VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices

Eduard Paul Enoiu; Dragos Truscan; Sadovykh Andrey; Wissam Mallouli

doi:10.1145/3600160.3605054

VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices

Eduard Paul Enoiu, Dragos Truscan, Sadovykh Andrey, Wissam Mallouli

Informaatioteknologia

Tutkimustuotos: Artikkeli kirjassa/raportissa/konferenssijulkaisussa › Konferenssiartikkeli › Tieteellinen › vertaisarvioitu

1 Sitaatiot (Scopus)

110 Lataukset (Pure)

Abstrakti

VeriDevOps offers a methodology and a set of integrated mechanisms that significantly improve automation in DevOps to protect systems at operations time and prevent security issues at development time by (1) specifying security requirements, (2) generating trace monitors, (3) locating root causes of vulnerabilities, and (4) identifying security flaws in code and designs. This paper presents a methodology that enhances productivity and enables the continuous integration/delivery of trustworthy systems. We outline the methodology, its application to relevant scenarios, and offer recommendations for engineers and managers adopting the VeriDevOps approach. Practitioners applying the VeriDevOps methodology should include security modeling in the DevOps process, integrate security verification throughout all stages, utilize automated test generation tools for security requirements, and implement a comprehensive security monitoring system, with regular review and update procedures to maintain relevance and effectiveness.

Alkuperäiskieli	Englanti
Otsikko	ARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings
Kustantaja	ACM
Sivut	1-9
ISBN (elektroninen)	9798400707728
ISBN (painettu)	979-8-4007-0772-8
DOI - pysyväislinkit	https://doi.org/10.1145/3600160.3605054
Tila	Julkaistu - 29 elok. 2023
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisuussa
Tapahtuma	ARES 2023: The 18th International Conference on Availability, Reliability and Security - Kesto: 29 elok. 2023 → 1 syysk. 2023

Julkaisusarja

Nimi	ACM International Conference Proceeding Series

Konferenssi

Konferenssi	ARES 2023: The 18th International Conference on Availability, Reliability and Security
Ajanjakso	29/08/23 → 01/09/23

Pääsy asiakirjaan

10.1145/3600160.3605054Lisenssi: CC BY

STAM23-AuthorVersionHyväksytty kirjoittajan käsikirjoitus, 1,35 MBLisenssi: CC BY

https://urn.fi/URN:NBN:fi-fe20231110144580

VeriDevOps: Automated Protection and Prevention to Meet Security Requirements in DevOps Environments
Truscan, D. (Vastuullinen tutkija), Porres Paltor, I. (CoPI), Ashraf, A. (Vastuullinen tutkija), Ahmad, T. (CoI), Chariyarupadannayil Sudheerbabu, G. (CoI) & Chapagain, S. (Vastuullinen tutkija)
EU Horizon 2020
01/10/20 → 31/01/24
Projekti: EU

Viittausmuodot

Enoiu, E. P., Truscan, D., Andrey, S., & Mallouli, W. (2023). VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices. teoksessa ARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings (Sivut 1-9). Artikkeli 135 (ACM International Conference Proceeding Series). ACM. https://doi.org/10.1145/3600160.3605054

@inproceedings{c016f13ced5f49528dbc3260db67e72f,

title = "VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices",

abstract = "VeriDevOps offers a methodology and a set of integrated mechanisms that significantly improve automation in DevOps to protect systems at operations time and prevent security issues at development time by (1) specifying security requirements, (2) generating trace monitors, (3) locating root causes of vulnerabilities, and (4) identifying security flaws in code and designs. This paper presents a methodology that enhances productivity and enables the continuous integration/delivery of trustworthy systems. We outline the methodology, its application to relevant scenarios, and offer recommendations for engineers and managers adopting the VeriDevOps approach. Practitioners applying the VeriDevOps methodology should include security modeling in the DevOps process, integrate security verification throughout all stages, utilize automated test generation tools for security requirements, and implement a comprehensive security monitoring system, with regular review and update procedures to maintain relevance and effectiveness.",

keywords = "security, verification, DevOps, monitoring, testing",

author = "Enoiu, {Eduard Paul} and Dragos Truscan and Sadovykh Andrey and Wissam Mallouli",

year = "2023",

month = aug,

day = "29",

doi = "10.1145/3600160.3605054",

language = "English",

isbn = "979-8-4007-0772-8",

series = "ACM International Conference Proceeding Series",

publisher = "ACM",

pages = "1--9",

booktitle = "ARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings",

address = "United States",

note = "ARES 2023: The 18th International Conference on Availability, Reliability and Security ; Conference date: 29-08-2023 Through 01-09-2023",

}

Enoiu, EP, Truscan, D, Andrey, S & Mallouli, W 2023, VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices. julkaisussa ARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings., 135, ACM International Conference Proceeding Series, ACM, Sivut 1-9, ARES 2023: The 18th International Conference on Availability, Reliability and Security, 29/08/23. https://doi.org/10.1145/3600160.3605054

VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices. / Enoiu, Eduard Paul; Truscan, Dragos; Andrey, Sadovykh et al.
ARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings. ACM, 2023. s. 1-9 135 (ACM International Conference Proceeding Series).

Tutkimustuotos: Artikkeli kirjassa/raportissa/konferenssijulkaisussa › Konferenssiartikkeli › Tieteellinen › vertaisarvioitu

TY - GEN

T1 - VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices

AU - Enoiu, Eduard Paul

AU - Truscan, Dragos

AU - Andrey, Sadovykh

AU - Mallouli, Wissam

PY - 2023/8/29

Y1 - 2023/8/29

N2 - VeriDevOps offers a methodology and a set of integrated mechanisms that significantly improve automation in DevOps to protect systems at operations time and prevent security issues at development time by (1) specifying security requirements, (2) generating trace monitors, (3) locating root causes of vulnerabilities, and (4) identifying security flaws in code and designs. This paper presents a methodology that enhances productivity and enables the continuous integration/delivery of trustworthy systems. We outline the methodology, its application to relevant scenarios, and offer recommendations for engineers and managers adopting the VeriDevOps approach. Practitioners applying the VeriDevOps methodology should include security modeling in the DevOps process, integrate security verification throughout all stages, utilize automated test generation tools for security requirements, and implement a comprehensive security monitoring system, with regular review and update procedures to maintain relevance and effectiveness.

AB - VeriDevOps offers a methodology and a set of integrated mechanisms that significantly improve automation in DevOps to protect systems at operations time and prevent security issues at development time by (1) specifying security requirements, (2) generating trace monitors, (3) locating root causes of vulnerabilities, and (4) identifying security flaws in code and designs. This paper presents a methodology that enhances productivity and enables the continuous integration/delivery of trustworthy systems. We outline the methodology, its application to relevant scenarios, and offer recommendations for engineers and managers adopting the VeriDevOps approach. Practitioners applying the VeriDevOps methodology should include security modeling in the DevOps process, integrate security verification throughout all stages, utilize automated test generation tools for security requirements, and implement a comprehensive security monitoring system, with regular review and update procedures to maintain relevance and effectiveness.

KW - security

KW - verification

KW - DevOps

KW - monitoring

KW - testing

U2 - 10.1145/3600160.3605054

DO - 10.1145/3600160.3605054

M3 - Conference contribution

SN - 979-8-4007-0772-8

T3 - ACM International Conference Proceeding Series

SP - 1

EP - 9

BT - ARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings

PB - ACM

T2 - ARES 2023: The 18th International Conference on Availability, Reliability and Security

Y2 - 29 August 2023 through 1 September 2023

ER -

VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices

Abstrakti

Julkaisusarja

Konferenssi

Pääsy asiakirjaan

Sormenjälki

Projektit

VeriDevOps: Automated Protection and Prevention to Meet Security Requirements in DevOps Environments

Viittausmuodot