A DevOps framework for quality-driven self-protection in web software systems
Authors: 
Nasim Beigi-Mohammadi, 
Marin Litoiu, Mahsa Emami-Taba, Ladan Tahvildari, Marios Fokaefs, Ettore Merlo, Iosif Viorel OnutAuthors Info & Claims
Pages 270 - 274
Abstract
Modern software is developed, deployed and operates continuously. At the same time, cyberattacks are on the rise. The continuity of development and operations and the constant threat of attacks requires novel approaches to identify, analyze and address potential security vulnerabilities. In this continuous and volatile execution environment, factors like security, performance, cost and functionality may not be able to be guaranteed in the same degree at the same time. In this work, we propose a DevOps framework for security adaptation that enables the development and operations teams to collaborate and address security vulnerabilities. The proposed framework spans across the different phases of software (development, operations, maintenance) and considers all other factors (performance, cost, functionality), when deciding for security adaptations. We demonstrate the approach on a prototype tool that shows how teams work together to tackle security concerns.
References
[1]
Autonomic Computing. 2005. An Architectural Blueprint for Autonomic Computing. Technical Report. IBM.
[2]
Nasim Beigi-Mohammadi, Cornel Barna, Mark Shtern, Hamzeh Khazaei, and Marin Litoiu. 2016. CAAMP: Completely Automated DDoS Attack Mitigation Platform in Hybrid Clouds. In International Conference of Network and Service Management (CNSM). IEEE.
[3]
Yuriy Brun, Giovanna Di Marzo Serugendo, Cristina Gacek, Holger Giese, Holger M Kienle, Marin Litoiu, Hausi A Müller, Mauro Pezzè, and Mary Shaw. 2009. Engineering Self-Adaptive Systems through Feedback Loops. Software engineering for self-adaptive systems 5525 (2009), 48--70.
[4]
Betty HC Cheng, Rogerio De Lemos, Holger Giese, Paola Inverardi, Jeff Magee, Jesper Andersson, Basil Becker, Nelly Bencomo, Yuriy Brun, Bojan Cukic, et al. 2009. Software engineering for self-adaptive systems: A research roadmap. In Software engineering for self-adaptive systems. Springer, 1--26.
[5]
Mahsa Emami-Taba and Ladan Tahvildari. 2016. A Bayesian Game Decision-Making Model for Uncertain Adversary Types. In Proceedings of IBM International Conference on Computer Science and Software Engineering. 39--49.
[6]
David Garlan, Shang-Wen Cheng, An-Cheng Huang, Bradley Schmerl, and Peter Steenkiste. 2004. Rainbow: Architecture-based self-adaptation with reusable infrastructure. Computer 37, 10 (2004), 46--54.
[7]
François Gauthier and Ettore Merlo. 2012. Fast Detection of Access Control Vulnerabilities in PHP Applications. In 19th Working Conference on Reverse Engineering, WCRE 2012, Kingston, ON, Canada, October 15--18, 2012. 247--256.
[8]
Michael Hüttermann. 2012. DevOps for developers. Apress.
[9]
IBM. 2017. IBM QRadar SIEM. https://www.ibm.com/us-en/marketplace/ibm-qradar-siem/details
[10]
Martina Maggio, Henry Hoffmann, Alessandro V Papadopoulos, Jacopo Panerati, Marco D Santambrogio, Anant Agarwal, and Alberto Leva. 2012. Comparison of decision-making strategies for self-optimization in autonomic computing systems. ACM Transactions on Autonomous and Adaptive Systems (TAAS) 7, 4 (2012), 36.
[11]
Yar Rouf, Mark Shtern, Marios Fokaefs, and Marin Litoiu. 2017. A Hierarchical Architecture for Distributed Security Control of Large Scale Systems. In Proceedings of the 39th International Conference on Software Engineering Companion (ICSE-C '17). IEEE Press, Piscataway, NJ, USA, 118--120.
[12]
Mazeiar Salehie, Liliana Pasquale, Inah Omoronyia, Raian Ali, and Bashar Nuseibeh. 2012. Requirements-driven adaptive security: Protecting variable assets at runtime. In Requirements Engineering Conference (RE), 2012 20th IEEE International. IEEE, 111--120.
[13]
Bradley Schmerl, Javier Cámara, Jeffrey Gennari, David Garlan, Paulo Casanova, Gabriel A. Moreno, Thomas J. Glazierr, and Jeffrey M. Barnes. 2014. Architecture-Based Self-Protection: Composing and Reasoning about Denial-of-Service Mitigations. In Proceedings of Symposium and Bootcamp on the Science of Security. 2:1--2:12.
[14]
C. Tsigkanos, L. Pasquale, C. Ghezzi, and B. Nuseibeh. 2017. On the Interplay Between Cyber and Physical Spaces for Adaptive Security. IEEE Transactions on Dependable and Secure Computing PP, 99 (2017), 1--1.
[15]
Eric Yuan, Sam Malek, Bradley Schmerl, David Garlan, and Jeff Gennari. 2013. Architecture-based self-protecting software systems. In Proceedings of the 9th international ACM Sigsoft conference on Quality of software architectures. ACM, 33--42.
Recommendations
Software security in DevOps: synthesizing practitioners' perceptions and practices
CSED '16: Proceedings of the International Workshop on Continuous Software Evolution and DeliveryIn organizations that use DevOps practices, software changes can be deployed as fast as 500 times or more per day. Without adequate involvement of the security team, rapidly deployed software changes are more likely to contain vulnerabilities due to ...
DevOps and software quality: A systematic mapping
AbstractQuality pressure is one of the factors affecting processes for software development in its various stages. DevOps is one of the proposed solutions to such pressure. The primary focus of DevOps is to increase the deployment speed, ...
Architecture-based self-protecting software systems
QoSA '13: Proceedings of the 9th international ACM Sigsoft conference on Quality of software architecturesSince conventional software security approaches are often manually developed and statically deployed, they are no longer sufficient against today's sophisticated and evolving cyber security threats. This has motivated the development of self-protecting ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2018
439 pages
- Conference Chair:
- Iosif Viorel Onut,
- Editors:
- Andrew Jaramillo,
- Guy-Vincent Jourdan,
- Program Chairs:
- Dorina Petriu,
- Wang Chen
Publisher
IBM Corp.
United States
Publication History
Published: 29 October 2018
Author Tags
Qualifiers
- Research-article
Acceptance Rates
Overall Acceptance Rate 24 of 90 submissions, 27%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 209Total Downloads
- Downloads (Last 12 months)7
- Downloads (Last 6 weeks)0
Reflects downloads up to 20 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in