Resilient Cloud cluster with DevSecOps security model, automates a data analysis, vulnerability search and risk calculation
Sparad:
| I publikationen: | arXiv.org (Dec 15, 2024), p. n/a |
|---|---|
| Huvudupphov: | |
| Övriga upphov: | |
| Utgiven: |
Cornell University Library, arXiv.org
|
| Ämnen: | |
| Länkar: | Citation/Abstract Full text outside of ProQuest |
| Taggar: |
Inga taggar, Lägg till första taggen!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 3148979696 | ||
| 003 | UK-CbPIL | ||
| 022 | |a 2331-8422 | ||
| 024 | 7 | |a 10.1016/j.aej.2024.07.036 |2 doi | |
| 035 | |a 3148979696 | ||
| 045 | 0 | |b d20241215 | |
| 100 | 1 | |a Abed Saif Ahmed Alghawli | |
| 245 | 1 | |a Resilient Cloud cluster with DevSecOps security model, automates a data analysis, vulnerability search and risk calculation | |
| 260 | |b Cornell University Library, arXiv.org |c Dec 15, 2024 | ||
| 513 | |a Working Paper | ||
| 520 | 3 | |a Automated, secure software development is an important task of digitalization, which is solved with the DevSecOps approach. An important part of the DevSecOps approach is continuous risk assessment, which is necessary to identify and evaluate risk factors. Combining the development cycle with continuous risk assessment creates synergies in software development and operation and minimizes vulnerabilities. The article presents the main methods of deploying web applications, ways to increase the level of information security at all stages of product development, compares different types of infrastructures and cloud computing providers, and analyzes modern tools used to automate processes. The cloud cluster was deployed using Terraform and the Jenkins pipeline, which is written in the Groovy programming language, which checks program code for vulnerabilities and allows you to fix violations at the earliest stages of developing secure web applications. The developed cluster implements the proposed algorithm for automated risk assessment based on the calculation (modeling) of threats and vulnerabilities of cloud infrastructure, which operates in real time, periodically collecting all information and adjusting the system in accordance with the risk and applied controls. The algorithm for calculating risk and losses is based on statistical data and the concept of the FAIR information risk assessment methodology. The risk value obtained using the proposed method is quantitative, which allows more efficient forecasting of information security costs in software development. | |
| 653 | |a Data analysis | ||
| 653 | |a Software | ||
| 653 | |a Product development | ||
| 653 | |a Software development | ||
| 653 | |a Risk assessment | ||
| 653 | |a Applications programs | ||
| 653 | |a Pipelining (computers) | ||
| 653 | |a Cloud computing | ||
| 653 | |a Programming languages | ||
| 653 | |a Software reliability | ||
| 653 | |a Threat evaluation | ||
| 653 | |a Algorithms | ||
| 653 | |a Clusters | ||
| 653 | |a Automation | ||
| 653 | |a Digitization | ||
| 653 | |a Cybersecurity | ||
| 700 | 1 | |a Radivilova, Tamara | |
| 773 | 0 | |t arXiv.org |g (Dec 15, 2024), p. n/a | |
| 786 | 0 | |d ProQuest |t Engineering Database | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/3148979696/abstract/embedded/6A8EOT78XXH2IG52?source=fedsrch |
| 856 | 4 | 0 | |3 Full text outside of ProQuest |u http://arxiv.org/abs/2412.16190 |