VeriDevOps - Automated Protection and Prevention to Meet Security Requirements in DevOps Environments

Status:

active

Start date:

2020-10-01

End date:

2023-09-30

VeriDevOps is about fast, flexible system engineering that efficiently integrates development, delivery, and operations, thus aiming at quality deliveries with short cycle time to address ever evolving challenges. Current system development practices are increasingly based on using both off-the-shelf and legacy components which make such systems prone to security vulnerabilities. Since DevOps is promoting frequent software deliveries, verification methods artifacts should be updated in a timely fashion to cope with the pace of the process. VeriDevOps aims at providing faster feedback loop for verifying the security requirements i.e. confidentiality, integrity, availability, authentication, authorization and other quality attributes of large scale cyber-physical systems. VeriDevOps is focusing on optimizing the security verification activities, by automatically creating verifiable models directly from security requirements, and using these models to check security properties on design models and generate artefacts (such as tests or monitors) that can be used (later on) in the DevOps process. More concretely, we will develop methods and tools for: 1) creating security models from textual specifications using natural language processing, 2) automatic security test creation from security models using model-based testing and model-based mutation testing techniques and 3) generating (intelligent/adaptive, ML-based) security monitors for the operational phases. This brings together early security verification through formal modelling as well as test generation, selection, execution and analysis capabilities to enable companies to deliver quality systems with confidence in a fast-paced DevOps environment. Overall, VeriDevOps is using the results of formal verification of security requirements and design models created during the analysis and design phase for test and monitor generation to be used to enhance the feedback mechanisms during development and operation phases. 

[Show all publications]

Ethical AI-Powered Regression Test Selection (Aug 2021)
Per Erik Strandberg, Mirgita Frasheri , Eduard Paul Enoiu
International Conference On Artificial Intelligence Testing (AITest)

Project Management in collaborative European research projects (Apr 2021)
Gunnar Widforss, Olga Hendel
EARMA Digital Conference 2021 (EARMA '21)

Towards Human-Like Automated Test Generation: Perspectives from Cognition and Problem Solving (Mar 2021)
Eduard Paul Enoiu, Robert Feldt
International Conference on Cooperative and Human Aspects of Software Engineering 2021 (CHASE 2021)

Automated Protection and Prevention to Meet Security Requirements in DevOps Environments D1.3 (Mar 2021)
Gunnar Widforss, Olga Hendel, Eduard Paul Enoiu, Dragos Truscan , Andrey Sadovykh , Alessandra Bagnato , Rosa Iglesias , Cristina Seceleanu, Damir Bilic

A Model-Based Test Script Generation Framework for Embedded Software (Feb 2021)
Muhammad Nouman Zafar, Wasif Afzal, Eduard Paul Enoiu, Athanasios Stratis , Ola Sellin
The 17th Workshop on Advances in Model Based Testing (A-MOST 2021)

VeriDevOps (Feb 2021)
Andrey Sadovykh , Gunnar Widforss, Dragos Truscan , Eduard Paul Enoiu, Wissam Mallouli , Rosa Iglesias , Alessandra Bagnato , Olga Hendel
Design, Automation and Test in Europe Conference (DATE 2021)

PartnerType
Åbo Akademi University Academic
IKERLAN S. Coop. Academic
ABB AB Industrial
FAGOR ARRASATE S COOP Industrial
MONTIMAGE EURL Industrial
SOFTEAM Industrial

Eduard Paul Enoiu, Senior Lecturer

Room: U1-138
Phone: 021-101624


Olga Hendel, Project Manager

Room:
Phone: 00466221323