CNR Institutional Research Information System

Security risk assessment is often a heavy manual process, making it expensive to perform. DevOps, that aims at improving software quality and speed of delivery, as well as DevSecOps that augmentsDevOps with the automation of security activities, provide tools and procedures to automate the risk assessment. We propose a solution to integrate risk assessment with the DevSecOps activities and processesin order to make the risk assessment more continuous and automated. The solution is illustrated on a use case where a rewall is updated on robot vehicles while risk assessment is done in an iterative manner. This approach aims at making assessment (and certication such as EUCC) processes easier.

Product Incremental Security Risk Assessment using DevSecOps Practices

S Dupont;A Yautsiukhin^{Co-primo

Writing – Original Draft Preparation};G Ginis;G Iadarola^{Co-ultimo

Software};S Fagnano;F Martinelli^{Co-ultimo

Supervision};C Ponsard;A Legay;P Massonet

2022

Abstract

Security risk assessment is often a heavy manual process, making it expensive to perform. DevOps, that aims at improving software quality and speed of delivery, as well as DevSecOps that augmentsDevOps with the automation of security activities, provide tools and procedures to automate the risk assessment. We propose a solution to integrate risk assessment with the DevSecOps activities and processesin order to make the risk assessment more continuous and automated. The solution is illustrated on a use case where a rewall is updated on robot vehicles while risk assessment is done in an iterative manner. This approach aims at making assessment (and certication such as EUCC) processes easier.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno
	
				2022
			
	Strutture organizzative
	
				Istituto di informatica e telematica - IIT
			
	Lingua/e
	
				Inglese
			
	Titolo del Volume
	
				Lecture Notes in Computer Science
			
	Titolo del convegno
	
				1st International Workshop on System Security Assurance (SecAssure 2022)
			
	Volume
	
				13785
			
	Da pagina
	
				666
			
	A pagina
	
				685
			
	Numero di pagine
	
				20
			
	Codice ISBN
	
				9783031254598
			
	Codice DOI
	
				https://dx.doi.org/10.1007/978-3-031-25460-4_38
			
	Referee
	
				Sì, ma tipo non specificato
			
	Periodo del Convegno
	
				26-30/09/2022
			
	Luogo del Convegno
	
				Copenhagen, Danimarca
			
	Parole chiave
	
				risk assessment
DevOps
DevSecOps
certification
incremental security
cybersecurity
STRIDE
EUCC
			
	Codice Scopus
	
				2-s2.0-85151050827
			
	Numero autori
	
				9
			
	Fulltext
	
				restricted
			
	Tutti gli autori
	
						Dupont, S; Yautsiukhin, A; Ginis, G; Iadarola, G; Fagnano, S; Martinelli, F; Ponsard, C; Legay, A; Massonet, P
					
	Tipologia Login Miur
	
				273
			
	Tipologia
	
				info:eu-repo/semantics/conferenceObject
			
	Tipologia
	
				04 Contributo in convegno::04.01 Contributo in Atti di convegno
			
	Identificativo progetto
	
	Titolo Progetto
	
									Strategic programs for advanced research and technology in Europe
								
	Acronimo
	
									SPARTA
								
	Finanziamento
	
									H2020
								
	N. Contratto
	
									830892
								
	Appare nelle tipologie:
	
				04.01 Contributo in Atti di convegno

File in questo prodotto:

File	Dimensione	Formato
prod_474286-doc_193424.pdf solo utenti autorizzati Descrizione: Product Incremental Security Risk Assessment using DevSecOps Practices Tipologia: Documento in Pre-print Licenza: Creative commons Dimensione 702.71 kB Formato Adobe PDF Visualizza/Apri Richiedi una copia	702.71 kB	Adobe PDF	Visualizza/Apri Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/444147

Citazioni

ND

6

ND

social impact