Skip to main content

TS

Securing a deployment pipeline

Authors

Len Bass, Ralph Holz, Paul Rimba, An Binh Tran and Liming Zhu

NICTA

Abstract

At the RELENG 2014 Q&A, the question was asked “What is your greatest concern?” and the response was “someone subverting our deployment pipeline”. That is the motivation for this paper. We address several questions: ? What does it mean to subvert a pipeline? We provide several different scenarios of subversion. ? How does one secure a pipeline? We provide an engineering process that is based on having trusted components mediate access to sensitive portions of the pipeline from other components, which can remain untrusted.

Applying our process to a pipeline we constructed involving Chef, Jenkins, Docker, Github, and AWS, we find that some aspects of our process result in easy to make changes to the pipeline, whereas others are more difficult. Consequently, we have developed a design that hardens the pipeline, although it does not yet completely secure it.

BibTeX Entry

  @inproceedings{Bass_HRTZ_15,
    booktitle        = {3rd International Workshop on Release Engineering 2015},
    author           = {Bass, Len and Holz, Ralph and Rimba, Paul and Tran, An Binh and Zhu, Liming},
    month            = may,
    year             = {2015},
    title            = {Securing a Deployment Pipeline},
    pages            = {4-7},
    address          = {Florence, Italy}
  }

Download

Served by Apache on Linux on seL4.