Devsecops methodology for NG-IoT ecosystem development lifecycle - assist-IoT perspective

Óscar  López; Jordi Blasi; Mikel Uriarte; Ignacio Lacalle; Gonzalo Galiana; Carlos E. Palau; Eduardo Garro; Maria Ganzha; Marcin Paprzycki; Piotr Lewandowski; Katarzyna Wasielewska; Konstantinos Votis; Georgios Stavropoulos; Iordanis Papoutsoglou

doi:10.15625/1813-9663/37/3/16245

Devsecops methodology for NG-IoT ecosystem development lifecycle - assist-IoT perspective

Óscar López, Jordi Blasi, Mikel Uriarte, Ignacio Lacalle, Gonzalo Galiana, Carlos E. Palau, Eduardo Garro, Maria Ganzha, Marcin Paprzycki, Piotr Lewandowski, Katarzyna Wasielewska, Konstantinos Votis, Georgios Stavropoulos, Iordanis Papoutsoglou

Author affiliations

Authors

Óscar López Research and Development Department, S21Sec, Zamudio, Spain
Jordi Blasi Research and Development Department, S21Sec, Zamudio, Spain
Mikel Uriarte Research and Development Department, S21Sec, Zamudio, Spain
Ignacio Lacalle Communications Department, Universitat Politècnica de València, Valencia, Spain
Gonzalo Galiana Communications Department, Universitat Politècnica de València, Valencia, Spain
Carlos E. Palau Communications Department, Universitat Politècnica de València, Valencia, Spain
Eduardo Garro Research and Development Department,Prodevelop, S.L., Valencia, Spain
Maria Ganzha Systems Research Institute Polish Academy of Sciences, Warsaw, Poland
Marcin Paprzycki Research and Development Department, S21Sec, Zamudio, Spain
Piotr Lewandowski Systems Research Institute Polish Academy of Sciences, Warsaw, Poland
Katarzyna Wasielewska Systems Research Institute Polish Academy of Sciences, Warsaw, Poland
Konstantinos Votis Information Technologies Institute, Centre for Research and Technology Hellas, Thessaloniki, Greece
Georgios Stavropoulos Information Technologies Institute, Centre for Research and Technology Hellas, Thessaloniki, Greece
Iordanis Papoutsoglou Information Technologies Institute, Centre for Research and Technology Hellas, Thessaloniki, Greece

DOI:

https://doi.org/10.15625/1813-9663/37/3/16245

Keywords:

Devops, devsecops, IoT, NG-IoT, security controls, software development.

Abstract

Current software projects require continuous integration during their whole lifetime. In this context, different approaches regarding introduction of DevOps and DevSecOps strategies have been proposed in the literature. While DevOps proposes an agile methodology for the development and instantiation of software platforms with minimal impact in any kind of operations environment, this contribution proposes the introduction of DevOps methodology for Next Generation IoT deployments. Moreover, novelty of the proposed approach lies in leveraging DevSecOps in different stages and layers of the architecture. In particular, the present work describes the different DevSecOps methodology tasks, and how the security is included on pre-design activities such as planning, creation or adaptation, the design and implementation, as well as on post-implementation activities such as detection, response. Without proper consideration of security and privacy best practices identified in this article, the continuous delivery of services using DevOps methodologies may create risks and introduce different vulnerabilities for Next Generation IoT deployments.

Metrics

PDF views

274

Twitter

Downloads

Published

28-09-2021

How to Cite

[1]

Óscar López, “Devsecops methodology for NG-IoT ecosystem development lifecycle - assist-IoT perspective”, J. Comput. Sci. Cybern., vol. 37, no. 3, p. 321–337, Sep. 2021.

Download Citation

Issue

Vol. 37 No. 3 (2021)

Section

SPECIAL ISSUE DEDICATED TO THE MEMORY OF PROFESSOR PHAN DINH DIEU - PART A

License

1. We hereby assign copyright of our article (the Work) in all forms of media, whether now known or hereafter developed, to the Journal of Computer Science and Cybernetics. We understand that the Journal of Computer Science and Cybernetics will act on my/our behalf to publish, reproduce, distribute and transmit the Work.
2. This assignment of copyright to the Journal of Computer Science and Cybernetics is done so on the understanding that permission from the Journal of Computer Science and Cybernetics is not required for me/us to reproduce, republish or distribute copies of the Work in whole or in part. We will ensure that all such copies carry a notice of copyright ownership and reference to the original journal publication.
3. We warrant that the Work is our results and has not been published before in its current or a substantially similar form and is not under consideration for another publication, does not contain any unlawful statements and does not infringe any existing copyright.
4. We also warrant that We have obtained the necessary permission from the copyright holder/s to reproduce in the article any materials including tables, diagrams or photographs not owned by me/us.