DEVSECOPS METHODOLOGY FOR NG-IOT ECOSYSTEM DEVELOPMENT LIFECYCLE – ASSIST-IOT PERSPECTIVE

Journal of Computer Science and Cybernetics Pub Date : 2021-01-01 DOI:10.15625/1813-9663/37/3/16245

M. Paprzycki, M. Ganzha, K. Wasielewska, Piotr Lewandowski

{"title":"DEVSECOPS METHODOLOGY FOR NG-IOT ECOSYSTEM DEVELOPMENT LIFECYCLE – ASSIST-IOT PERSPECTIVE","authors":"M. Paprzycki, M. Ganzha, K. Wasielewska, Piotr Lewandowski","doi":"10.15625/1813-9663/37/3/16245","DOIUrl":null,"url":null,"abstract":"Current software projects require continuous integration during their whole lifetime. In this context, different approaches regarding introduction of DevOps and DevSecOps strategies have been proposed in the literature. While DevOps proposes an agile methodology for the development and instantiation of software platforms with minimal impact in any kind of operations environment, this contribution proposes the introduction of DevOps methodology for Next Generation IoT deployments. Moreover, novelty of the proposed approach lies in leveraging DevSecOps in different stages and layers of the architecture. In particular, the present work describes the different DevSecOps methodology tasks, and how the security is included on pre-design activities such as planning, creation or adaptation, the design and implementation, as well as on post-implementation activities such as detection, response. Without proper consideration of security and privacy best practices identified in this article, the continuous delivery of services using DevOps methodologies may create risks and introduce different vulnerabilities for Next Generation IoT deployments.","PeriodicalId":15444,"journal":{"name":"Journal of Computer Science and Cybernetics","volume":"101 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Science and Cybernetics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.15625/1813-9663/37/3/16245","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Current software projects require continuous integration during their whole lifetime. In this context, different approaches regarding introduction of DevOps and DevSecOps strategies have been proposed in the literature. While DevOps proposes an agile methodology for the development and instantiation of software platforms with minimal impact in any kind of operations environment, this contribution proposes the introduction of DevOps methodology for Next Generation IoT deployments. Moreover, novelty of the proposed approach lies in leveraging DevSecOps in different stages and layers of the architecture. In particular, the present work describes the different DevSecOps methodology tasks, and how the security is included on pre-design activities such as planning, creation or adaptation, the design and implementation, as well as on post-implementation activities such as detection, response. Without proper consideration of security and privacy best practices identified in this article, the continuous delivery of services using DevOps methodologies may create risks and introduce different vulnerabilities for Next Generation IoT deployments.

查看原文本刊更多论文

开发物联网生态系统开发生命周期的方法-辅助物联网视角

当前的软件项目在其整个生命周期中都需要持续集成。在这种背景下，文献中提出了引入DevOps和DevSecOps策略的不同方法。DevOps为软件平台的开发和实例化提出了一种敏捷的方法，在任何类型的操作环境中都能将影响降到最低，而这一贡献则提出了为下一代物联网部署引入DevOps方法。此外，所建议的方法的新颖之处在于在架构的不同阶段和层中利用DevSecOps。特别是，目前的工作描述了不同的DevSecOps方法任务，以及如何将安全性包含在设计前活动(如规划、创建或调整、设计和实现)以及实施后活动(如检测、响应)中。如果没有适当考虑本文中确定的安全和隐私最佳实践，使用DevOps方法持续交付服务可能会产生风险，并为下一代物联网部署引入不同的漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Computer Science and Cybernetics

自引率

0.00%

发文量