SecDocker: Hardening the Continuous Integration Workflow
- Fernández González, David
- Rodríguez Lera, Francisco Javier
- Esteban, Gonzalo
- Fernández Llamas, Camino
-
1
Universidad de León
info
ISSN: 2662-995X, 2661-8907
Año de publicación: 2021
Volumen: 3
Número: 1
Tipo: Artículo
Otras publicaciones en: SN Computer Science
Información de financiación
Financiadores
- Universidad de León-Instituto Nacional de Ciberseguridad
- Universidad de León
Referencias bibliográficas
- Bass L, Holz R, Rimba P, Tran AB, Zhu L. Securing a deployment pipeline. In: 2015 IEEE/ACM 3rd International workshop on release engineering; 2015, pp. 4–7 https://doi.org/10.1109/RELENG.2015.11.
- Berkovich S, Kam J, Wurster G. UBCIS: Ultimate benchmark for container image scanning. In: 13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20). USENIX Association (2020). https://www.usenix.org/conference/cset20/presentation/berkovich. Available online March, 2021.
- Bernstein D. Containers and cloud: from LXC to docker to kubernetes. IEEE Cloud Comput. 2014;1(3):81–4. https://doi.org/10.1109/MCC.2014.51.
- Boettiger C. An introduction to docker for reproducible research. ACM SIGOPS Oper Syst Rev. 2015;49(1):71–9. https://doi.org/10.1145/2723872.2723882.
- Bou Ghantous G, Gill A. Devops: concepts, practices, tools, benefits and challenges. In: Proceedings of the 21st Pacific-Asia conference on information systems (PACIS2017). AIS Electronic Library (AISeL) 2017
- Chelladhurai J, Chelliah PR, Kumar SA. Securing Docker containers from Denial of Service (DoS) attacks. In: 2016 IEEE International Conference on Services Computing (SCC), pp. 856–859. IEEE 2016. https://doi.org/10.1109/SCC.2016.123.
- Combe T, Martin A, Di Pietro R. To docker or not to docker: a security perspective. IEEE Cloud Comput. 2016;3(5):54–62. https://doi.org/10.1109/MCC.2016.100.
- Fitzgerald B, Stol KJ. Continuous software engineering: a roadmap and agenda. J Syst Softw. 2017;123:176–89. https://doi.org/10.1016/j.jss.2015.06.063.
- Goyal P. CIS docker community edition benchmark. PDF. https://www.cisecurity.org/benchmark/docker. Available online March, 2021.
- Hilton M, Nelson N, Tunnell T, Marinov D, Dig D. Trade-offs in continuous integration: assurance, security, and flexibility. In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, 2017;197–207 https://doi.org/10.1145/3106237.3106270.
- Humble J, Farley D. Continuous delivery: reliable software releases through build, test, and deployment automation. London: Pearson Education; 2010.
- Jabbari R, bin Ali N, Petersen K, Tanveer B. What is DevOps? a systematic mapping study on definitions and practices. In: Proceedings of the Scientific Workshop Proceedings of XP2016, 2016;1–11 https://doi.org/10.1145/2962695.2962707.
- Kang H, Le M, Tao S. Container and microservice driven design for cloud infrastructure DevOps. In: 2016 IEEE International Conference on Cloud Engineering (IC2E), pp. 202–211. IEEE 2016. https://doi.org/10.1109/IC2E.2016.26.
- Krueger T, Gehl C, Rieck K, Laskov P. Tokdoc: A self-healing web application firewall. In: Proceedings of the 2010 ACM symposium on applied computing, SAC ’10, p. 1846–1853. Association for computing machinery, New York, NY, USA 2010. https://doi.org/10.1145/1774088.1774480.
- Lam T, Chaillan N, Ranks P. DoD enterprise DevSecOps reference design version 1.0. Tech. rep., Department of Defense, Chief information officer (2019). https://dodcio.defense.gov/Portals/0/Documents/DoDEnterprise DevSecOps Reference Design v1.0_Public Release.pdf. Accessed Mar 2021
- Leite L, Rocha C, Kon F, Milojicic D, Meirelles P. A survey of devops concepts and challenges. ACM Comput Surv. 2019. https://doi.org/10.1145/3359981.
- MacDonald N, Head I. DevSecOps: how to seamlessly integrate security into DevOps. Tech rep Gartner Tech Rep 2016
- Martin A, Raponi S, Combe TRD. Docker ecosystem-vulnerability analysis. Comput Commun. 2018;122:30–43. https://doi.org/10.1016/j.comcom.2018.03.011.
- Merkel D. Docker: lightweight linux containers for consistent development and deployment. Linux J. 2014;2014(239):2.
- Pahl C. Containerization and the PaaS cloud. IEEE Cloud Comput. 2015;2(3):24–31. https://doi.org/10.1109/MCC.2015.51.
- Prandl S, Lazarescu M, Pham DS. A study of web application firewall solutions. In: Jajoda S, Mazumdar C, editors. Information systems security. Cham: Springer; 2015. p. 501–10.
- Shahin M, Babar MA, Zhu L. Continuous integration, delivery and deployment: a systematic review on approaches, tools, challenges and practices. IEEE Access. 2017;5:3909–43. https://doi.org/10.1109/ACCESS.2017.2685629.
- Smeds J, Nybom K, Porres I. DevOps: A definition and perceived adoption impediments. In: International conference on agile software development. Springer; 2015. pp 166–177 https://doi.org/10.1007/978-3-319-18612-2_14.
- Souppaya M, Morello J, Scarfone K. Application container security guide. National Institute of Standards and Technology: Tech Rep; 2017.
- Tesfatsion SK, Klein C, Tordsson J. Virtualization techniques compared: performance, resource, and power usage overheads in clouds. In: Proceedings of the 2018 ACM/SPEC international conference on performance engineering; 2018. pp. 145–156
- Turnbull J. The Docker book: containerization is the new virtualization. James Turnbull 2014
- Vase T. Integrating Docker to a Continuous Delivery pipeline: a pragmatic approach. Master’s thesis, University of Jyväskylän (2016). https://jyx.jyu.fi/handle/123456789/52756. Accessed Mar 2021