Today big data pipelines are increasingly adopted by service applications representing a key enabler for enterprises to compete in the global market. However, the management of non-functional aspects of the big data pipeline (e.g., security, privacy) is still in its infancy. As a consequence, while functionally appealing, the big data pipeline does not provide a transparent environment, impairing the users' ability to evaluate its behavior. In this paper, we propose a security assurance methodology for big data pipelines grounded on the DevSecOps development paradigm to increase trustworthiness allowing reliable security and privacy by design. Our methodology models and annotates big data pipelines with non-functional requirements verified by assurance checks ensuring requirements to hold along with the pipeline lifecycle. The performance and quality of our methodology are evaluated in a real walkthrough analytics scenario.

A DevSecOps-based Assurance Process for Big Data Analytics / M. Anisetti, N. Bena, F. Berto, G. Jeon - In: 2022 IEEE International Conference on Web Services (ICWS)[s.l] : IEEE, 2022. - ISBN 978-1-6654-8143-4. - pp. 1-10 (( convegno ICWS tenutosi a Barcelona nel 2022 [10.1109/ICWS55610.2022.00017].

A DevSecOps-based Assurance Process for Big Data Analytics

M. Anisetti;N. Bena;F. Berto;
2022

Abstract

Today big data pipelines are increasingly adopted by service applications representing a key enabler for enterprises to compete in the global market. However, the management of non-functional aspects of the big data pipeline (e.g., security, privacy) is still in its infancy. As a consequence, while functionally appealing, the big data pipeline does not provide a transparent environment, impairing the users' ability to evaluate its behavior. In this paper, we propose a security assurance methodology for big data pipelines grounded on the DevSecOps development paradigm to increase trustworthiness allowing reliable security and privacy by design. Our methodology models and annotates big data pipelines with non-functional requirements verified by assurance checks ensuring requirements to hold along with the pipeline lifecycle. The performance and quality of our methodology are evaluated in a real walkthrough analytics scenario.
Assurance; Big Data; Trustworthiness; DevSecOps
Settore INF/01 - Informatica
PSRL621PRISO_01 - One Health Action Hub: task force di Ateneo per la resilienza di ecosistemi territoriali (1H_Hub) (Linea Strategica 3, Tema One health, one earth) - RISO, PATRIZIA - PSR_LINEA6_ / Piano di sviluppo di ricerca - Grandi Sfide di Ateneo - Linea 6 - 2021
RL_DG-UNI20PRISO_01 - MIND FoodS HUB - RISO, PATRIZIA - RL_DG-UNI - Bandi DG Università, ricerca e open innovation - 2020
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
ABBJ.ICWS2022.pdf

accesso aperto

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione 749.22 kB
Formato Adobe PDF
749.22 kB Adobe PDF Visualizza/Apri
ABBJ.ICWS2022.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 1.91 MB
Formato Adobe PDF
1.91 MB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/938530
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact