Assessing Architecture Conformance to Security-Related Practices in Infrastructure as Code Based Deployments
Infrastructure as Code (IaC) enables developers and operations teams to automatically deploy and manage an IT infrastructure via software. Among other uses, IaC is widely used in the context of continuously released deployments such as those of microservice and other cloud-based systems. Although IaC-based deployments have been utilized by many companies, there are no approaches on checking their conformance to architectural aspects yet. In this paper, we focus on security-related practices including observability, access control, and traffic control in IaC-based deployments. While best practices for this topic have been documented in some gray literature sources such as practitioners' blogs and public repositories, approaches enabling automated checking of conformance to such best practices do not yet exist. We propose a model-based approach based on generic, technology-independent metrics, tied to typical architectural design decisions on IaC-based deployments. With this approach, we can measure conformance to security-related practices. We demonstrate and assess the validity and appropriateness of these metrics in assessing a system's conformance to practices through regression analysis.
Top- Ntentos, Evangelos
- Zdun, Uwe
- Falazi, Ghareeb
- Breitenbücher, Uwe
- Leymann, Frank
Category |
Paper in Conference Proceedings or in Workshop Proceedings (Paper) |
Event Title |
IEEE International Conference on Services Computing (SCC 2022) |
Divisions |
Software Architecture |
Subjects |
Software Engineering |
Event Location |
Barcelona, Spain |
Event Type |
Conference |
Event Dates |
11-16 July 2022 |
Series Name |
2022 IEEE International Conference on Services Computing (IEEE SCC 2022) |
ISSN/ISBN |
978-1-6654-8146-5 |
Page Range |
pp. 123-133 |
Date |
July 2022 |
Export |