Open this publication in new window or tab >>2024 (English)In: BIR-WS 2024, BIR 2024 Workshops and Doctoral Consortium / [ed] Ana-Maria Ghiran; Anne Gutschmidt; Ulf Seigerroth; Kurt Sandkuhl; Marite Kirikova; Peter Forbrig; Charles Møller; Robert Andrei Buchmann; Emanuele Laurenzi; Björn Johansson; Filip Vencovský, 2024, p. 180-188Conference paper, Published paper (Refereed)
Abstract [en]
Zero-trust security involves designing, coding, and deploying applications, assuming that threats may exist both inside and outside the application environment. Developing applications using a zero-trust design is complex since it requires internal development teams to understand and apply zero-trust principles throughout the development process. This is especially crucial for microservice architectures, where many independent teams develop services. However, enforcing and teaching security principles may lead to a formal process, focusing on documentation and auditing rather than agile development. In this paper, we describe a pragmatic use of a modeling tool that is tied to a knowledge repository and contains means for team communication. The tool supports a systemic way of developing zero-trust architectures, catering to both programming needs and the desire to improve the overall development process. The paper concludes with lessons learned from a bank case study where the tool has been developed and utilised for microservices development.
Series
CEUR Workshop Proceedings, E-ISSN 1613-0073
Keywords
Zero-trust architecture, Modeling tool, STRIDE analysis, VSM
National Category
Information Systems
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-235704 (URN)
Conference
BIR-WS 2024: BIR 2024 Workshops and Doctoral Consortium, 23rd International Conference on Perspectives in Business Informatics Research (BIR 2024), September 11, 2024, Prague, Czech Republic.
2024-11-192024-11-192024-11-20Bibliographically approved