Modeling continuous security: A conceptual model for automated DevSecOps using open-source software over cloud (ADOC)

Kumar, Rakesh; Goyal, Rinkaj

doi:10.1016/j.cose.2020.101967

Cited by 48 publications

(27 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In contrast, DevSecOps is a conscious effort to swift the security considerations towards the development pipeline, to address adequately and timely any security considerations. Specifically, in [30] DevSecOps is defined as DevOps embedded with security controls, aiming to provide continuous security assurance in all stages of the workflow. Hence, a set of additional secure rules to aid organizations to implant security deep in their DevOps development and operations processes is composing the DevSecOps [34].…”

Section: Software Design Approachesmentioning

confidence: 99%

“…The DevOps practices are organized as follows: Continuous Planning, Continuous Integration, Continuous Delivery, Continuous Deployment, Continuous Operation and Continuous Feedback ( [4,30]):…”

Section: Devops In Iotmentioning

confidence: 99%

“…DevSecOps principles are broadly covered in [5], and also agreed in [30], and can be captured using the following key-phrases: "Shift-security left", "Security by Design", Culture, Automation, Metrics, Security as Code, Infrastructure as Code, Compliance as Code, and Adaptative security. In that sense, DevSecOps application in NG-IoT architectures has the potential to contribute in reducing and mitigating threats during software delivery in IoT deployments, while helping guarantee secure operation by applying its most relevant principles such as: shift-security left, and security-by-design.…”

Section: From Devops To Devsecopsmentioning

confidence: 99%

“…The short concept-to-market and development-to-production times, altogether with strong software dependencies between different components of the architecture, force NG-IoT teams to work in distributed environments. The ASSIST-IoT project proposes a DevSecOps methodology for NG-IoT, which is based on two fundamental pillars [30]:…”

Section: Assist-iot Devsecops Approach and Essential Toolsmentioning

confidence: 99%

See 3 more Smart Citations

Devsecops Methodology for Ng-Iot Ecosystem Development Lifecycle – Assist-Iot Perspective

Paprzycki¹,

Ganzha²,

Wasielewska³

et al. 2021

JCC

View full text Add to dashboard Cite

Current software projects require continuous integration during their whole lifetime. In this context, different approaches regarding introduction of DevOps and DevSecOps strategies have been proposed in the literature. While DevOps proposes an agile methodology for the development and instantiation of software platforms with minimal impact in any kind of operations environment, this contribution proposes the introduction of DevOps methodology for Next Generation IoT deployments. Moreover, novelty of the proposed approach lies in leveraging DevSecOps in different stages and layers of the architecture. In particular, the present work describes the different DevSecOps methodology tasks, and how the security is included on pre-design activities such as planning, creation or adaptation, the design and implementation, as well as on post-implementation activities such as detection, response. Without proper consideration of security and privacy best practices identified in this article, the continuous delivery of services using DevOps methodologies may create risks and introduce different vulnerabilities for Next Generation IoT deployments.

show abstract

Section: Software Design Approachesmentioning

confidence: 99%

Section: Devops In Iotmentioning

confidence: 99%

Section: From Devops To Devsecopsmentioning

confidence: 99%

Section: Assist-iot Devsecops Approach and Essential Toolsmentioning

confidence: 99%

See 2 more Smart Citations

Devsecops Methodology for Ng-Iot Ecosystem Development Lifecycle – Assist-Iot Perspective

Paprzycki¹,

Ganzha²,

Wasielewska³

et al. 2021

JCC

View full text Add to dashboard Cite

show abstract

“…DevSecOps or SecDevOps are the terms associated with Secured DevOps. The continuous security model was proposed in (Rakesh Kumar and Rinkaj Goyal 2020), which used opensource software over the cloud to provide security throughout the product development. The security practices used in DevOps (Rahman et al, 2016) are 1)Automation Activities includes automated testing, monitoring, code review, software-defined firewall and software licensing 2)Collaboration means increasing collaboration between development and security teams 3) Nonautomated security activities are Security requirements analysis, performing security configurations, performing security policies, design review, input validation, risk analysis, etc.…”

Section: Securitymentioning

confidence: 99%

DevOPS Now and Then

Singh¹

2020

Preprint

View full text Add to dashboard Cite

DevOps is an emerging practice to be followed in the Software Development life cycle. The name DevOps indicates that it’s an integration of the Development and Operation team. It is followed to integrate the various stages of the development cycle. DevOps is an extended version of the existing Agile method. DevOps aims at continuous integration, Continuous Delivery, Continuous Improvement, faster feedback and security. This paper reviews the building blocks of DevOps, challenges in adopting DevOps, Models to improve DevOps practices and Future works on DevOps

show abstract