Prioritization Based Taxonomy of DevOps Security Challenges Using PROMETHEE

Rafi, Saima; Wu, Yu Mao; Akbar, Muhammad Azeem; Alsanad, Ahmed; Gumaei, Abdu

doi:10.1109/access.2020.2998819

Cited by 26 publications

(12 citation statements)

References 76 publications

(175 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, cyber-attacks with physical significance will be better predicted as well as accordingly mitigated [207]. S. Rafi in [208] proposed that in case the basic differences between physical and cyber aspects are not taken into account, CP solutions are commonly disregarded, and the emphasis becomes cyber-only solutions. This urges the requisite for taking into account both physical-along with cyber-aspects.…”

Section: A Common Cps Security Challengesmentioning

confidence: 99%

CPS Attacks Mitigation Approaches on Power Electronic Systems With Security Challenges for Smart Grid Applications: A Review

et al. 2021

View full text Add to dashboard Cite

This paper presents an inclusive review of the cyber-physical (CP) attacks, vulnerabilities, mitigation approaches on the power electronics and the security challenges for the smart grid applications. With the rapid evolution of the physical systems in the power electronics applications for interfacing renewable energy sources that incorporate with cyber frameworks, the cyber threats have a critical impact on the smart grid performance. Due to the existence of electronic devices in the smart grid applications, which are interconnected through communication networks, these networks may be subjected to severe cyber-attacks by hackers. If this occurs, the digital controllers can be physically isolated from the control loop. Therefore, the cyber-physical systems (CPSs) in the power electronic systems employed in the smart grid need special treatment and security. In this paper, an overview of the power electronics systems security on the networked smart grid from the CP perception, as well as then emphases on prominent CP attack patterns with substantial influence on the power electronics components operation along with analogous defense solutions. Furthermore, appraisal of the CPS threats attacks mitigation approaches, and encounters along the smart grid applications are discussed. Finally, the paper concludes with upcoming trends and challenges in CP security in the smart grid applications.

show abstract

Section: A Common Cps Security Challengesmentioning

confidence: 99%

CPS Attacks Mitigation Approaches on Power Electronic Systems With Security Challenges for Smart Grid Applications: A Review

et al. 2021

View full text Add to dashboard Cite

show abstract

“…DevOps is the process of continuously improving software products through rapid release cycles, global automation of integration and delivery pipelines, and close collaboration between teams [81]. Securing DevOps helps organizations operate securely and protect the data their customers entrust them with.…”

Section: Devsecopsmentioning

confidence: 99%

Monitoring Real Time Security Attacks for IoT Systems Using DevSecOps: A Systematic Literature Review

et al. 2021

View full text Add to dashboard Cite

In many enterprises and the private sector, the Internet of Things (IoT) has spread globally. The growing number of different devices connected to the IoT and their various protocols have contributed to the increasing number of attacks, such as denial-of-service (DoS) and remote-to-local (R2L) ones. There are several approaches and techniques that can be used to construct attack detection models, such as machine learning, data mining, and statistical analysis. Nowadays, this technique is commonly used because it can provide precise analysis and results. Therefore, we decided to study the previous literature on the detection of IoT attacks and machine learning in order to understand the process of creating detection models. We also evaluated various datasets used for the models, IoT attack types, independent variables used for the models, evaluation metrics for assessment of models, and monitoring infrastructure using DevSecOps pipelines. We found 49 primary studies, and the detection models were developed using seven different types of machine learning techniques. Most primary studies used IoT device testbed datasets, and others used public datasets such as NSL-KDD and UNSW-NB15. When it comes to measuring the efficiency of models, both numerical and graphical measures are commonly used. Most IoT attacks occur at the network layer according to the literature. If the detection models applied DevSecOps pipelines in development processes for IoT devices, they were more secure. From the results of this paper, we found that machine learning techniques can detect IoT attacks, but there are a few issues in the design of detection models. We also recommend the continued use of hybrid frameworks for the improved detection of IoT attacks, advanced monitoring infrastructure configurations using methods based on software pipelines, and the use of machine learning techniques for advanced supervision and monitoring.

show abstract

“…Rafi et al [27] report a study that extracted the security challenges in DevOps from the literature and evaluated them using a survey. One of their conclusions is that the lack of automated testing tools is the most critical challenge to secure DevOps implementations.…”

Section: Related Work 21 Security In Devopsmentioning

confidence: 99%

“…However, with the gains in speed, practitioners are reportedly facing several challenges in delivering secure software in the De-vOps paradigm [27,28]. In the traditional software development paradigms, security practices such as Static Application Security Testing (SAST) [39], Dynamic Application Security Testing (DAST) [25] are carried out at a later stage of the cycle.…”

Section: Introductionmentioning

confidence: 99%

An Empirical Analysis of Practitioners' Perspectives on Security Tool Integration into DevOps

Rajapakse

Zahedi

Babar

2021

Proceedings of the 15th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)

View full text Add to dashboard Cite

Background: Security tools play a vital role in enabling developers to build secure software. However, it can be quite challenging to introduce and fully leverage security tools without affecting the speed or frequency of deployments in the DevOps paradigm. Aims: We aim to empirically investigate the key challenges practitioners face when integrating security tools into a DevOps workflow in order to provide recommendations to overcome them. Method:We conducted a study involving 31 systematically selected webinars on integrating security tools in DevOps. We used a qualitative data analysis method, i.e., thematic analysis, to identify the challenges and emerging solutions related to integrating security tools in rapid deployment environments. Results: We find that while traditional security tools are unable to cater for the needs of De-vOps, the industry is moving towards new generations of tools that have started focusing on these requirements. We have developed a DevOps workflow that integrates security tools and a set of guidelines by synthesizing practitioners' recommendations in the analyzed webinars. Conclusion: While the latest security tools are addressing some of the requirements of DevOps, there are many tool-related drawbacks yet to be adequately addressed. CCS CONCEPTS• Security and privacy → Software and application security.

show abstract

Prioritization Based Taxonomy of DevOps Security Challenges Using PROMETHEE

Cited by 26 publications

References 76 publications

CPS Attacks Mitigation Approaches on Power Electronic Systems With Security Challenges for Smart Grid Applications: A Review

CPS Attacks Mitigation Approaches on Power Electronic Systems With Security Challenges for Smart Grid Applications: A Review

Monitoring Real Time Security Attacks for IoT Systems Using DevSecOps: A Systematic Literature Review

An Empirical Analysis of Practitioners' Perspectives on Security Tool Integration into DevOps

Contact Info

Product

Resources

About