Exportar Publicação
A publicação pode ser exportada nos seguintes formatos: referência da APA (American Psychological Association), referência do IEEE (Institute of Electrical and Electronics Engineers), BibTeX e RIS.
Gasiba, T. E., Andrei-Cristian, I., Lechner, U. & Pinto-Albuquerque, M. (2021). Raising security awareness of cloud deployments using infrastructure as code through cybersecurity challenges. In ARES 2021: The 16th International Conference on Availability, Reliability and Security. Vienna Austria: ACM.
T. E. Gasiba et al., "Raising security awareness of cloud deployments using infrastructure as code through cybersecurity challenges", in ARES 2021: The 16th Int. Conf. on Availability, Reliability and Security, Vienna Austria, ACM, 2021
@inproceedings{gasiba2021_1732221363571, author = "Gasiba, T. E. and Andrei-Cristian, I. and Lechner, U. and Pinto-Albuquerque, M.", title = "Raising security awareness of cloud deployments using infrastructure as code through cybersecurity challenges", booktitle = "ARES 2021: The 16th International Conference on Availability, Reliability and Security", year = "2021", editor = "", volume = "", number = "", series = "", doi = "10.1145/3465481.3470030", publisher = "ACM", address = "Vienna Austria", organization = "", url = "https://dl.acm.org/doi/proceedings/10.1145/3465481" }
TY - CPAPER TI - Raising security awareness of cloud deployments using infrastructure as code through cybersecurity challenges T2 - ARES 2021: The 16th International Conference on Availability, Reliability and Security AU - Gasiba, T. E. AU - Andrei-Cristian, I. AU - Lechner, U. AU - Pinto-Albuquerque, M. PY - 2021 DO - 10.1145/3465481.3470030 CY - Vienna Austria UR - https://dl.acm.org/doi/proceedings/10.1145/3465481 AB - Improper deployment of software can have serious consequences, ranging from simple downtime to permanent data loss and data breaches. Infrastructure as Code tools serve to streamline delivery by promising consistency and speed, by abstracting away from the underlying actions. However, this simplicity may distract from architectural or configuration faults, potentially compromising the secure development lifecycle. One way to address this issue involves awareness training. Sifu is a platform that provides education on security through serious games, developed in the industry, for the industry. The presented work extends the Sifu platform with challenges addressing Terraform-aided cloud deployment on Amazon Web Services. This paper proposes an evaluation pipeline behind the challenges, and provides details of the vulnerability detection and feedback mechanisms, as well as a novel technique for detecting undesired differences between a given architecture and a target result. Furthermore, this paper quantifies the challenges' perceived usefulness and impact, by evaluating the challenges among a total of twelve participants. Our preliminary results show that the challenges are suitable for education and the industry, with potential usage in internal training. A key finding is that, although the participants understand the importance of secure coding, their answers indicate that universities leave them unprepared in this area. Finally, our results are compared with related industry works, to extract and provide good practices and advice for practitioners. ER -