Book

The idea behind this book (CyberSecurity in a DevOps Environment)came during a group meeting in one of the VeriDevOps European project meetings. We came to a realization that while there exist so many research articles that detail activities related to software security analysis, some more in-depth view of a DevOps cycle including security requirements formalization, verification and continuous monitoring was needed to present the current state of the art and practice in the field based on the analysis of the literature up to date.

CyberSecurity in a DevOps Environment

The book aims to provide a comprehensive and systematic overview of the current state of the art and practice in software security analysis, covering topics such as security requirements specification, verification, and continuous monitoring. The book also discusses the challenges and opportunities for future research and practice in this emerging field.

This book consists of three parts, each covering a different aspect of security engineering in the DevOps context. The first part, "Security Requirements", deals with how to specify and analyze security issues in a formal way. The second part, "Prevention at Development Time", offers a practical and industrial perspective on how to design, develop and verify secure applications. The third part, "Protection at Operations", introduces tools for continuous monitoring of security events and incidents.

Part I

Security Requirements Engineering

Security Requirements Engineering is a vital discipline that ensures the development of secure and resilient systems. It involves identifying, analyzing, and specifying security requirements to protect critical assets from potential threats and vulnerabilities.
This part of the book explores the recent state-of-the-art updates in taxonomies, and NLP methods applied to Security Requirements Engineering. We delve into the latest advancements and their practical implications in managing security requirements. Moreover, illustrative examples are provided to demonstrate how the methods can be effectively integrated to streamline the security requirement engineering process.

Part II

Prevention at Development Time

This part focuses on preventing vulnerabilities during the software development process, by providing first a survey of existing methods for vulnerability detection and response, followed by two novel approaches for security test generation and vulnerability identification in the source code, suitable for industrial systems. The three chapters included in this part are briefly summarized in the following.

Part III

Protection at Operations

Protection at operation involves implementing various techniques to enhance security and mitigate risks in real-time environments. Intrusion detection and anomaly detection are crucial components of protection at operations, aimed at identifying unauthorized or abnormal activities that may indicate security threats. These detections mechanisms utilize techniques such as complex event processing, which involves analyzing and correlating events in real-time to identify patterns and detect potential threats. Additionally, the concept of explainability plays a vital role in protection at operation by providing insights into the decision-making process of detection algorithms, helping security professionals understand and interpret the results. The combination of intrusion detection, anomaly detection, complex event processing, and explainability contributes to a comprehensive approach to ensure robust protection in operational environments.

Book webpage

link to the publisher

How to purchase

link to purchase this book

We are grateful to the reviewers who dedicated their time and expertise to evaluate the manuscripts submitted for this book. Their constructive comments and suggestions have helped the authors to enhance the quality and clarity of their chapters: Tanwir Ahmad, Hayretdin Bahsi, Jean-Michel Bruel, Eduard Paul Enoiu, Marcel Kyas, Vinh Hoa La, Ángel Longueira-Romero, Nan Messe, Mikael Ebrahimi Salari, Alessandra Somma, Jüri Vain, Valeria Valdés, and Anis Bouaziz.
This book is largely a result of the VeriDevOps project, which was supported by the Horizon Europe program of the European Commission. We are grateful for the chance to collaborate with our partners for three years and to contribute to the advancement of knowledge in this field. The project was a rewarding and enjoyable experience for us and we hope that the readers will find our research useful and insightful.