Securing a deployment pipeline

Len Bass; Ralph Holz; Paul Rimba; An Binh Tran; Liming Zhu

doi:10.1109/RELENG.2015.11

Securing a deployment pipeline

Len Bass, Ralph Holz, Paul Rimba, An Binh Tran, Liming Zhu

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

27 Citations (Scopus)

127 Downloads (Pure)

Abstract

At the RELENG 2014 Q&A, the question was asked, “What is your greatest concern?” and the response was “someone subverting our deployment pipeline”. That is the motivation for this paper. We explore what it means to subvert a pipeline and provide several different scenarios of subversion. We then focus on the issue of securing a pipeline. As a result, we provide an engineering process that is based on having trusted components mediate access to sensitive portions of the pipeline from other components, which can remain untrusted. Applying our process to a pipeline we constructed involving Chef, Jenkins, Docker, Github, and AWS, we find that some aspects of our process result in easy to make changes to the pipeline, whereas others are more difficult. Consequently, we have developed a design that hardens the pipeline, although it does not yet completely secure it.

Original language	English
Title of host publication	2015 IEEE/ACM 3rd International Workshop on Release Engineering
Place of Publication	Piscataway, NJ
Publisher	IEEE
Number of pages	5
ISBN (Electronic)	978-1-4673-7070-7
DOIs	https://doi.org/10.1109/RELENG.2015.11
Publication status	Published - 2015
Externally published	Yes
Event	2015 IEEE/ACM 3rd International Workshop on Release Engineering - Florence, Italy Duration: 30 Jul 2015 → 30 Jul 2015 Conference number: 3

Workshop

Workshop	2015 IEEE/ACM 3rd International Workshop on Release Engineering
Country/Territory	Italy
City	Florence
Period	30/07/15 → 30/07/15

Keywords

Supply chain
Continuous deployment
DevOps

Access to Document

10.1109/RELENG.2015.11

Bass2015securingAccepted author version, 265 KB

Cite this

@inproceedings{b289ff9fdaf4450f82e5b7b9c693abaa,

title = "Securing a deployment pipeline",

abstract = "At the RELENG 2014 Q&A, the question was asked, “What is your greatest concern?” and the response was “someone subverting our deployment pipeline”. That is the motivation for this paper. We explore what it means to subvert a pipeline and provide several different scenarios of subversion. We then focus on the issue of securing a pipeline. As a result, we provide an engineering process that is based on having trusted components mediate access to sensitive portions of the pipeline from other components, which can remain untrusted. Applying our process to a pipeline we constructed involving Chef, Jenkins, Docker, Github, and AWS, we find that some aspects of our process result in easy to make changes to the pipeline, whereas others are more difficult. Consequently, we have developed a design that hardens the pipeline, although it does not yet completely secure it.",

keywords = "Supply chain, Continuous deployment, DevOps",

author = "Len Bass and Ralph Holz and Paul Rimba and Tran, {An Binh} and Liming Zhu",

year = "2015",

doi = "10.1109/RELENG.2015.11",

language = "English",

booktitle = "2015 IEEE/ACM 3rd International Workshop on Release Engineering",

publisher = "IEEE",

note = "2015 IEEE/ACM 3rd International Workshop on Release Engineering ; Conference date: 30-07-2015 Through 30-07-2015",

}

TY - GEN

T1 - Securing a deployment pipeline

AU - Bass, Len

AU - Holz, Ralph

AU - Rimba, Paul

AU - Tran, An Binh

AU - Zhu, Liming

N1 - Conference code: 3

PY - 2015

Y1 - 2015

N2 - At the RELENG 2014 Q&A, the question was asked, “What is your greatest concern?” and the response was “someone subverting our deployment pipeline”. That is the motivation for this paper. We explore what it means to subvert a pipeline and provide several different scenarios of subversion. We then focus on the issue of securing a pipeline. As a result, we provide an engineering process that is based on having trusted components mediate access to sensitive portions of the pipeline from other components, which can remain untrusted. Applying our process to a pipeline we constructed involving Chef, Jenkins, Docker, Github, and AWS, we find that some aspects of our process result in easy to make changes to the pipeline, whereas others are more difficult. Consequently, we have developed a design that hardens the pipeline, although it does not yet completely secure it.

AB - At the RELENG 2014 Q&A, the question was asked, “What is your greatest concern?” and the response was “someone subverting our deployment pipeline”. That is the motivation for this paper. We explore what it means to subvert a pipeline and provide several different scenarios of subversion. We then focus on the issue of securing a pipeline. As a result, we provide an engineering process that is based on having trusted components mediate access to sensitive portions of the pipeline from other components, which can remain untrusted. Applying our process to a pipeline we constructed involving Chef, Jenkins, Docker, Github, and AWS, we find that some aspects of our process result in easy to make changes to the pipeline, whereas others are more difficult. Consequently, we have developed a design that hardens the pipeline, although it does not yet completely secure it.

KW - Supply chain

KW - Continuous deployment

KW - DevOps

U2 - 10.1109/RELENG.2015.11

DO - 10.1109/RELENG.2015.11

M3 - Conference contribution

BT - 2015 IEEE/ACM 3rd International Workshop on Release Engineering

PB - IEEE

CY - Piscataway, NJ

T2 - 2015 IEEE/ACM 3rd International Workshop on Release Engineering

Y2 - 30 July 2015 through 30 July 2015

ER -

Securing a deployment pipeline

Abstract

Workshop

Keywords

Access to Document

Fingerprint

Cite this