4 research outputs found
Composing patterns to construct secure systems
Building secure applications requires significant expertise. Secure platforms and security patterns have been proposed to alleviate this problem. However, correctly applying patterns to use platform features is still highly expertise-dependent. Patterns are informal and there is a gap between them and platform features. We propose the concept of reusable verified design fragments, which package security patterns and platform features and are verified to provide assurance about their security properties. Design fragments can be composed through four primitive tactics. The verification of the composed design against desired security properties is presented in an assurance case. We demonstrate our approach by securing a Continuous Deployment pipeline and show that the tactics are sufficient to compose design fragments into a secure system. Finally, we formally define composition tactics, which are intended to support the development of systems that are secure by construction
Security Support in Continuous Deployment Pipeline
Continuous Deployment (CD) has emerged as a new practice in the software
industry to continuously and automatically deploy software changes into
production. Continuous Deployment Pipeline (CDP) supports CD practice by
transferring the changes from the repository to production. Since most of the
CDP components run in an environment that has several interfaces to the
Internet, these components are vulnerable to various kinds of malicious
attacks. This paper reports our work aimed at designing secure CDP by utilizing
security tactics. We have demonstrated the effectiveness of five security
tactics in designing a secure pipeline by conducting an experiment on two CDPs
- one incorporates security tactics while the other does not. Both CDPs have
been analyzed qualitatively and quantitatively. We used assurance cases with
goal-structured notations for qualitative analysis. For quantitative analysis,
we used penetration tools. Our findings indicate that the applied tactics
improve the security of the major components (i.e., repository, continuous
integration server, main server) of a CDP by controlling access to the
components and establishing secure connections