Vol.73, No.2, 2022, pp.2223-2239, doi:10.32604/cmc.2022.028382
OPEN ACCESS
ARTICLE
Root-Of-Trust for Continuous Integration and Continuous Deployment Pipeline in Cloud Computing
  • Abdul Saboor1,*, Mohd Fadzil Hassan2, Rehan Akbar1, Erwin Susanto3, Syed Nasir Mehmood Shah4, Muhammad Aadil Siddiqui5, Saeed Ahmed Magsi5
1 High-Performance Cloud Computing Centre (HPC3), Department of Computer & Information Sciences, Universiti Teknologi PETRONAS, Seri Iskandar, Perak, Malaysia
2 Centre for Research in Data Science (CeRDaS), Department of Computer & Information Sciences, Universiti Teknologi PETRONAS, Seri Iskandar, Perak, Malaysia
3 School of Electrical Engineering, Telkom University, Bandung, Indonesia
4 KICSIT, Institute of Space Technology (IST), Islamabad, Pakistan
5 Department of Electrical and Electronics Engineering, Universiti Teknologi PETRONAS, Seri Iskandar, Perak, Malaysia
* Corresponding Author: Abdul Saboor. Email:
Received 08 February 2022; Accepted 30 March 2022; Issue published 16 June 2022
Abstract
Cloud computing has gained significant use over the last decade due to its several benefits, including cost savings associated with setup, deployments, delivery, physical resource sharing across virtual machines, and availability of on-demand cloud services. However, in addition to usual threats in almost every computing environment, cloud computing has also introduced a set of new threats as consumers share physical resources due to the physical co-location paradigm. Furthermore, since there are a growing number of attacks directed at cloud environments (including dictionary attacks, replay code attacks, denial of service attacks, rootkit attacks, code injection attacks, etc.), customers require additional assurances before adopting cloud services. Moreover, the continuous integration and continuous deployment of the code fragments have made cloud services more prone to security breaches. In this study, the model based on the root of trust for continuous integration and continuous deployment is proposed, instead of only relying on a single sign-on authentication method that typically uses only id and password. The underlying study opted hardware security module by utilizing the Trusted Platform Module (TPM), which is commonly available as a cryptoprocessor on the motherboards of the personal computers and data center servers. The preliminary proof of concept demonstrated that the TPM features can be utilized through RESTful services to establish the root of trust for continuous integration and continuous deployment pipeline and can additionally be integrated as a secure microservice feature in the cloud computing environment.
Keywords
Root of Trust (RoT); Trusted Platform Module (TPM); cryptoprocessor; microservices; Hardware Security Modules (HSM); DevOps
Cite This Article
A. Saboor, M. Fadzil Hassan, R. Akbar, E. Susanto, S. Nasir Mehmood Shah et al., "Root-of-trust for continuous integration and continuous deployment pipeline in cloud computing," Computers, Materials & Continua, vol. 73, no.2, pp. 2223–2239, 2022.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.