Downloads provided by UsageCountsAssessing Architecture Conformance to Security-Related Practices in Infrastructure as Code Based Deployments
EC| AssureMOSS ,
FWF| Infrastructure-as-code Architecture Decision Compliance
Ntentos, Evangelos; Zdun, Uwe; Falazi, Ghareeb; Breitenbücher, Uwe; Leymann, Frank;
Assessing Architecture Conformance to Security-Related Practices in Infrastructure as Code Based Deployments
Infrastructure as Code (IaC) enables developers and operations teams to automatically deploy and manage an IT infrastructure via software. Among other uses, IaC is widely used in the context of continuously released deployments such as those of microservice and other cloud-based systems. Although IaC-based deployments have been utilized by many companies, there are no approaches on checking their conformance to architectural aspects yet. In this paper, we focus on security-related practices including observability, access control, and traffic control in IaC-based deployments. While best practices for this topic have been documented in some gray literature sources such as practitioners' blogs and public repositories, approaches enabling automated checking of conformance to such best practices do not yet exist. We propose a model-based approach based on generic, technology-independent metrics, tied to typical architectural design decisions on IaC-based deployments. With this approach, we can measure conformance to security-related practices. We demonstrate and assess the validity and appropriateness of these metrics in assessing a system's conformance to practices through regression analysis.
Austria
- MEDIZINISCHE UNIVERSITAT GRAZ Austria
- University of Stuttgart Germany
- Universität Wien Austria
- University of Vienna Austria
- Universität Wien Austria
metrics, software architecture, 102022 Softwareentwicklung, Infrastructure as code, best practices, modeling, 102022 Software development
metrics, software architecture, 102022 Softwareentwicklung, Infrastructure as code, best practices, modeling, 102022 Software development
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).3 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Top 10% influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Average impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Average views 7 downloads 21 - 7views21downloads
selected citations
Citations provided by BIP!
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
Citations provided by BIP!popularityPopularity provided by BIP!
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
Popularity provided by BIP!influenceInfluence provided by BIP!
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
Influence provided by BIP!impulseImpulse provided by BIP!
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
Impulse provided by BIP!viewsViews provided by UsageCounts
Views provided by UsageCountsdownloadsDownloads provided by UsageCounts
Downloads provided by UsageCounts 3
Top 10%
Average
Average
7
21
Green