loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Faheem Ullah 1 ; Adam Johannes Raft 2 ; Mojtaba Shahin 1 ; Mansooreh Zahedi 2 and Muhammad Ali Babar 1

Affiliations: 1 The University of Adelaide, Australia ; 2 IT University of Copenhagen, Denmark

Keyword(s): Continuous Deployment Pipeline, Continuous Deployment, Security, Continuous Integration.

Related Ontology Subjects/Areas/Topics: Application Integration Technologies ; Applications ; Software Engineering

Abstract: Continuous Deployment (CD) has emerged as a new practice in the software industry to continuously and automatically deploy software changes into production. Continuous Deployment Pipeline (CDP) supports CD practice by transferring the changes from the repository to production. Since most of the CDP components run in an environment that has several interfaces to the Internet, these components are vulnerable to various kinds of malicious attacks. This paper reports our work aimed at designing secure CDP by utilizing security tactics. We have demonstrated the effectiveness of five security tactics in designing a secure pipeline by conducting an experiment on two CDPs– one incorporates security tactics while the other does not. Both CDPs have been analysed qualitatively and quantitatively. We used assurance cases with goal-structured notations for qualitative analysis. For quantitative analysis, we used penetration tools. Our findings indicate that the applied tactics improve the securit y of the major components (i.e., repository, continuous integration server, main server) of a CDP by controlling access to the components and establishing secure connections. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.135.183.187

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Ullah, F.; Raft, A.; Shahin, M.; Zahedi, M. and Ali Babar, M. (2017). Security Support in Continuous Deployment Pipeline. In Proceedings of the 12th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE; ISBN 978-989-758-250-9; ISSN 2184-4895, SciTePress, pages 57-68. DOI: 10.5220/0006318200570068

@conference{enase17,
author={Faheem Ullah. and Adam Johannes Raft. and Mojtaba Shahin. and Mansooreh Zahedi. and Muhammad {Ali Babar}.},
title={Security Support in Continuous Deployment Pipeline},
booktitle={Proceedings of the 12th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE},
year={2017},
pages={57-68},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006318200570068},
isbn={978-989-758-250-9},
issn={2184-4895},
}

TY - CONF

JO - Proceedings of the 12th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE
TI - Security Support in Continuous Deployment Pipeline
SN - 978-989-758-250-9
IS - 2184-4895
AU - Ullah, F.
AU - Raft, A.
AU - Shahin, M.
AU - Zahedi, M.
AU - Ali Babar, M.
PY - 2017
SP - 57
EP - 68
DO - 10.5220/0006318200570068
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic