VeriDevOps - Automated Protection and Prevention to Meet Security Requirements in DevOps Environments
Status:
Start date:
End date:
VeriDevOps is about fast, flexible system engineering that efficiently integrates development, delivery, and operations, thus aiming at quality deliveries with short cycle time to address ever evolving challenges. Current system development practices are increasingly based on using both off-the-shelf and legacy components which make such systems prone to security vulnerabilities. Since DevOps is promoting frequent software deliveries, verification methods artifacts should be updated in a timely fashion to cope with the pace of the process. VeriDevOps aims at providing faster feedback loop for verifying the security requirements i.e. confidentiality, integrity, availability, authentication, authorization and other quality attributes of large scale cyber-physical systems. VeriDevOps is focusing on optimizing the security verification activities, by automatically creating verifiable models directly from security requirements, and using these models to check security properties on design models and generate artefacts (such as tests or monitors) that can be used (later on) in the DevOps process. More concretely, we will develop methods and tools for: 1) creating security models from textual specifications using natural language processing, 2) automatic security test creation from security models using model-based testing and model-based mutation testing techniques and 3) generating (intelligent/adaptive, ML-based) security monitors for the operational phases. This brings together early security verification through formal modelling as well as test generation, selection, execution and analysis capabilities to enable companies to deliver quality systems with confidence in a fast-paced DevOps environment. Overall, VeriDevOps is using the results of formal verification of security requirements and design models created during the analysis and design phase for test and monitor generation to be used to enhance the feedback mechanisms during development and operation phases.
Automating Test Generation of Industrial Control Software through a PLC-to-Python Translation Framework and Pynguin (Feb 2024) Mikael Ebrahimi Salari, Eduard Paul Enoiu, Cristina Seceleanu, Wasif Afzal 30th Asia-Pacific Software Engineering Conference (APSEC2023)
Understanding Problem Solving in Software Testing: An Exploration of Tester Routines and Behavior (Sep 2023) Eduard Paul Enoiu, Gregory Gay , Jameel Esber , Robert Feldt IFIP-ICTSS 35th International Conference on Testing Software and Systems (ICTSS 2023)
VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices (Jul 2023) Eduard Paul Enoiu, Dragos Truscan , Andrey Sadovykh , Wissam Mallouli The 18th International Conference on Availability, Reliability and Security (ARES 2023) (ARES 2023)
An Experiment in Requirements Engineering and Testing using EARS Notation for PLC Systems (May 2023) Mikael Ebrahimi Salari, Eduard Paul Enoiu, Wasif Afzal, Cristina Seceleanu 19th Workshop on Advances in Model Based Testing (A-MOST 2023)
PyLC: A Framework for Transforming and Validating PLC Software using Python and Pynguin Test Generator (Apr 2023) Mikael Ebrahimi Salari, Eduard Paul Enoiu, Wasif Afzal, Cristina Seceleanu SAC2023, The 38th ACM/SIGAPP Symposium On Applied Computing (SAC 2023)
Big Data Testing Techniques: Taxonomy, Challenges, and Future Trends (Jan 2023) Iram Arshad, Saeed Hamood Alsamhi, Wasif Afzal Computers, Materials & Continua (CMC)
| Partner | Type |
|---|---|
| Åbo Akademi University | Academic |
| IKERLAN S. Coop. | Academic |
| ABB AB | Industrial |
| FAGOR ARRASATE S COOP | Industrial |
| MONTIMAGE EURL | Industrial |
| SOFTEAM | Industrial |
