New Paper Accepted: A DevSecOps-based Assurance Process for Big Data Analytics
Our paper entitled A DevSecOps-based Assurance Process for Big Data Analytics has been accepted for publication at the conference IEEE ICWS 2022, part of IEEE World Congress on Services (IEEE SERVICES 2022). The paper presents a methodology for assurance of Big Data pipelines developed with a Dev(Sec)Ops approach, where the DevSecOps process is exploited to insert assurance checks against the pipeline during the whole pipeline life cycle.
The authors of the paper are: Marco Anisetti, Nicola Bena (me), Filippo Berto, and Gwanggil Jeon. Filippo just presented the paper personally (and physically) at the congress in Barcelona.
Below is the full abstract.
Today big data pipelines are increasingly adopted by service applications representing a key enabler for enterprises to compete in the global market. However, the management of non-functional aspects of the big data pipeline (e.g., security, privacy) is still in its infancy. As a consequence, while functionally appealing, the big data pipeline does not provide a transparent environment, impairing the users’ ability to evaluate its behavior. In this paper, we propose a security assurance methodology for big data pipelines grounded on the DevSecOps development paradigm to increase trustworthiness allowing reliable security and privacy by design. Our methodology models and annotates big data pipelines with non-functional requirements verified by assurance checks ensuring requirements to hold along with the pipeline lifecycle. The performance and quality of our methodology are evaluated in a real walkthrough analytics scenario.