Security Support in Continuous Deployment Pipeline

Faheem Ullah; Adam Johannes Raft; Mojtaba Shahin; Mansooreh Zahedi; Muhammad Ali Babar

doi:10.5220/0006318200570068

Security Support in Continuous Deployment Pipeline

Faheem Ullah, Adam Johannes Raft, Mojtaba Shahin, Mansooreh Zahedi, Muhammad Ali Babar

2017

Abstract

Continuous Deployment (CD) has emerged as a new practice in the software industry to continuously and automatically deploy software changes into production. Continuous Deployment Pipeline (CDP) supports CD practice by transferring the changes from the repository to production. Since most of the CDP components run in an environment that has several interfaces to the Internet, these components are vulnerable to various kinds of malicious attacks. This paper reports our work aimed at designing secure CDP by utilizing security tactics. We have demonstrated the effectiveness of five security tactics in designing a secure pipeline by conducting an experiment on two CDPs– one incorporates security tactics while the other does not. Both CDPs have been analysed qualitatively and quantitatively. We used assurance cases with goal-structured notations for qualitative analysis. For quantitative analysis, we used penetration tools. Our findings indicate that the applied tactics improve the security of the major components (i.e., repository, continuous integration server, main server) of a CDP by controlling access to the components and establishing secure connections.

Download

Paper Citation

in Harvard Style

Ullah F., Raft A., Shahin M., Zahedi M. and Ali Babar M. (2017). Security Support in Continuous Deployment Pipeline . In Proceedings of the 12th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE, ISBN 978-989-758-250-9, pages 57-68. DOI: 10.5220/0006318200570068

in Bibtex Style

@conference{enase17,
author={Faheem Ullah and Adam Johannes Raft and Mojtaba Shahin and Mansooreh Zahedi and Muhammad Ali Babar},
title={Security Support in Continuous Deployment Pipeline},
booktitle={Proceedings of the 12th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,},
year={2017},
pages={57-68},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006318200570068},
isbn={978-989-758-250-9},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,
TI - Security Support in Continuous Deployment Pipeline
SN - 978-989-758-250-9
AU - Ullah F.
AU - Raft A.
AU - Shahin M.
AU - Zahedi M.
AU - Ali Babar M.
PY - 2017
SP - 57
EP - 68
DO - 10.5220/0006318200570068