VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices

Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI:10.1145/3600160.3605054

Eduard Paul Enoiu, D. Truscan, A. Sadovykh, Wissam Mallouli

{"title":"VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices","authors":"Eduard Paul Enoiu, D. Truscan, A. Sadovykh, Wissam Mallouli","doi":"10.1145/3600160.3605054","DOIUrl":null,"url":null,"abstract":"VeriDevOps offers a methodology and a set of integrated mechanisms that significantly improve automation in DevOps to protect systems at operations time and prevent security issues at development time by (1) specifying security requirements, (2) generating trace monitors, (3) locating root causes of vulnerabilities, and (4) identifying security flaws in code and designs. This paper presents a methodology that enhances productivity and enables the continuous integration/delivery of trustworthy systems. We outline the methodology, its application to relevant scenarios, and offer recommendations for engineers and managers adopting the VeriDevOps approach. Practitioners applying the VeriDevOps methodology should include security modeling in the DevOps process, integrate security verification throughout all stages, utilize automated test generation tools for security requirements, and implement a comprehensive security monitoring system, with regular review and update procedures to maintain relevance and effectiveness.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3605054","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

VeriDevOps offers a methodology and a set of integrated mechanisms that significantly improve automation in DevOps to protect systems at operations time and prevent security issues at development time by (1) specifying security requirements, (2) generating trace monitors, (3) locating root causes of vulnerabilities, and (4) identifying security flaws in code and designs. This paper presents a methodology that enhances productivity and enables the continuous integration/delivery of trustworthy systems. We outline the methodology, its application to relevant scenarios, and offer recommendations for engineers and managers adopting the VeriDevOps approach. Practitioners applying the VeriDevOps methodology should include security modeling in the DevOps process, integrate security verification throughout all stages, utilize automated test generation tools for security requirements, and implement a comprehensive security monitoring system, with regular review and update procedures to maintain relevance and effectiveness.

查看原文本刊更多论文

VeriDevOps软件方法论:DevOps实践的安全验证和确认

VeriDevOps提供了一种方法和一套集成机制，通过(1)指定安全需求，(2)生成跟踪监视器，(3)定位漏洞的根本原因，(4)识别代码和设计中的安全缺陷，显著提高了DevOps的自动化程度，从而在操作时保护系统，并防止在开发时出现安全问题。本文提出了一种方法，可以提高生产力，并使持续集成/交付可信系统成为可能。我们概述了该方法及其在相关场景中的应用，并为采用VeriDevOps方法的工程师和管理人员提供了建议。应用VeriDevOps方法的从业者应该在DevOps过程中包括安全建模，在所有阶段集成安全验证，利用自动化测试生成工具来满足安全需求，并实施全面的安全监控系统，定期审查和更新程序以保持相关性和有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 18th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量