Essay: Modern DevSecOps Security (#1347)

* Add Essay and Description * Implement Feedback * Add color coding to figure 1 for `offense` and `defense` (red and green, suggested CD colors of KTH) * Add legend for `offense` and `defense` to figure 1 * Fixed typo in image caption * No intention to omit secondary security requirements as they are important and their description is not long * Merge sections `Security in MSAs` and `Layers for MSA Security` * Change order of first mentioning of layers * Change position of caption of table 1 * No intention to change ordering of figure 2 and table 1 because table gives final results and is more detailed than figure * Add Date Add date of submission to titlepage
KTH · Apr 27, 2021 · c4f42a7 · c4f42a7
1 parent 12afcc8
commit c4f42a7
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 6 deletions.
diff --git a/...ibutions/essay/fseifert/Modern DevSecOps Security - Needed Security Services for MSAs.pdf b/...ibutions/essay/fseifert/Modern DevSecOps Security - Needed Security Services for MSAs.pdf
diff --git a/contributions/essay/fseifert/README.md b/contributions/essay/fseifert/README.md
@@ -1,14 +1,33 @@
-# Essay: Security of Microservices-based Applications (MSAs)
-## Security on MSA's Layers Communication, Application and Service Orchestration
+# Essay: Modern DevSecOps Security
+## Needed Security Services for Security of Microservices-based Applications (MSAs)
 
 ### Members
 Felix Seifert ([email protected])
 GitHub: [felix-seifert](https://github.com/felix-seifert)
 
-### Proposal
+### Description
 
-To focus more on the security of microservices-based applications (MSAs) and strengthen the presence of DevSecOps, I want to describe the need of securing three layers of MSAs and ideas on how to implement them: communication, application and service orchestration.
+The proposal can be found under the [PR #933](https://github.com/KTH/devops-course/tree/2021/contributions/essay/fseifert). 
 
-### Suitability of Topic
+I did not describe the implementation details for the required security services. However, a table clearly states which 
+security services are needed, which security requirement they address and which MSA layer they deal with.
 
-Martin mentioned the suitability of MSAs during the lecture. Furthermore, a [specific GitHub issue](https://github.com/KTH/devops-course/issues/11) mentions it. In addition to the suitability of project works about MSAs, the importance of security is already tremendously big and is an important part of DevSecOps.
+I am waiting for feedback from [amarhod](https://github.com/amarhod).
+
+With this essay, I aim for a distinction. I do not want to assess how good or bad I met the grading criteria. However, 
+I provide a list of how I think about the different aspects.
+
+* Format: The essay is in PDF format.
+* Title: I changed the initial title to show the relevance for DevOps/DevSecOps.
+* Well-structured: The structure of my essay is slightly similar to a research paper where I try to define everything before it is used.
+* Introduction: I show the relevancy of the topic of MSA security for our course topics. From the stated problems, I derive a research question which the essay then answers.
+* Conclusion: At the end of the essay, the research question is answered and it is shown how a DevSecOps engineer can benefit from the results.
+* Self-contained: The essay assumes that a computer science Master's student has the knowledge on what the eventual security services are and how they can be implemented.
+* Innovative: The essay does not show groundbreaking new ideas on how to implement MSA security. However, the essay clearly summarises which security services have to be implemented.
+* Figures: The two figures and the table are simple to understand and do not have any distracting elements. They complement the text and are not superfluous.
+* Sound: The essay is proofread and understandable by non-computer scientist.
+* References: The 15 references are mostly research papers which where also cited by other research papers. The non-research reference is a well known computer scientist. The number is more than the requested minimum but also shows a clear selection of references.
+* Elegant: The essay is built with LaTeX. It does not use a plain standard template and shows a clear association to KTH.
+* Relevant: The relevance is explained in the introduction.
+
+The essay can be found in the file [Modern DevSecOps Security - Needed Security Services for MSAs.pdf](Modern%20DevSecOps%20Security%20-%20Needed%20Security%20Services%20for%20MSAs.pdf).