Cyber immune development approach. Microservices based illustration
DOI:
https://doi.org/10.21638/11701/spbu10.2024.105Abstract
The author believes, that ensuring the information security of systems should begin at the design stage, rather than after implementation is over and verification starts. Also the author supports the point of view, that it is impossible to guarantee absolute information security, eliminate all defects and vulnerabilities from code once and forever. It is more realistic to assume that there are software defects are present in the inner permimeter of any system and the main question is how critical this issue will be for the systems customer assets. Developers shall focus their efforts in design and implementation in such a way that probability of successful attacks compromising system security objectives through critical code is minimal. Also such critical parts are defined and optimised for size and complexity during design phase, separated from non-critical parts, substantial efforts are invested in high qualirty implementation and thorough testing of such critical parts. The article describes how built-in protection against vulnerabilities and attacks can be illustrated using microservices-based architecture.
Keywords:
cyber immunity, systems engineering, systems design, microservices, secure software development
Downloads
References
ГОСТ Р МЭК 62443-3-3-2016. Сети промышленной коммуникации. Безопасность сетей и систем. Ч. 3-3. Требования к системной безопасности и уровни безопасности. М.: Стандартинформ, 2016. 62 с.
Конструктивная информационная безопасность. M.: Лаборатория Касперского, 2023. 2 c. https://os.kaspersky.ru/blog/security-by-design
DeLong R. J., Rudina E. MILS architectural approach supporting trustworthiness of the IIoT solutions: IIC whitepaper. Boston: Industrial Internet Consortium, 2021. 94 p.
Spencer R., Smalley S. D., Loscocco P., Hibler M., Andersen D. G., Lepreau J. The Flask security architecture: system support for diverse security policies. Washington: USENIX Security Symposium, 1999. 17 p.
References
GOST R MEK 62443-3-3-2016. Seti promyshlennoi kommunikatsii. Bezopasnost' setei i sistem. Ch. 3-3. Trebovaniia k sistemnoi bezopasnosti i urovni bezopasnosti [GOST R IEC 62443-3-3-2016. Industrial communication networks. Network and system security. Pt 3-3. System security requirements and security levels]. Moscow, Standardinform Publ., 2016, 62 p. (In Russian)
Konstruktivnaia informatsionnaia bezopasnost' [ Security by Design]. Moscow, Kaspersky Lab. Publ., 2023, 2 p. https://os.kaspersky.ru/blog/security-by-design (In Russian)
DeLong R. J., Rudina E. MILS architectural approach supporting trustworthiness of the IIoT solutions. IIC whitepaper. Boston, Industrial Internet Consortium, 2021, 94 p.
Spencer R., Smalley S. D., Loscocco P., Hibler M., Andersen D. G., Lepreau J. The Flask security architecture: System support for diverse security policies. Washington, USENIX Security Symposium Publ., 1999, 17 p.
Downloads
Published
How to Cite
Issue
Section
License
Articles of "Vestnik of Saint Petersburg University. Applied Mathematics. Computer Science. Control Processes" are open access distributed under the terms of the License Agreement with Saint Petersburg State University, which permits to the authors unrestricted distribution and self-archiving free of charge.