Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Development and Evaluation of an Artefact Model to Support Security Compliance for DevSecOps
Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
2021 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Background. DevOps represents a set of principles and practices of the software development (Dev) and information technology operations (Ops) of the product lifecycle requirements. DevOps has become a buzzword in organizations because it is an agile software development offspring. Now-a-days, there is a shift in organizations from DevOps to DevSecOps, which is bringing in a higher level of security built into software delivery pipelines. DevSecOps ensures security is a core component in the workflow to implement secure development and operations processes of automating every aspect. Security inevitably includes issues like compliance in terms of security standards that are concerning with looming cybersecurity threats. There is little known about different concepts of assessing security compliance in terms of security standards in DevOps pipelines. Understanding the artefacts and their dependencies requirements in the software workflow are fundamental to demonstrate compliance. The thesis study proposes to ensure the IEC 62443-4-1 standard for secure product development in industrial systems is incorporated into the artefact model to capture the information related to security compliance. Objectives. The thesis aims to investigate the artefacts and identify its dependencies to develop and design an artefact model for DevSecOps. This artefact model has the possibility to measure security compliance with the IEC 62443-4-1 standard to ensure traceability in DevOps pipeline and evaluate the usability of it. Methods. In this qualitative research, we have conducted a literature review with snowballing to gather information on artefacts that undergo synthesis to develop and design the artefact model. We have conducted interviews with practitioners to collect the data on the usability of the artefact model. Results. The literature review with snowballing is done to identify ten papers in the final data set. We have identified 100 artefacts from the papers. The artefacts are categorized and matched according to practices and activities descriptions. The synthesis of the literature review artefacts provides the basis for designing the artefact model and its dependencies for DevSecOps workflow. The interview results are thematically coded and we have obtained a list of benefits, challenges, and security compliance barriers with DevOps pipelines. This process evaluates the practitioners’ understanding of the designed artefact model usability in the industry to assess the standard’s security compliance. Conclusions. The research study identifies the artefacts that help with developing the artefact model. It provides the practitioners’ understanding of the usability of the artefact model in the industry to meet the secure software development product life-cycle requirements according to the IEC 62443-4-1 standard. The results demonstrated the evidence of assessing the security compliance for DevSecOps workflow in DevOps pipeline.

Place, publisher, year, edition, pages
2021. , p. 104
Keywords [en]
DevOps, DevSecOps, Security Compliance, Standard, Artefacts
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-21106OAI: oai:DiVA.org:bth-21106DiVA, id: diva2:1531206
Subject / course
PA2534 Master's Thesis (120 credits) in Software Engineering
Educational program
PAADA Master Qualification Plan in Software Engineering 120,0 hp
Supervisors
Examiners
Available from: 2021-02-25 Created: 2021-02-25 Last updated: 2021-02-25Bibliographically approved

Open Access in DiVA

fulltext(6967 kB)1292 downloads
File information
File name FULLTEXT02.pdfFile size 6967 kBChecksum SHA-512
3481ba835b89f45cd191a9daeda6f1e66d1921f27d29a89c3778cc8da0b64d080d96642e452b30be9d99651ebcf2aa28fc16189d02f70682c39956c98871a3a8
Type fulltextMimetype application/pdf

By organisation
Department of Software Engineering
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 1293 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 1682 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf