Investigations into Secure IaC Practices

Keerthi Neharika, Ruth G. Lennon

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Citation (Scopus)

Abstract

Security is one of the major concerns for companies, as security attacks are rapidly increasing. There are many laws and regulations which provide guidelines to companies for securing their applications. A few of those laws impose heavy fines when appropriate measures for security are not taken. Provisioning infrastructure using manual configuration can also be a difficult task as it involves multiple steps. In this paper, we investigate securely provisioning infrastructure automatically. Security and automatic infrastructure provisioning can be achieved using source code analysis tool, container security tool, and IaC tools. We show that source code and containers can be scanned for vulnerabilities, and when critical vulnerabilities are not found, the infrastructure can be automatically provisioned using Terraform script. The authors observed that implemented systems can be scanned for vulnerabilities in source code and containers provisioned automatically using secure IaC script.

Original languageEnglish
Title of host publicationProceedings of 7th International Congress on Information and Communication Technology - ICICT 2022
EditorsXin-She Yang, Simon Sherratt, Nilanjan Dey, Amit Joshi
PublisherSpringer Science and Business Media Deutschland GmbH
Pages289-303
Number of pages15
ISBN (Print)9789811916090
DOIs
Publication statusPublished - 2023
Event7th International Congress on Information and Communication Technology, ICICT 2022 - Virtual, Online
Duration: 21 Feb 202224 Feb 2022

Publication series

NameLecture Notes in Networks and Systems
Volume448
ISSN (Print)2367-3370
ISSN (Electronic)2367-3389

Conference

Conference7th International Congress on Information and Communication Technology, ICICT 2022
CityVirtual, Online
Period21/02/2224/02/22

Keywords

  • Automation
  • DevOps
  • Infrastructure as code

Fingerprint

Dive into the research topics of 'Investigations into Secure IaC Practices'. Together they form a unique fingerprint.

Cite this