Security Assurance in DevOps Methodologies and Related Environments

• Autorzy: Siewruk Grzegorz , Mazurczyk Wojciech , Karpiński Andrzej

Identyfikatory

DOI

10.24425/ijet.2019.126303

• Języki publikacji: EN

Abstrakty

EN

The biggest software development companies conduct daily more than hundreds deployments which influence currently operating IT (Information Technology) systems. This is possible due to the availability of automatic mechanisms which are providing their functional testing and later applications deployment. Unfortunately, nowadays, there are no tools or even a set of good practices related to the problem on how to include IT security issues into the whole production and deployment processes. This paper describes how to deal with this problem in the large mobile telecommunication operator environment.

Słowa kluczowe

EN

IT security; devops; cloud security

• Wydawca: Polish Academy of Sciences, Committee of Electronics and Telecommunication
• Czasopismo: International Journal of Electronics and Telecommunications
• Rocznik: 2019
• Tom: Vol. 65, No. 2
• Strony: 211--216
• Opis fizyczny: Bibliogr. 21 poz., rys., tab.

Twórcy

autor

Siewruk Grzegorz

• Warsaw University of Technology, Institute of Telecommunications, Faculty of Electronics and Information Technology and Orange Poland, Department of ITN Security, Warsaw, Poland

autor

Mazurczyk Wojciech

• Warsaw University of Technology, Institute of Telecommunications, Faculty of Electronics and Information Technology, Warsaw, Poland

autor

Karpiński Andrzej

• Orange Poland, Department of ITN Security, Warsaw, Poland

Bibliografia

• [1] Abubaker Wahaballa, Osman Wahballa, Majdi Abdellatief, Hu Xiong and Zhiguang Qin, “Toward unified DevOps model” in 2015 6th IEEE International Conference on Software Engineering and Service Science (ICSESS).
• [2] Adnan Masood and Jim Java, “Static analysis for web service security - Tools & techniques for a secure development life cycle” in 2015 IEEE International Symposium on Technologies for Homeland Security (HST).
• [3] Center for Internet Security. Downloaded from https://www.cisecurity.org/cis-benchmarks/
• [4] Chirag Doshi and Dhaval Doshi, “A Peek into an Agile Infected Culture” in 2009 Agile Conference.
• [5] Daniel Ståhl, Kristofer Hallén and Jan Bosch, “Continuous Integration and Delivery Traceability in Industry: Needs and Practices” in 2017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA).
• [6] Adam Gordon, “The Hybrid Cloud Security Professional” in IEEE Cloud Computing ( Volume: 3, Issue: 1, Jan.-Feb. 2016 ) .
• [7] H. Drucker, Donghui Wu and V.N. Vapnik, “Support vector machines for spam categorization” in IEEE Transactions on Neural Networks (Volume: 10 , Issue: 5 , Sep 1999 )
• [8] Hongchen Gui, Qiliang Liang and Zhiqiang Li, “An improved AD-LDA topic model based on weighted Gibbs sampling, 2016 IEEE Advanced Information Management” in Communicates, Electronic and Automation Control Conference (IMCEC)
• [9] Ionel Gordin, Adrian Graur, Alin Potorac and Doru Balan, “Security Assessment of OpenStack cloud using outside and inside software tools” in 14th International Conference on DEVELOPMENT AND APPLICATION SYSTEMS, Suceava, Romania, May 24-26, 2018.
• [10] Lindita Nebiu Hyseni and Afërdita Ibrahimi, “Comparison of the cloud computing platforms provided by Amazon and Google” in 2017 Computing Conference.
• [11] Marco Anisetti, Claudio A. Ardagna, Ernesto Damiani and Filippo Gaudenzi, “A Security Benchmark for OpenStack” in 2017 IEEE 10th International Conference on Cloud Computing.
• [12] Nishant Kumar Singh, Sanjeev Thakur, Himanshu Chaurasiya and Himanshu Nagdev, “Automated provisioning of application in IAAS cloud using Ansible configuration management” in 2015 1st International Conference on Next Generation Computing Technologies (NGCT).
• [13] OWASP. Downloaded from https://www.owasp.org/index.php/Main_Page
• [14] P. P. W. Pathirathna, V. A. I. Ayesha, W. A. T. Imihira, W. M. J. C. Wasala, Nuwan Kodagoda and E. A. T. D. Edirisinghe, “Security testing as a service with docker containerization” in 2017 11th International Conference on Software, Knowledge, Information Management and Applications (SKIMA).
• [15] Shruti Kapil, Meenu Chawla and Mohd Dilshad Ansari, “On K-means data clustering algorithm with genetic algorithm” in 2016 Fourth International Conference on Parallel, Distributed and Grid Computing (PDGC)
• [16] Shubham Awasthi, Anay Pathak and Lovekesh Kapoor, “Openstack-paradigm shift to open source cloud computing & its integration” in 2016 2nd International Conference on Contemporary Computing and Informatics (IC3I).
• [17] Turki Alharkan and Patrick Martin, “IDSaaS: Intrusion Detection System as a Service in Public Clouds” in 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.
• [18] Wu Qianqian and Liu Xiangjun, “Research and design on Web application vulnerability scanning service” in 2014 IEEE 5th International Conference on Software Engineering and Service Science.
• [19] Xuexiu Chen, Chi Chen, Yuan Tao and Jiankun Hu, “A Cloud Security Assessment System Based on Classifying and Grading” in IEEE Cloud Computing Published by The IEEE Computer Society.
• [20] Yasuharu Katsuno, Ashish Kundu, Koushik K. Das, Hitomi Takahashi, Robert Schloss, Prasenjit Dey and Mukesh Mohania, “Security, Compliance, and Agile Deployment of Personal Identifiable Information Solutions on a Public Cloud” in 2016 IEEE 9th International Conference on Cloud Computing.
• [21] Ziqiang Zhou, Changhua Sun, Jiazhong Lu and Fengmao Lv, “Research and Implementation of Mobile Application Security Detection Combining Static and Dynamic” in 2018 10th International Conference on Measuring Technology and Mechatronics Automation (ICMTMA).

Uwagi

Opracowanie rekordu w ramach umowy 509/P-DUN/2018 ze środków MNiSW przeznaczonych na działalność upowszechniającą naukę (2019).