表紙画像

Resilient Cloud cluster with DevSecOps security model, automates a data analysis, vulnerability search and risk calculation

保存先:
出版年:arXiv.org (Dec 15, 2024), p. n/a
第一著者: Abed Saif Ahmed Alghawli
その他の著者: Radivilova, Tamara
出版事項:
Cornell University Library, arXiv.org
主題:
Data analysis
Software
Product development
Software development
Risk assessment
Applications programs
Pipelining (computers)
Cloud computing
Programming languages
Software reliability
Threat evaluation
Algorithms
Clusters
Automation
Digitization
Cybersecurity
オンライン・アクセス:Citation/Abstract
Full text outside of ProQuest
タグ: タグ追加
タグなし, このレコードへの初めてのタグを付けませんか!
抄録:Automated, secure software development is an important task of digitalization, which is solved with the DevSecOps approach. An important part of the DevSecOps approach is continuous risk assessment, which is necessary to identify and evaluate risk factors. Combining the development cycle with continuous risk assessment creates synergies in software development and operation and minimizes vulnerabilities. The article presents the main methods of deploying web applications, ways to increase the level of information security at all stages of product development, compares different types of infrastructures and cloud computing providers, and analyzes modern tools used to automate processes. The cloud cluster was deployed using Terraform and the Jenkins pipeline, which is written in the Groovy programming language, which checks program code for vulnerabilities and allows you to fix violations at the earliest stages of developing secure web applications. The developed cluster implements the proposed algorithm for automated risk assessment based on the calculation (modeling) of threats and vulnerabilities of cloud infrastructure, which operates in real time, periodically collecting all information and adjusting the system in accordance with the risk and applied controls. The algorithm for calculating risk and losses is based on statistical data and the concept of the FAIR information risk assessment methodology. The risk value obtained using the proposed method is quantitative, which allows more efficient forecasting of information security costs in software development.
ISSN:2331-8422
DOI:10.1016/j.aej.2024.07.036
ソース:Engineering Database