VeriDevOps: Automated Protection and Prevention to Meet Security Requirements in DevOps Environments
VeriDevOps will start October 1st as a three-year-long project, which is financed by the European Union’s funding programme Horizon 2020 through a grant of 3.96 million euro. The EU-funded VeriDevOps project plans to develop methods and tools that provide a faster feedback loop for verifying the security requirements – confidentiality, integrity, availability, authentication, and authorization – in large-scale cyber-physical systems.
VeriDevOps is about fast, flexible system engineering that efficiently integrates development, delivery, and operations, thus aiming at quality deliveries with short cycle time to address ever-evolving challenges. Current system development practices are increasingly based on using both off-the-shelf and legacy components which make such systems prone to security vulnerabilities. Since DevOps is promoting frequent software deliveries, verification methods artefacts should be updated in a timely fashion to cope with the pace of the process.
The European project is managed by partners in four countries. Run by Mälardalens Högskola in Sweden and led too by project partners like Åbo Akademi University in Finland, ABB AB, Ikerlan S. Coop. and Fagor Arrasate S. Coop. in Spain and finally, Montimage EURL, and Softeam in France.
DevOps helps increase an organisation’s ability to deliver secure applications and services at high velocity. It aims to shorten the systems development life cycle and provide continuous delivery of high-quality software. Current systems development practices are increasingly based on off-the-shelf and legacy components, which make such systems prone to security vulnerabilities. Since DevOps is promoting frequent software deliveries, verification artefacts should be updated in a timely fashion to cope with the pace of the process.
VeriDevOps aims at providing a faster feedback loop for verifying the security requirements
VeriDevOps aims at providing a faster feedback loop for verifying the security requirements i.e. confidentiality, integrity, availability, authentication, authorization and other quality attributes of large scale cyber-physical systems. VeriDevOps is focusing on optimizing the security verification activities, by automatically creating verifiable models directly from security requirements, and using these models to check security properties on design models and generate artefacts (such as tests or monitors) that can be used (later on) in the DevOps process.
VeriDevOps will develop methods and tools for
1) creating security models from textual specifications using natural language processing,
2) automatic security test creation from security models using model-based testing and model-based mutation testing techniques and
3) generating (intelligent/adaptive, ML-based) security monitors for the operational phases.
This brings together early security verification through formal modelling as well as test generation, selection, execution and analysis capabilities to enable companies to deliver quality systems with confidence in a fast-paced DevOps environment.
Overall, VeriDevOps is using the results of formal verification of security requirements and design models created during the analysis and design phase for test and monitor generation to be used to enhance the feedback mechanisms during development and operation phases.