Security support in continuous deployment pipeline

Faheem Ullah; Adam Johannes Raft; Mojtaba Shahin; Mansooreh Zahedi; Muhammad Ali Babar

doi:10.5220/0006318200570068

Security support in continuous deployment pipeline

Faheem Ullah, Adam Johannes Raft, Mojtaba Shahin, Mansooreh Zahedi, Muhammad Ali Babar

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

5 Citations (Scopus)

Abstract

Continuous Deployment (CD) has emerged as a new practice in the software industry to continuously and automatically deploy software changes into production. Continuous Deployment Pipeline (CDP) supports CD practice by transferring the changes from the repository to production. Since most of the CDP components run in an environment that has several interfaces to the Internet, these components are vulnerable to various kinds of malicious attacks. This paper reports our work aimed at designing secure CDP by utilizing security tactics. We have demonstrated the effectiveness of five security tactics in designing a secure pipeline by conducting an experiment on two CDPs- one incorporates security tactics while the other does not. Both CDPs have been analysed qualitatively and quantitatively. We used assurance cases with goal-structured notations for qualitative analysis. For quantitative analysis, we used penetration tools. Our findings indicate that the applied tactics improve the security of the major components (i.e., repository, continuous integration server, main server) of a CDP by controlling access to the components and establishing secure connections.

Original language	English
Title of host publication	Proceedings of the 12th International Conference on Evaluation of Novel Approaches to Software Engineering
Editors	Ernesto Damiani, George Spanoudakis, Leszek Maciaszek
Place of Publication	Portugal
Publisher	Scitepress
Pages	57-68
Number of pages	12
Volume	1
ISBN (Electronic)	9789897582509
DOIs	https://doi.org/10.5220/0006318200570068
Publication status	Published - 2017
Externally published	Yes
Event	International Conference on Evaluation of Novel Approaches to Software Engineering 2017 - Porto, Portugal Duration: 28 Apr 2017 → 29 Apr 2017 Conference number: 12th http://www.enase.org/?y=2017 https://link.springer.com/book/10.1007/978-3-319-94135-6

Conference

Conference	International Conference on Evaluation of Novel Approaches to Software Engineering 2017
Abbreviated title	ENASE 2017
Country/Territory	Portugal
City	Porto
Period	28/04/17 → 29/04/17
Internet address	http://www.enase.org/?y=2017 https://link.springer.com/book/10.1007/978-3-319-94135-6

Keywords

Continuous deployment
Continuous deployment pipeline
Continuous integration
Security

Access to Document

10.5220/0006318200570068

287599634-oaFinal published version, 2.12 MB

Cite this

@inproceedings{b3235dfae635416cac75dc339a62e184,

title = "Security support in continuous deployment pipeline",

abstract = "Continuous Deployment (CD) has emerged as a new practice in the software industry to continuously and automatically deploy software changes into production. Continuous Deployment Pipeline (CDP) supports CD practice by transferring the changes from the repository to production. Since most of the CDP components run in an environment that has several interfaces to the Internet, these components are vulnerable to various kinds of malicious attacks. This paper reports our work aimed at designing secure CDP by utilizing security tactics. We have demonstrated the effectiveness of five security tactics in designing a secure pipeline by conducting an experiment on two CDPs- one incorporates security tactics while the other does not. Both CDPs have been analysed qualitatively and quantitatively. We used assurance cases with goal-structured notations for qualitative analysis. For quantitative analysis, we used penetration tools. Our findings indicate that the applied tactics improve the security of the major components (i.e., repository, continuous integration server, main server) of a CDP by controlling access to the components and establishing secure connections.",

keywords = "Continuous deployment, Continuous deployment pipeline, Continuous integration, Security",

author = "Faheem Ullah and Raft, {Adam Johannes} and Mojtaba Shahin and Mansooreh Zahedi and Babar, {Muhammad Ali}",

year = "2017",

doi = "10.5220/0006318200570068",

language = "English",

volume = "1",

pages = "57--68",

editor = "Ernesto Damiani and George Spanoudakis and Leszek Maciaszek",

booktitle = "Proceedings of the 12th International Conference on Evaluation of Novel Approaches to Software Engineering",

publisher = "Scitepress",

address = "Portugal",

note = "International Conference on Evaluation of Novel Approaches to Software Engineering 2017, ENASE 2017 ; Conference date: 28-04-2017 Through 29-04-2017",

url = "http://www.enase.org/?y=2017, https://link.springer.com/book/10.1007/978-3-319-94135-6",

}

Ullah, F, Raft, AJ, Shahin, M, Zahedi, M & Babar, MA 2017, Security support in continuous deployment pipeline. in E Damiani, G Spanoudakis & L Maciaszek (eds), Proceedings of the 12th International Conference on Evaluation of Novel Approaches to Software Engineering. vol. 1, Scitepress, Portugal , pp. 57-68, International Conference on Evaluation of Novel Approaches to Software Engineering 2017, Porto, Portugal, 28/04/17. https://doi.org/10.5220/0006318200570068

Security support in continuous deployment pipeline. / Ullah, Faheem; Raft, Adam Johannes; Shahin, Mojtaba et al.
Proceedings of the 12th International Conference on Evaluation of Novel Approaches to Software Engineering. ed. / Ernesto Damiani; George Spanoudakis; Leszek Maciaszek. Vol. 1 Portugal : Scitepress, 2017. p. 57-68.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Security support in continuous deployment pipeline

AU - Ullah, Faheem

AU - Raft, Adam Johannes

AU - Shahin, Mojtaba

AU - Zahedi, Mansooreh

AU - Babar, Muhammad Ali

N1 - Conference code: 12th

PY - 2017

Y1 - 2017

N2 - Continuous Deployment (CD) has emerged as a new practice in the software industry to continuously and automatically deploy software changes into production. Continuous Deployment Pipeline (CDP) supports CD practice by transferring the changes from the repository to production. Since most of the CDP components run in an environment that has several interfaces to the Internet, these components are vulnerable to various kinds of malicious attacks. This paper reports our work aimed at designing secure CDP by utilizing security tactics. We have demonstrated the effectiveness of five security tactics in designing a secure pipeline by conducting an experiment on two CDPs- one incorporates security tactics while the other does not. Both CDPs have been analysed qualitatively and quantitatively. We used assurance cases with goal-structured notations for qualitative analysis. For quantitative analysis, we used penetration tools. Our findings indicate that the applied tactics improve the security of the major components (i.e., repository, continuous integration server, main server) of a CDP by controlling access to the components and establishing secure connections.

AB - Continuous Deployment (CD) has emerged as a new practice in the software industry to continuously and automatically deploy software changes into production. Continuous Deployment Pipeline (CDP) supports CD practice by transferring the changes from the repository to production. Since most of the CDP components run in an environment that has several interfaces to the Internet, these components are vulnerable to various kinds of malicious attacks. This paper reports our work aimed at designing secure CDP by utilizing security tactics. We have demonstrated the effectiveness of five security tactics in designing a secure pipeline by conducting an experiment on two CDPs- one incorporates security tactics while the other does not. Both CDPs have been analysed qualitatively and quantitatively. We used assurance cases with goal-structured notations for qualitative analysis. For quantitative analysis, we used penetration tools. Our findings indicate that the applied tactics improve the security of the major components (i.e., repository, continuous integration server, main server) of a CDP by controlling access to the components and establishing secure connections.

KW - Continuous deployment

KW - Continuous deployment pipeline

KW - Continuous integration

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85025469332&partnerID=8YFLogxK

U2 - 10.5220/0006318200570068

DO - 10.5220/0006318200570068

M3 - Conference Paper

AN - SCOPUS:85025469332

VL - 1

SP - 57

EP - 68

BT - Proceedings of the 12th International Conference on Evaluation of Novel Approaches to Software Engineering

A2 - Damiani, Ernesto

A2 - Spanoudakis, George

A2 - Maciaszek, Leszek

PB - Scitepress

CY - Portugal

T2 - International Conference on Evaluation of Novel Approaches to Software Engineering 2017

Y2 - 28 April 2017 through 29 April 2017

ER -

Security support in continuous deployment pipeline

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this