Federated DevOps : A Privacy-Enhanced Model for CI/CD Pipelines in Multi-Tenant Cloud Environments

Authors

  • Shiva Kumar Chinnam  Clemson University, South Carolina, USA
  • Ravindra Karanam  Fairleigh Dickinson University, Teaneck, NJ2

DOI:

https://doi.org/10.32628/CSEIT23112547

Keywords:

DevOps, Federated Learning, Multi-Tenant Architecture, Zero Trust Security, Kubernetes, Cloud Privacy, CI/CD Pipelines, Compliance Management

Abstract

Multi-tenant cloud environments present significant challenges in maintaining data privacy and security while enabling efficient continuous integration and delivery (CI/CD) processes. Traditional DevOps models often expose sensitive information across tenant boundaries, creating compliance risks and potential data breaches. This paper introduces a novel federated DevOps model that integrates federated learning principles with GitOps workflows to create privacy-preserving CI/CD pipelines in multi-tenant Kubernetes environments. Our approach leverages Zero Trust architecture, homomorphic encryption, and differential privacy mechanisms to ensure tenant isolation while maintaining operational efficiency. The model addresses critical security concerns including data leakage prevention, privilege escalation mitigation, and secure artifact sharing across tenant boundaries. Through comprehensive evaluation using multi-account AWS EKS environments, we demonstrate significant improvements in compliance adherence to SOC2 and HiTrust standards while reducing security incidents by 73%. The federated DevOps model introduces a paradigm shift from centralized to distributed CI/CD operations, where each tenant maintains computational sovereignty while participating in collaborative development workflows. Our experimental results show that the privacy-enhanced model achieves comparable performance to traditional centralized approaches while providing stronger security guarantees and regulatory compliance.

References

  1. Zhang, L., Chen, M., & Anderson, K. (2019). "Secure Multi-Tenant Architecture Patterns for Cloud-Native Applications." IEEE Transactions on Cloud Computing, 7(3), 245-258. DOI: 10.1109/TCC.2019.2923847
  2. Williams, R. J., Thompson, S., & Kumar, A. (2018). "Zero Trust Network Architecture: Implementation Patterns and Security Analysis." ACM Computing Surveys, 51(4), 1-32. DOI: 10.1145/3234074
  3. Santhosh Kumar Pendyala, Satyanarayana Murthy Polisetty, Sushil Prabhu Prabhakaran. Advancing Healthcare Interoperability Through Cloud-Based Data Analytics: Implementing FHIR Solutions on AWS. International Journal of Research in Computer Applications and Information Technology (IJRCAIT), 5(1),2022, pp. 13-20. https://iaeme.com/Home/issue/IJRCAIT?Volume=5&Issue=1
  4. Mitchell, D., Rodriguez, P., & Lee, J. (2020). "Privacy-Preserving DevOps: Differential Privacy Applications in Continuous Integration Pipelines." Proceedings of the 2020 IEEE International Conference on Software Engineering, pp. 156-167. DOI: 10.1109/ICSE.2020.00025
  5. Johnson, A., Brown, M., & Davis, C. (2017). "Kubernetes Security: Multi-Tenant Isolation Strategies and Implementation Guidelines." Journal of Systems and Software, 134, 89-103. DOI: 10.1016/j.jss.2017.08.041
  6. Sushil Prabhu Prabhakaran, Satyanarayana Murthy Polisetty, Santhosh Kumar Pendyala. Building a Unified and Scalable Data Ecosystem: AI-DrivenSolution Architecture for Cloud Data Analytics. International Journal of Computer Engineering and Technology (IJCET), 13(3), 2022, pp. 137-153. https://iaeme.com/Home/issue/IJCET?Volume=13&Issue=3
  7. Garcia, F., White, T., & Singh, R. (2019). "Homomorphic Encryption in Cloud Computing: Applications and Performance Analysis." IEEE Transactions on Information Forensics and Security, 14(8), 2127-2142. DOI: 10.1109/TIFS.2019.2891063
  8. Peterson, K., Liu, X., & Green, S. (2020). "Compliance Automation in DevOps: A Systematic Literature Review." Information and Software Technology, 118, 106-121. DOI: 10.1016/j.infsof.2019.106121
  9. Taylor, M., Adams, R., & Wilson, J. (2018). "Federated Learning for Secure Distributed Computing in Enterprise Environments." Proceedings of the 2018 ACM Symposium on Cloud Computing, pp. 234-246. DOI: 10.1145/3267809.3267834

IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology

Downloads

Published

2023-11-16

Issue

Volume 9, Issue 6, November-December-2023

Section

Research Articles

License

Copyright (c) IJSRCSEIT

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Shiva Kumar Chinnam, Ravindra Karanam, " Federated DevOps : A Privacy-Enhanced Model for CI/CD Pipelines in Multi-Tenant Cloud Environments" International Journal of Scientific Research in Computer Science, Engineering and Information Technology(IJSRCSEIT), ISSN : 2456-3307, Volume 9, Issue 6, pp.465-474, November-December-2023. Available at doi : https://doi.org/10.32628/CSEIT23112547