FEATURE

intend to shift some employees to ees-to-remote-work-permanently2. 4. ‘Mitigate risks with PKI’. DigiCert. remote work permanently’. Gartner, 3. Bissette, Hayleigh. ‘The threat Accessed Sep 2020. www.digicert. 3 Apr 2020. Accessed Sep 2020. of Covid-19 phishing attacks’. com/pki/. www.gartner.com/en/newsroom/ TheBusinessDesk, 7 Jul 2020. Accessed 5. ‘Behind the scenes of SSL cryptogra- press-releases/2020-04-03-gartner- Sep 2020. www.thebusinessdesk.com/ phy’. DigiCert. Accessed Sep 2020. cfo-surey-reveals-74-percent-of- yorkshire/news/2058462-the-threat-of- www.digicert.com/ssl-cryptography. organisations-to-shift-some-employ- covid-19-phishing-attacks. htm. Security controls in infrastructure as code

Sadiq Almuairfi and Mamdouh Alenezi, Prince Sultan University Sadiq Almuairfi Mamdouh Alenezi The development, deployment and management of software applications have shifted dramatically in the past 10 years. This fundamental shift is what we now know as development operations (DevOps). Infrastructure as Code (IaC) is one for practitioners to study security smells of the main tenets of DevOps. Previously, manual configuration via cloud pro- in IaC scripts so that insecure coding viders’ UI consoles and physical hardware used to take place. But now, with the practices can be avoided. If we study the concept of IaC, the IT infrastructure can be automated by using blueprints that responses of the Common Weakness are easily readable by machines. Enumerator (CWE), it can be found that CWE considers hard-coded pass- To accomplish IaC, various programming Fowler introduced the concept of code words as a security weakness. According languages and tools must be used in order smell and according to them, code to CWE: “If hard-coded passwords are to define the infrastructure (network, serv- smells are flaws in code that may cause used, it is almost certain that malicious ers, storage). The ability to use practices problems.2 There might be no run-time users will gain access to the account in like code review, version control and unit errors while code smell is present but question.” Thus, even if a security smell testing impacts infrastructure automation the presence of code smell should be might not lead to a security breach at positively. Two of the biggest benefits that taken as an indication for improvement. the time of its discovery, proper atten- IaC implementation provides are com- Duplicate block (DB) smell is one such tion should be given to it and it should paratively rapid iterations and increased example of code smell that occurs when- be inspected whenever needed.4 speed of infrastructure deployment. The ever identical statements are repeated. usage of IaC scripts is really helpful for The results of various researches prove “Code smells are flaws practitioners in order to configure and that noting code smells is an appropriate in code that may cause provision their development environments. method of assessing the quality of pup- problems. There might be The scripts employed in IaC are also pet code. is a popular provision- no run-time errors while known as ‘Configuration as code scripts’ ing tool that helps write puppet codes code smell is present but or ‘configuration scripts.’ How beneficial and uses IaC in order to specify the the presence of code smell these IaC scripts are can be identified with desired state of the environment.3 should be taken as an the example of Fortune 500 company Since we know that IaC scripts are indication for improvement” Intercontinental Exchange (ICE). ICE uses used by practitioners to develop environ- IaC scripts to maintain 75% of its 20,000 ments and provision servers, there is a Writing the IaC code is quite a servers, which ultimately results in a time chance that they may introduce security complex task as it is basically done reduction of environment provisioning smells inadvertently. Security smells are by blending various infrastructure from one or two days to 21 minutes.1 simply recurring coding patterns or, in programming languages. Thus, some Although IaC has gained popularity in simpler terms, are basically measures that sort of approach is needed in order to recent years, when it comes to the qual- indicate security weakness. There is also create complex IaC designs that save ity of code, the research is very sparse. a possibility that the presence of secu- time not only when being designed This limited research has introduced the rity smells may lead to frequent security but also at the time of deployment and term ‘code smell’. Kent Beck and Martin breaches. Thus, it becomes necessary redeployment. Model-driven engineer-

13 October 2020 Computer Fraud & Security FEATURE ing (MDE) provides us with one such certain recurring coding patterns may ing these IaC scripts is also increased. approach – data-intensive continuous lead to weaknesses in security, indicating In order to exploit model-driven engi- engineering and rollout (Dicer) – that an increased chance of security breaches. neering (MDE), Artac et al attempted can be used to create language-agnostic In order to make sure that practitioners to create language-agnostic models that models that can be transformed into make no mistakes when developing IaC possess the capability to transform them- IaC. Dicer is a model-driven approach scripts, researchers conducted a study of selves into IaC scripts automatically. In and acts as a supporting tool for users security smells in IaC scripts. They made addition, the authors have shown that who wish to develop IaC for big data use of 1,726 IaC scripts through the a significant amount of time can be frameworks. Although Dicer doesn’t approach of qualitative analysis in order saved even while creating complex IaC support all of the well-known big data to find seven security smells. Among the by following the Dicer approach. Also, frameworks, it provides the benefit of 15,232 IaC scripts, the authors imple- the authors described the Ops activi- the addition of new frameworks.5 mented the SLIC (security linter for ties (server provisioning, monitoring, Similar to software source code, IaC infrastructure as code) tool to identify the self-adaptation, etc) required to deploy scripts can face many issues, making occurrence of each smell. Through their and operate cloud applications continu- these scripts susceptible to security research, Rahman et al in ‘The Seven ously. Speaking of Dicer, the key feature defects. Defects in IaC scripts can have Sins’ have tried to answer questions about it offers is that models that are written serious consequences, as these scripts are the type of security smells, their frequen- using the Dicer profile can be automati- associated with setting up and managing cy, lifetime and the opinion of practition- cally translated into IaC scripts. cloud-system infrastructure and ensur- ers about them. Apart from finding the The quality of code is important in ing the availability of software devices. answers to these questions, the authors any software project. Schwarz et al have For example, in early 2017, execution made sure that the results of the SLIC focused research on the quality of code of a defective IaC script removed the tool were properly evaluated and created while the concept of IaC is gaining home directories of around 270 cus- Oracle datasets in order to do that. popularity day by day, looking for flaws tomers in cloud instances maintained IaC uses blueprints that are easily read- in the quality of code – that is, code by Wikimedia.6 This evidence, plus able by machines. Schwarz et al have smells. In their research, the authors research studies, motivated us to care- discussed all the necessary elements and tried to apply code smells to different fully study the security of IaC, which is abstractions that are used in the writing technologies in order to investigate if the focus of this article. and maintenance of the blueprint of IaC. similar results could be achieved. To The authors seem to outline the benefits proceed with their research, the authors Related work of DevOps but at the same time keeping formulated two questions and by the IaC as the accelerating tactic for DevOps. application of code smells, tried to find Software teams are able to implement The standard that the authors have used the answers to those questions. The continuous deployment and make rapid for the expression is known as ‘topology questions were particularly concerned changes by the use of configuration as and orchestration specification for cloud with the applicability of puppet smells code (CaC) tools.7 The popularity of applications’ (Tosca). Tosca is defined as to other these tools is increasing day by day but an industrial practice language that is used tools and the existence of other pro- investigating the challenges faced by the for automated industrial deployment and gramming smells relevant to IaC. Also, programmers while using these tools and multi-cloud compliant applications. One the authors have proposed three types finding solutions to those challenges can other major benefit that Tosca offers is of code smells in the paper: technology be really helpful in identifying potential that it provides reusable nodes and edges. agnostic smells, technology-depend- technical challenges related to CaC. Also, the authors have discussed Dicer, ent smells and technology-specific We conducted research on what ques- which is a model-driven tool to quickly smells. The results obtained through tions are asked by the programmers about put together the infrastructure design for the research indicate the presence of CaC. In order to extract puppet-related a big data cloud application as a part of IaC smells in other technologies and questions asked by programmers on Stack continuous-data intensive architecting. tools. In order to be sure of the results Overflow from 2010 to 2016, qualita- obtained, the authors further evaluated tive analysis was applied. On the basis of Increased complexity the results and conducted two more responses extracted through this analysis, case studies that examined the proper- it was discovered that the three areas that IaC scripts are a blend of various infra- ties of completeness and soundness. disturb programmers the most about structural programming languages, and System discrepancies and system CaC are installation, security and data with the increased complexity of the outages are some of the outcomes separation. While practitioners use IaC, infrastructure, the complexity of writ- that can be seen if the quality of IaC

14 Computer Fraud & Security October 2020 FEATURE scripts isn’t up to the mark. In order to patterns such as variable related errors, file- 18 different defect characteristics. Thus improve the quality of IaC scripts by related errors, OS-related errors, etc. The the authors, through their research, were practitioners, Rahman in ‘Anti-Patterns rationale that the authors propose as being able to prove that IaC scripts are suscep- in Infrastructure as Code’ conducted behind their approach is: “Identical (or tible to defects and these defect predic- research on the identification of anti- similar) code errors would be fixed with tion models or metrics can help practi- patterns in IaC scripts and then devel- identical (or similar) code changes.” tioners prioritise inspection efforts. opment of the IaC scripts. As per the In order to keep up with the improve- Even though build automation tools author: “Through systematic investiga- ment in cloud system environments, provide benefits such as reduction in tion, we can identify anti-patterns in IaC Lavriv et al proposed the method of cloud errors and reduction in rapid release of that correlate with defects, and violate system disaster recovery based on the con- software changes, these are still considered security and privacy objectives.” cept of infrastructure as code.9 In order to complex among software practitioners. The methodology used by Rahman define a sample cloud infrastructure, the Build automation is considered to be a was based on characterising defective IaC authors used a tool named Terraform by technology that “automatically compiles scripts by extracting text features. The Harshicorp. This tool was developed using and tests software changes, packages two text-mining techniques used were the the Go programming language and is very the software changes into a binary, and ‘bag-of-word’ technique, and the ‘term promising. Its simple syntax is based on prepares the created binary for deploy- frequency-inverse document frequency’ the key-value format, which makes it very ment”.11 The authors in ‘Which Factors technique. In order to characterise the popular in IT operations. Through their Influence Practitioners’ Usage of Build properties of defective IaC scripts, Rahman research, the authors have tried to show Automation Tools?’ focus their research also applied Strauss-Corbin Grounded the- the benefits of using the IaC concept as on the identification of adoption factors ory. As a result, the three properties that compared to the manual approach in case that may influence the usage of these characterise defective IaC scripts turned of system failure. Also, the authors simulat- build automation tools among software out to be infrastructure provisioning, file ed the disaster of sudden manual destruc- practitioners. In addition, the authors system operations and management of user tion of all previously created infrastructure. conducted a survey to identify these accounts. Rahman built prediction mod- The two types of recovery actions that adoption factors, and responses from els using characteristics such as commits, were investigated were Terraform tool 268 software professionals were recorded. number of multitasking practitioners, their activation and manual infrastructure rec- The responses revealed that complexity age, etc. reation. Through the results achieved, the wasn’t the main factor hindering the use authors were able to justify the difference of these tools by practitioners – instead, Quality challenge between the recovery time manually and it was compatibility. On the basis of with a tool like Terraform. The difference responses received, the authors suggest Even though IaC scripts are widely adopt- becomes more visible with the increased that the use of build automation tools can ed, the development and maintenance of complexity of the cloud system. be increased if, “build automation tools premium quality IaC scripts are challeng- IaC scripts can be defective and may fit well with practitioners’ existing work- ing to the majority of the developers. Chen lead to large-scale service outages for end flow and tool usage, and usage of build et al conducted research in order to iden- users.10 These defects can be mitigated automation tools are made more visible tify error patterns for IaC.8 The authors if somehow we are able to predict the among practitioners’ peers.” proposed an approach to handle frequently defective IaC scripts and that was the occurring IaC code errors. The approach goal of Rahman et al in conducting this Security (code) smells works on the extraction of ‘code changes’ research. The authors talk about propos- from historical commits and once they ing the matrices related to the defect The concept of code smells describes are extracted, an unsupervised machine prediction model in order to prioritise flaws in code that may lead to a prob- learning algorithm is employed in order to inspection efforts. Also, the authors lem. Rahman et al in ‘The Seven Sins’ cluster them in groups. Thus it can be said employed constructivist ground theory identified seven security smells in IaC that the approach is formed by following (CGT) to identify the metrics that are by performing an experiment on open three steps, which are: extraction of code suitable to IaC scripts. The methodol- source repositories. They concluded that changes; identification of error patterns; ogy used by the authors consists of four security smells can have a long lifespan and suggesting constraint rules as outcome. steps: repository collection; commit mes- – for example, a hard-coded secret can The authors employed abstract syntax tree sage processing; determination of defect- remain as long as 98 months, with a (AST) differencing in order to locate the related commits; and application of median lifetime of 20 months. On the code changes. Through their research, they CGT theory respectively. As a result, the other hand, Schwarz et al presented a were able to classify 41 cross-project error authors obtained 18 metrics indicating catalogue of 17 code smells in IaC which

15 October 2020 Computer Fraud & Security FEATURE

• Signing binary artifacts digitally and storing them in repositories. Acceptance stage

The continuous integration server executes a set of automatic acceptance tests. This stage is triggered by a successful com- mit. The latest good commit build is

Figure 1: An example of a config file. selected and dispatched to an acceptance test environment. Automated acceptance were applied and focused on the that represents the security assurance tests – which involve functional, integra- configuration management tool. This workflow as proposed by Jim Bird.12 tion, performance and security tests – are indicates that a further investigation of executed. In order to minimise the time code smells in the area of IaC is needed. Pre-commit stage required to perform the test, in most cases Therefore, we will list some code smells the tests are fanned out to heterogeneous (process metrics) for any deployment At this stage the continuous integration test servers and executed in parallel. By tools that are not covered by the above- server executes automatic tests on all the following the ‘fail fast’ approach, the most mentioned studies as follows: proposed changes and team members are time-consuming and expensive tests are Permissions: The source (deployment) engaged in reviewing code. Changes to soft- left until as late as possible in the test cycle server must have write-only permission ware and configuration are checked into a and are only executed if other tests have to destination servers and client machines source code repo. Security checks and con- already passed. during the deployment process. This trols at this stage are as follows: lightweight Security control and tests at this stage action will avoid reading the source server iterative threat modelling and risk assess- are as follows: information from destination servers ment; static analysis checking in the IDE of • Provisioning of runtime environment and clients. In fact, read permission does the engineer; and peer code reviews. and secure automated configuration not always lead to a security breach but management. makes it easier to gather information on Continuous integration • Deployment of the latest good build the deployment server. Thus, we consider stage from the binary artifact repository read permission is a security smell in IaC. automatically. Path configuration: In this smell, it’s This stage is triggered automatically by • Smoke tests, which are designed to recommended to save all paths in the a check-in. Build and basic automated catch mistakes in configuration or config file, which will save time and effort testing of the system is performed. Fast deployment. in the case of any path issues brought up. feedback to developers is returned verify- • Dynamic application security testing. The configuration file is not compiled ing whether the change breaks the build. • Automatic functional and integration during the deployment process, so if a case The stage is usually completed in a few testing of security features. of a path error comes along on a produc- minutes. The security checks at this stage • Automated security attacks with the tion server, practitioners can change the are as follows: help of Gauntlt or other security tools. path from the config file easier and faster. • Compile and build checks that • Deep static analysis scanning. Figure 1 shows an example of a config file ensure that the steps are clean with • Fuzzing (APIs, files). protected with a key. no errors and warnings. • Manual penetration testing. • Software component analysis in the Threat model build with identification of risk in Production deployment third-party components. and post-deployment Threat modelling is the process of iden- • Incremental static analysis scanning for tifying and investigating potential threats bugs and security vulnerabilities. Upon passing the above-mentioned tests, in order to find any architectural bugs • Generating alerts on high-risk code the change is ready to be deployed to before they breach security. Although changes with the help of static analysis production. Security checks and controls threat modelling can be done at any checks and tests. are needed at this stage, including: stage, doing it in the early stages provides • Automatic unit testing of security • Provisioning of a run-time environ- the additional benefit of early determina- functions with the help of code cov- ment and secure automated configu- tion of threats. Figure 2 shows the model erage analysis. ration management.

16 Computer Fraud & Security October 2020 FEATURE

Best practices to secure IaC

To achieve consistency, speed of deploy- ment, simplicity and security in IaC, best practice should be followed. Related efforts in this direction can be found in the references.13-19 We have worked on consolidating these studies and present the best of the best practices as follows: Manual security assessment: This step involves manually inspecting the live infra- structure after deployments and reviewing the architecture/templates before they are deployed to a live environment. Figure 2: Security Codify everything: All infrastructure assurance workflow specifications should be explicitly coded for IaC. in configuration files, such as AWS CloudFormation templates, Chef recipes, playbooks, or any other IaC tool. These configuration files represent the single source of truth of your infrastructure specifications and describe exactly what cloud components you’ll use, how they relate to one another and how the entire environment is configured. Infrastructure can then be deployed quickly and seam- lessly, and – ideally – no one should log into a server to manually make changes. IaC documentation: This approach advises that writing documentation should be avoided because the code itself will • Automated deployment and release a need for metrics for compliance and register the machine status automatically. orchestration. risk-management purposes. These met- That means the infrastructure documen- • Post-deployment smoke tests. rics will help us understand how to pri- tation is always up to date. Additional • Automated run-time assets and com- oritise testing and training efforts, which documentation, such as diagrams and pliance checks. helps in assessing the application security other setup instructions, may be necessary • Production monitoring/feedback. program. to educate employees who are less familiar • Runtime defence. By collecting data on vulnerabilities, with the infrastructure deployment pro- • Red teaming. important information can be gained, cess. But most of the deployment steps will • Bug bounties. such as: the number of vulnerabilities dis- be performed by the configuration code, • Blameless postmortems. covered, how the vulnerabilities are dis- so this documentation should ideally be All of the above-mentioned practices covered and what tools are giving the best kept to a minimum. are implemented according to the risk returns, what are serious vulnerabilities, Version everything: The configuration profile of the organisation. how long it’s taking to get the vulnerabili- files should be managed in a version- ties fixed, etc. All this information can controlled way. Because all configuration Vulnerability be obtained by providing security testing data are written in code, any modifications management module results from continuous delivery pipelines to the codebase can be controlled, tracked into a vulnerability manager. and reconciled. The version control system In order to track vulnerabilities, assess The above-mentioned security assur- (VCS) is a core part of managing IaC. The risk and understand trends, this module ance workflow can be made more secure VCS is the source of truth for the overall helps us to view the status of the pipe- with the best practices discussed in the status of the infrastructure. Any changes line, systems and portfolios. There is following section. in infrastructure will be performed by

17 October 2020 Computer Fraud & Security FEATURE

able from end to end. That will provide secure service availability and ensure the continuous flow of the delivery pipeline. Figure 3 shows the summary of the best practice approach to secure IaC. Conclusion

Figure 3: Best practice The aim of this article was not only to summary. introduce the reason behind the increas- ing popularity of ‘infrastructure as code’ but also to dig deep into an area that is not much researched. Our research in this paper led us to the identification of code smells and their classification in categories such as technology-agnostic and technol- ogy-dependent smells. Thus, it can be concluded that these smells provide us changes committed to the VCS. In addi- • Check auditing and logging policies with adequate means to test the quality/ tion, VCS is important for IaC because it and configurations. security of IaC scripts. provides the following functions: Modular code (small changes rather The research leads us to information on • Traceability: Record all changes that than big batches): Modular infrastructure how IaC scripts help companies in the cur- have been made. limits the number of changes that can rent IT industry to automatically configure • Rollback: Restore things back in case be made to the configuration. Smaller their production environment and how of any failures. changes make errors easier to detect and security smells lead to an increment in • Correlation: Useful for tracing and fixing allow the team to fix them. There are system weakness and what practices can be complex problems when these occur. many reasons to prefer small changes over used by software practitioners in order to • Visibility: All team members can see big batches, including the following: formulate a quality code or IaC script. when changes are committed to VCS. • Easier and less effort in case of test- Through our research on security in • Actionability: VCS can trigger ing the changes and evaluation. IaC, one thing that became clear is that actions automatically when a change • Faster to find the cause of the bugs IaC might be one of the fundamental is committed. and errors, then easy to fix them. pillars to DevOps but it is susceptible to Continuously test system, integrate Immutable infrastructure: This defects. In order to eliminate the occur- and deploy: The repeatability of IaC is an approach takes IaC to the next level. The rence of these defects, we have to learn enabler of this approach, where the chang- idea behind immutable infrastructure about defect prediction models. Lastly, we es first deploy into a test environment. is that IT infrastructure elements are built a threat model in order to secure the Automated tests verify that there were no replaced for each deployment, instead controls of an IaC. The employability of security and compliance regressions before of making changes on current compo- threat models and their importance in the deploying the changes to a production nents. This process provides consistency, development stage is what makes them the server. All of this is managed by an auto- avoids configuration drift and restricts the preferred tool of developers. This practice mated CI/CD (continuous integration/ impact of undocumented changes. Also, of making threat models should also be continuous deployment) pipeline. Unit it improves security and makes fixes easier promoted as it can protect end users from tests for configuration code should include due to the lack of configuration edits. a lot of disturbance. security checks such as the following: Continuous security and service • Disable unnecessary services. availability: Complexity is the enemy of About the authors • Close unused ports. security, so it’s important to secure not Dr Sadiq Almuairfi is currently an e-ser- • Look for hardcoded credentials and only the application and its runtime envi- vice director and researcher at the Security secrets. ronment but also the continuous delivery Engineering Lab at Prince Sultan University, • Check and review permissions on toolchain and test environment. Also, Riyadh, Saudi Arabia. He received a bach- files and directories. it is important to protect the pipeline elor’s degree in computer engineering from • Ensure that development tools are from insider attacks by ensuring that all KFUPM, Dhahran, Saudi Arabia in 2001, not installed in production servers. changes are fully transparent and trace- a master’s degree in information manage-

18 Computer Fraud & Security October 2020 FEATURE ment from King Abdulaziz University, E; Guerriero, M; Perez-Palacin, D; 12. Bird, Jim. ‘Security as Code: Jeddah, Saudi Arabia, in 2005 and a PhD Tamburri, D. ‘Infrastructure-As-Code Security Tools and Practices in in cyber security from La Trobe University, for Data-Intensive Architectures: Continuous Delivery’. O’Reilly Melbourne, Australia in 2014. His research A Model-Driven Development Media, 2016. Accessed Sep 2020. interests include cyber security, network secu- Approach’. IEEE International www.oreilly.com/library/view/devo- rity and e-commerce security. Conference On Software Architecture pssec/9781491971413/ch04.html. Dr Mamdouh Alenezi is currently the dean (ICSA), 2018, pp.156-165. 13. Feintuch, Roy. ‘New Security of educational services at Prince Sultan 6. Rahman, A. ‘Anti-Patterns in Challenges with Infrastructure-as- University. He received his MS and PhD Infrastructure as Code’. IEEE 11th Code and Immutable Infrastructure’. degrees from DePaul University and North International Conference On Software The New Stack, 4 Apr 2018. Dakota State University in 2011 and 2014 Testing, Verification and Validation Accessed Jan 2020. https://the- respectively. He has extensive experience in (ICST), 2018. newstack.io/new-security-challenges- data mining and machine learning, where 7. Rahman, A; Partho, A; Morrison, P; with-infrastructure-as-code-and- he applied several data mining techniques to & Williams, L, ‘What Questions Do immutable-infrastructure. solve software engineering problems. He has Programmers Ask about Configuration 14. Chan, Mike. ‘Infrastructure as Code: worked in several research areas and devel- as Code?’, 2018 ACM/IEEE 4Th 6 best practices to get the most out oped predictive models using machine learn- International Workshop On Rapid of IaC’. Thorn Technologies, 27 ing to predict fault-prone classes, comprehend Continuous Software Engineering Feb 2018. Accessed Jan 2020. www. source code and predict the appropriate devel- 8. Chen, W; Wu, G; Wei, J. ‘An thorntech.com/2018/02/infrastruc- oper to be assigned to a new bug. Approach to Identifying Error ture-as-code-best-practices/. Patterns for Infrastructure as Code’. 15. ‘What Is Infrastructure as Code? How References 2018 IEEE International Symposium It Works, Best Practices, Tutorials’. 1. Artac, M; Borovssak, T; Di Nitto, On Software Reliability Engineering Stackify, 5 Sep 2019. Accessed Jan E; Guerriero, M; Tamburri, D. Workshops (ISSREW). 2020. https://stackify.com/what-is- ‘DevOps: Introducing Infrastructure- 9. Lavriv, O; Klymash, M; Grynkevych, G; infrastructure-as-code-how-it-works- As-Code’. 2017 IEEE/ACM 39Th Tkachenko, O; Vasylenko, V. ‘Method best-practices-tutorials/. International Conference On Software of cloud system disaster recovery based 16. Null, Christopher. ‘Infrastructure Engineering Companion (ICSE-C). on “Infrastructure as a code” concept’. as code: The engine at the heart of 2. Fowler, M; Beck, K; Brant, J; 14th International Conference On DevOps’. TechBeacon. Accessed Jan Opdyke, W; Roberts, D; ‘Roberts, Advanced Trends in Radioelecrtronics, 2020, https://techbeacon.com/enter- Refactoring: Improving the Design Telecommunications and Computer prise-it/infrastructure-code-engine- of Existing Code’. Addison-Wesley Engineering (TCSET), 2018. heart-. Longman Publishing, 2018. 10. Rahman, A; Stallings, J; Williams, 17. Hornbeek, Mike. ‘9 Pillars of 3. Schwarz, J; Steffens, A; Lichter, L. ‘Defect Prediction Metrics for Continuous Security Best Practices’. H. ‘Code Smells in Infrastructure Infrastructure as Code Scripts in DevOps.com, 8 Jan 2019. Accessed as Code’. 11th International DevOps’. 2018 ACM/IEEE 40th Jan 2020, https://devops.com/9-pillars- Conference On the Quality of International Conference On Software of-continuous-security-best-practices/. Information and Communications Engineering: Companion Proceedings. 18. Morris, Kief. ‘Challenges and Technology (QUATIC), 2018. 11. Rahman, A; Partho, A; Meder, D; Principles’. In: ‘Infrastructure as 4. Rahman, A; Parnin, C; Williams, L. Williams, L. ‘Which Factors Influence Code’, O’Reilly Media, 2015. ‘The Seven Sins: Security Smells in Practitioners’ Usage of Build 19. ‘Secure development and deployment Infrastructure as Code Scripts’. IEEE/ Automation Tools?’. IEEE/ACM 3rd guidance’. National Cyber Security ACM 41st International Conference International Workshop On Rapid Centre (NCSC). Accessed Jan 2020, On Software Engineering (ICSE), 2019. Continuous Software Engineering www.ncsc.gov.uk/collection/develop- 5. Artac, M; Borovsak, T; Di Nitto, (Rcose), 2017. ers-collection.

19 October 2020 Computer Fraud & Security