2015 IEEE/ACM 3rd International Workshop on Release Engineering (RELENG) (2015)
May 19, 2015 to May 19, 2015
At the RELENG 2014 Q&A, the question was asked, "What is your greatest concern?" and the response was "someone subverting our deployment pipeline". That is the motivation for this paper. We explore what it means to subvert a pipeline and provide several different scenarios of subversion. We then focus on the issue of securing a pipeline. As a result, we provide an engineering process that is based on having trustworthy components mediate access to sensitive portions of the pipeline from other components, which can remain untrustworthy. Applying our process to a pipeline involving Chef, Jenkins, Docker, Github, and AWS, we find that some aspects of our process result in easy to make changes to the pipeline, whereas others are more difficult. Consequently, we have developed a design that hardens the pipeline, although it does not yet completely secure it.
Pipelines, Software, Analytical models, Permission, Supply chains
L. Bass, R. Holz, P. Rimba, A. B. Tran and L. Zhu, "Securing a Deployment Pipeline," 2015 IEEE/ACM 3rd International Workshop on Release Engineering (RELENG), Florence, Italy, 2015, pp. 4-7.