can lead to more security flaws. This thesis aims at helping to reduce this complexity by investigating new programming techniques and software development methods for implementing secure software. We provide case studies on the use and effects of applying Aspect-oriented software development to Confidentiality, Access Control and Quality of Service implementation. We also investigate how eXtreme Programming can be used for simplifying the secure software development process by comparing it to the security engineering standards Common Criteria and the Systems Security Engineering Capability Maturity Model. We also explore the relationship between Aspect-oriented programming and Agile software development methods, such as eXtreme Programming.