TY - GEN
T1 - A Lightweight Privileged Account Management System for Develpoment and Operation
AU - Ma, Ziwei
AU - Guan, Zhenyu
N1 - Publisher Copyright:
©2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Privileged accounts are used in both software and hardware during the DevOps process. However, hard-coded privileged accounts in development may not be deleted before submitted to customers, which leads to a greater risk of leakage and results in a larger attack surface. Furthermore, privileged accounts are closely related but widely distributed across the DevOps project, meaning that a leak of any privileged account could result in the entire project being paralyzed. Therefore, privileged account management systems that span the entire development and operation process are needed to address the issue of hard-coded accounts. This paper proposes a privileged account management solution to prevent hard-coded privileged accounts and uniformly manage privileged accounts in DevOps projects. The solution is designed for DevOps scenarios based on Zero Trust thinking, which includes two working stages: development and operation & maintenance. In the development stage, developers apply for encryption keys from the management center and use them to encrypt privileged accounts in the source code. In the operation & maintenance stage, users set their own passwords, which are stored locally, and the management center periodically updates the encryption keys. Finally, this paper discusses the defensive capabilities of the proposed solution against several security risks.
AB - Privileged accounts are used in both software and hardware during the DevOps process. However, hard-coded privileged accounts in development may not be deleted before submitted to customers, which leads to a greater risk of leakage and results in a larger attack surface. Furthermore, privileged accounts are closely related but widely distributed across the DevOps project, meaning that a leak of any privileged account could result in the entire project being paralyzed. Therefore, privileged account management systems that span the entire development and operation process are needed to address the issue of hard-coded accounts. This paper proposes a privileged account management solution to prevent hard-coded privileged accounts and uniformly manage privileged accounts in DevOps projects. The solution is designed for DevOps scenarios based on Zero Trust thinking, which includes two working stages: development and operation & maintenance. In the development stage, developers apply for encryption keys from the management center and use them to encrypt privileged accounts in the source code. In the operation & maintenance stage, users set their own passwords, which are stored locally, and the management center periodically updates the encryption keys. Finally, this paper discusses the defensive capabilities of the proposed solution against several security risks.
KW - Development and Operations
KW - Keywords—privileged account management
KW - Zero Trust
KW - data security
KW - hard-coded risk
UR - https://www.scopus.com/pages/publications/85183330428
U2 - 10.1109/SmartCloud58862.2023.00041
DO - 10.1109/SmartCloud58862.2023.00041
M3 - 会议稿件
AN - SCOPUS:85183330428
T3 - Proceedings - 2023 IEEE 8th International Conference on Smart Cloud, SmartCloud 2023
SP - 194
EP - 199
BT - Proceedings - 2023 IEEE 8th International Conference on Smart Cloud, SmartCloud 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 8th IEEE International Conference on Smart Cloud, SmartCloud 2023
Y2 - 16 September 2023 through 18 September 2023
ER -