eprintid: 17606 rev_number: 2 eprint_status: archive userid: 1 dir: disk0/00/01/76/06 datestamp: 2023-12-19 03:23:58 lastmod: 2023-12-19 03:23:58 status_changed: 2023-12-19 03:08:21 type: article metadata_visibility: show creators_name: Saboor, A. creators_name: Hassan, M.F. creators_name: Akbar, R. creators_name: Susanto, E. creators_name: Shah, S.N.M. creators_name: Siddiqui, M.A. creators_name: Magsi, S.A. title: Root-Of-Trust for Continuous Integration and Continuous Deployment Pipeline in Cloud Computing ispublished: pub keywords: Cloud computing; Denial-of-service attack; Distributed database systems; Hardware security; Integration; Network security; Personal computers; Pipelines; Trusted computing; Web services, Cloud services; Cloud-computing; Continuous integrations; Crypto-processor; Hardware security module; Microservice; Physical resources; Root of trust; Root of trusts; Trusted platform module, Authentication note: cited By 0 abstract: Cloud computing has gained significant use over the last decade due to its several benefits, including cost savings associated with setup, deployments, delivery, physical resource sharing across virtual machines, and availability of on-demand cloud services. However, in addition to usual threats in almost every computing environment, cloud computing has also introduced a set of new threats as consumers share physical resources due to the physical co-location paradigm. Furthermore, since there are a growing number of attacks directed at cloud environments (including dictionary attacks, replay code attacks, denial of service attacks, rootkit attacks, code injection attacks, etc.), customers require additional assurances before adopting cloud services. Moreover, the continuous integration and continuous deployment of the code fragments have made cloud services more prone to security breaches. In this study, the model based on the root of trust for continuous integration and continuous deployment is proposed, instead of only relying on a single sign-on authentication method that typically uses only id and password. The underlying study opted hardware security module by utilizing the Trusted Platform Module (TPM), which is commonly available as a cryptoprocessor on the motherboards of the personal computers and data center servers. The preliminary proof of concept demonstrated that the TPM features can be utilized through RESTful services to establish the root of trust for continuous integration and continuous deployment pipeline and can additionally be integrated as a secure microservice feature in the cloud computing environment. © 2022 Tech Science Press. All rights reserved. date: 2022 publisher: Tech Science Press official_url: https://www.scopus.com/inward/record.uri?eid=2-s2.0-85132971242&doi=10.32604%2fcmc.2022.028382&partnerID=40&md5=3ca88c71838abfb817c578d6d57479ad id_number: 10.32604/cmc.2022.028382 full_text_status: none publication: Computers, Materials and Continua volume: 73 number: 2 pagerange: 2223-2239 refereed: TRUE issn: 15462218 citation: Saboor, A. and Hassan, M.F. and Akbar, R. and Susanto, E. and Shah, S.N.M. and Siddiqui, M.A. and Magsi, S.A. (2022) Root-Of-Trust for Continuous Integration and Continuous Deployment Pipeline in Cloud Computing. Computers, Materials and Continua, 73 (2). pp. 2223-2239. ISSN 15462218