Íomhá chlúdaigh

Resilient Cloud cluster with DevSecOps security model, automates a data analysis, vulnerability search and risk calculation

Sábháilte in:
Foilsithe in:arXiv.org (Dec 15, 2024), p. n/a
Príomhchruthaitheoir: Abed Saif Ahmed Alghawli
Rannpháirtithe: Radivilova, Tamara
Foilsithe / Cruthaithe:
Cornell University Library, arXiv.org
Ábhair:
Data analysis
Software
Product development
Software development
Risk assessment
Applications programs
Pipelining (computers)
Cloud computing
Programming languages
Software reliability
Threat evaluation
Algorithms
Clusters
Automation
Digitization
Cybersecurity
Rochtain ar líne:Citation/Abstract
Full text outside of ProQuest
Clibeanna: Cuir clib leis
Níl clibeanna ann, Bí ar an gcéad duine le clib a chur leis an taifead seo!
Achoimre:Automated, secure software development is an important task of digitalization, which is solved with the DevSecOps approach. An important part of the DevSecOps approach is continuous risk assessment, which is necessary to identify and evaluate risk factors. Combining the development cycle with continuous risk assessment creates synergies in software development and operation and minimizes vulnerabilities. The article presents the main methods of deploying web applications, ways to increase the level of information security at all stages of product development, compares different types of infrastructures and cloud computing providers, and analyzes modern tools used to automate processes. The cloud cluster was deployed using Terraform and the Jenkins pipeline, which is written in the Groovy programming language, which checks program code for vulnerabilities and allows you to fix violations at the earliest stages of developing secure web applications. The developed cluster implements the proposed algorithm for automated risk assessment based on the calculation (modeling) of threats and vulnerabilities of cloud infrastructure, which operates in real time, periodically collecting all information and adjusting the system in accordance with the risk and applied controls. The algorithm for calculating risk and losses is based on statistical data and the concept of the FAIR information risk assessment methodology. The risk value obtained using the proposed method is quantitative, which allows more efficient forecasting of information security costs in software development.
ISSN:2331-8422
DOI:10.1016/j.aej.2024.07.036
Foinse:Engineering Database