Titulo Estágio
Security Best Practices and Tools for DevOps
Local do Estágio
SSE-CISUC
Enquadramento
Together with agile methodologies, DevOps practices have come a long way to help organizations shorten their software development lifecycles and move to faster release schedules. However, these practices mainly focus on fulfilling requirements, frequently leading to significant limitations in terms of the security practices implemented. The advocates of DevSecOps push to introduce security practices earlier in the processes and, through concepts such as “security as code”, try to make sure that security and privacy issues are not disregarded and that they are not exacerbated because the organization is too slow to change. However, from these theoretical concepts until the practical application and support of tools, there is still a substantial gap. The tools employed by organizations for agile development lack support for secure development, where security and privacy requirements are neglected in the early development phases. Security and its impact are not considered in the software architecture and design; code does not follow security best practices. It is not sufficiently verified and tested for security, and the secure compilation and execution of the implemented functionalities are disregarded.
This internship is part of the UC contribution for the project POWER.
Objetivo
The main goal is to identify the benefits of implementing DevOps in a Cloud environment, the challenges faced with its implementation and integration, and possible strategies that help mitigate the presented problems. During preparation, it will be analysed what are the best practices to follow in DevOps environments. Addressing several tools that allow for the improvement of these values, and the risks associated with these tools, for example, the use of containers, offers portability but prevents visibility—proposal of a model that allows an improvement in DevOps values, automation, and security. The integration of security practices and concepts during various DevOps phases allows for more secure software and costs saving due to necessary repairs.
Plano de Trabalhos - Semestre 1
T1. [11/09/2021 to 01/10/2021] State of the art analysis of security techniques and tools in DevOps.
T2. [22/10/2021 to 16/11/2021] Build a representative DevOps setup, namely in the context of digital marketing systems.
T3. [16/11/2021 to 16/12/2021] Experiment with the diverse tools and identify gaps to be addressed during the second phase.
T4. [02/12/2021 to 22/01/2021] Write the Dissertation Plan.
Plano de Trabalhos - Semestre 2
T5. [02/02/2022 to 16/04/2022] Define new strategies to add security techniques and tools to DevOps processes.
T6. [21/03/2022 to 01/05/2022] Experimentally demonstrate and validate the defined strategies.
T7. [16/04/2022 to 01/06/2022] Write a scientific publication.
T8. [16/05/2022 to 02/07/2022] Write the thesis.
Condições
The work is to be executed at the laboratories of the CISUC’s Software and Systems Engineering Group. A work place will be provided as well as the required computational resources.
Observações
Sem observações.
Orientador
Nuno Antunes
nmsa@dei.uc.pt 📩