Using Model-Based Systems Engineering (MBSE) to Assure a DevSecOps Pipeline is Sufficiently Secure

Abstract

Many enterprises and government programs are concerned that adversaries may abuse weaknesses in a DevSecOps pipeline to inject exploitable vulnerabilities into their products and services. This report presents an approach using model-based systems engineering (MBSE) and the DevSecOps Platform Independent Model (PIM) to evaluate and mitigate the cybersecurity risks associated with a given enterprises, or government programs, DevSecOps pipeline(s). The analysis approaches this paper describes focuses on ensuring that the DevSecOps pipeline and its associated products are implemented in a secure, safe, and sustainable way; are sufficiently free from vulnerabilities; and the capabilities only function as intended. Ultimately, the PIM provides analysts with a minimum set of MBSE tools to assist with threat identification, analysis, documentation, and subsequent mitigations.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 15, 2023
Accession Number
AD1201267

Entities

People

  • Natasha Shevchenko
  • Scott Pavetti
  • Timothy Chick

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • C4I
  • Cyber

DTIC Thesaurus Topics

  • Abstracts
  • Business Administration
  • Classification
  • Computer Programs
  • Configuration Management
  • Control Systems
  • Cybersecurity
  • Devsecops
  • Engineering
  • Governments
  • Information Security
  • Model Based Systems Engineering
  • Organizational Structure
  • Security
  • Software Assurance
  • Software Development
  • Standards
  • Systems Engineering
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Political Violence and Terrorism Studies.
  • Software Engineering.

Technology Areas

  • Cyber