Creating it from SCRATCh: A Practical Approach for Enhancing the Security of IoT-Systems in a DevOps-enabled Software Development Environment

Simon Duque Antón; Daniel Fraunholz; Daniel Krohmer; Daniel Reti; Hans Dieter Schotten; Franklin Selgert; Marcell Marosvölgyi; Morten Larsen; Krishna Sudhakar; Tobias Koch; Till Witt; Cédric Bassem

In: Proceedings of the 1st International Workshop on Underpinnings for Safe Distributed AI. International Workshop on Underpinnings for Safe Distributed AI (USDAI-2020), located at SAFECOMP2020, September 15, Online, Springer, 2020.


DevOps describes a method to reorganize the way different disciplines in software engineering work together to speed up software delivery. However, the introduction of DevOps-methods to organisations is a complex task. A successful introduction results in a set of structured process descriptions. Despite the structure, this process leaves margin for error: Especially security issues are addressed in individual stages, without consideration of the interdependence. Furthermore, applying DevOps-methods to distributed entities, such as the Internet of Things (IoT) is difficult as the architecture is tailormade for desktop and cloud resources. In this work, an overview of tooling employed in the stages of DevOps processes is introduced. Gaps in terms of security or applicability to the IoT are derived. Based on these gaps, solutions that are being developed in the course of the research project SCRATCh are presented and discussed in terms of benefit to DevOps-environments.


Deutsches Forschungszentrum für Künstliche Intelligenz
German Research Center for Artificial Intelligence