Securing Microservice CICD Pipelines in Cloud Deployments through Infrastructure as Code Implementation Approach and Best Practices
Downloads
Keywords:
Microservices, IAC, AWS, Microservices Security, SAST, Micro-servicesAbstract
With the exponential growth of microservices architecture and the ubiquitous adoption of continuous integration/continuous deployment (CI/CD) practices in cloud environments, ensuring the robust security of the entire pipeline becomes increasingly critical. Infrastructure as Code (IaC) emerges as a pivotal approach to automate and manage infrastructure deployments, presenting an unparalleled opportunity to seamlessly integrate security measures throughout the development lifecycle. This paper offers a comprehensive analysis of the intricate security challenges inherent in microservice CI/CD pipelines and proposes a meticulously crafted implementation approach leveraging the power of IaC to fortify the security posture. By meticulously examining a myriad of security considerations and distilling best practices, this research endeavors to furnish practical insights into safeguarding microservice deployments in the dynamic landscape of cloud environments, where agility and security converge at the forefront of modern software engineering practices.
Downloads
References
Elkholy, M. .; A. Marzok, M. . Trusted Microservices: A Security Framework for Users’ Interaction With Microservices Applications. JISCR 2022, 5, 135-143.
Yasir Javed, Qasim Ali Arian, Mamdouh Alenezi, SecurityGuard: An Automated Secure Coding Framework, Intelligent Technologies and Applications, 10.1007/978-3-030-71711-7_25, (303-310), (2021).
Pereira-Vale, A., Fernandez, E. B., Monge, R., Astudillo, H., & Márquez, G. (2021). Security in microservice-based systems: A multivocal literature review. Computers & Security, 103, 102200.
V. Singh, A. Singh, A. Aggarwal and S. Aggarwal, "Advantages of using Containerization Approach for Advanced Version Control System," 2022 Fourth International Conference on Emerging Research in Electronics, Computer Science and Technology (ICERECT), Mandya, India, 2022, pp. 1-4, doi: 10.1109/ICERECT56837.2022.10059738.
A. Singh, V. Singh, A. Aggarwal and S. Aggarwal, "Improving Business deliveries using Continuous Integration and Continuous Delivery using Jenkins and an Advanced Version control system for Microservices-based system," 2022 5th International Conference on Multimedia, Signal Processing and Communication Technologies (IMPACT), Aligarh, India, 2022, pp. 1-4, doi: 10.1109/IMPACT55510.2022.10029149.
Schneider, S., Ferreyra, N. E. D., Quéval, P. J., Simhandl, G., Zdun, U., & Scandariato, R. (2024). How Dataflow Diagrams Impact Software Security Analysis: an Empirical Experiment. arXiv preprint arXiv:2401.04446.
A. Singh, V. Singh, A. Aggarwal and S. Aggarwal, "Event Driven Architecture for Message Streaming data driven Microservices systems residing in distributed version control system," 2022 International Conference on Innovations in Science and Technology for Sustainable Development (ICISTSD), Kollam, India, 2022, pp. 308-312, doi: 10.1109/ICISTSD55159.2022.10010390.
T. Yarygina and A. H. Bagge, "Overcoming Security Challenges in Microservice Architectures," 2018 IEEE Symposium on Service-Oriented System Engineering (SOSE), Bamberg, Germany, 2018, pp. 11-20, doi: 10.1109/SOSE.2018.00011.
A. Singh, V. Singh, A. Aggarwal and S. Aggarwal, “Advance Microservices based approach for Distributed version control processing using the sensor-generated data by IoT devices,” Fourth International Conference on Emerging Research in Electronics, Computer Science and Technology (ICERECT- 2022), P. E. S. College of Engineering, Mandya, December 26-27, 2022.
https://www.riverpublishers.com/research_details.php?book_id=1004
V. Singh, A. Singh, A. et al., “Identification of the deployment defects in Micro-service hosted in advanced VCS and deployed on containerized cloud environment,” Int. Conference on Intelligence Systems ICIS-2022, Article No. 28, Uttaranchal University, Dehradun. (https://www.riverpublishers.com/research_details.php?book_id=1004)
V. Singh, A. Singh, A. Aggarwal and S. Aggarwal, "DevOps based migration aspects from Legacy Version Control System to Advanced Distributed VCS for deploying Micro-services," 2021 IEEE International Conference on Computation System and Information Technology for Sustainable Solutions (CSITSS), Bangalore, India, 2021, pp. 1-5, doi: 10.1109/CSITSS54238.2021.9683718.
Kadiyala, S. P., Li, X., Lee, W., & Catlin, A. (2022, September). Securing Microservices Against Password Guess Attacks using Hardware Performance Counters. In 2022 IEEE 35th International System-on-Chip Conference (SOCC) (pp. 1-6). IEEE.
V. Singh, A. Singh, A. Aggarwal and S. Aggarwal, "A digital Transformation Approach for Event Driven Micro-services Architecture residing within Advanced vcs," 2021 International Conference on Disruptive Technologies for Multi-Disciplinary Research and Applications (CENTCON), Bengaluru, India, 2021, pp. 100-105, doi: 10.1109/CENTCON52345.2021.9687973.
Pontarolli, R. P., Bigheti, J. A., de Sá, L. B. R., & Godoy, E. P. (2021, August). Towards Security Mechanisms for an Industrial Microservice-Oriented Architecture. In 2021 14th IEEE International Conference on Industry Applications (INDUSCON) (pp. 679-685). IEEE.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
License Terms
Ownership and Licensing:
Authors of this research paper submitted to the journal owned and operated by The Science Brigade Group retain the copyright of their work while granting the journal certain rights. Authors maintain ownership of the copyright and have granted the journal a right of first publication. Simultaneously, authors agreed to license their research papers under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License.
License Permissions:
Under the CC BY-NC-SA 4.0 License, others are permitted to share and adapt the work, as long as proper attribution is given to the authors and acknowledgement is made of the initial publication in the Journal. This license allows for the broad dissemination and utilization of research papers.
Additional Distribution Arrangements:
Authors are free to enter into separate contractual arrangements for the non-exclusive distribution of the journal's published version of the work. This may include posting the work to institutional repositories, publishing it in journals or books, or other forms of dissemination. In such cases, authors are requested to acknowledge the initial publication of the work in this Journal.
Online Posting:
Authors are encouraged to share their work online, including in institutional repositories, disciplinary repositories, or on their personal websites. This permission applies both prior to and during the submission process to the Journal. Online sharing enhances the visibility and accessibility of the research papers.
Responsibility and Liability:
Authors are responsible for ensuring that their research papers do not infringe upon the copyright, privacy, or other rights of any third party. The Science Brigade Publishers disclaim any liability or responsibility for any copyright infringement or violation of third-party rights in the research papers.
Plaudit
License Terms
Ownership and Licensing:
Authors of this research paper submitted to the Journal of Science & Technology retain the copyright of their work while granting the journal certain rights. Authors maintain ownership of the copyright and have granted the journal a right of first publication. Simultaneously, authors agreed to license their research papers under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License.
License Permissions:
Under the CC BY-NC-SA 4.0 License, others are permitted to share and adapt the work, as long as proper attribution is given to the authors and acknowledgement is made of the initial publication in the Journal of Science & Technology. This license allows for the broad dissemination and utilization of research papers.
Additional Distribution Arrangements:
Authors are free to enter into separate contractual arrangements for the non-exclusive distribution of the journal's published version of the work. This may include posting the work to institutional repositories, publishing it in journals or books, or other forms of dissemination. In such cases, authors are requested to acknowledge the initial publication of the work in the Journal of Science & Technology.
Online Posting:
Authors are encouraged to share their work online, including in institutional repositories, disciplinary repositories, or on their personal websites. This permission applies both prior to and during the submission process to the Journal of Science & Technology. Online sharing enhances the visibility and accessibility of the research papers.
Responsibility and Liability:
Authors are responsible for ensuring that their research papers do not infringe upon the copyright, privacy, or other rights of any third party. The Journal of Science & Technology and The Science Brigade Publishers disclaim any liability or responsibility for any copyright infringement or violation of third-party rights in the research papers.