Secure Software Development Life Cycle (SSDLC) for AI-Based Applications
DOI:
https://doi.org/10.63282/3050-9262.IJAIDSML-V5I1P110Keywords:
Threat Modeling, MLOps Security, Adversarial Attacks, Secure Deployment, Compliance, DevSecOps, SSDLC FrameworkAbstract
The high rate of incorporation of Artificial Intelligence (AI) in software systems transformed industries; however, they brought new and complicated issues about security. The data poisoning, adversarial inputs, model inversion, and biased decision-making vulnerabilities to AI are not completely covered in traditional Software Development Life Cycles (SDLCs). This article proposes an end-to-end Secure Software Development Life Cycle (SSDLC) with special consideration to AI-based platforms and software. It also discusses the need to incorporate security principles at every level of the process, starting with the requirements and preprocessing of secure data, through model development and deployment, and up to post-deployment monitoring. The paper also tests threat modeling approaches adapted to applying to AI pipelines, ripe attack paths and suggestions to defenses. Using industry frameworks such as NIST AI RMF and Google SAIF, along with examples of similar frameworks, the paper demonstrates best practices for integrating privacy, fairness, and accountability into the lifecycle of an AI system. A practical example of a case study of a global financial institution shows the practical value of the adoption of SSDLC of AI, such as decreased security alerts, enhanced developer productivity, and increased regulatory compliance. The paper finishes with a conclusion of the problems that are currently being addressed in relation to the security of AI workflows and a look at the future, including DevSecOps integration and automated threat identification as part of MLOps. The work aims to present a systematic, security-aware model for developing resilient and trustworthy AI applications
References
[1] Jason Ricol. “AI for Secure Software Development: Identifying and Fixing Vulnerabilities with Machine Learning.” December 2022.
[2] Tim Abdiukov. “Secure by design principles in Agile SDLC: Leveraging Formal Verification and AI Enhanced Code Review in CI/CD Environments.” World Journal of Advanced Engineering Technology and Sciences, 2023, 09(01): 494–503.
[3] Berghoff, C., Neu, M., & von Twickel, A. (2020). Vulnerabilities of connectionist AI applications: evaluation and defense. Frontiers in Big Data, 3, 23.
[4] Shilpi Singh & Saurabh Sambhav. “Application of Artificial Intelligence in Software Development Life Cycle: A Systematic Mapping Study.” In Lecture Notes in Networks and Systems – Micro Electronics and Telecommunication Engineering, Springer, 2023, pp. 655–665.
[5] Silverio Martínez Fernández, Justus Bogner, Xavier Franch, Marc Oriol, Julien Siebert, Adam Trendowicz, Anna Maria Vollmer, Stefan Wagner. Software Engineering for AI Based Systems: A Survey. arXiv:2105.01984; submitted May 5, 2021; considers 248 studies from 2010 March 2020.
[6] Jing, H., Wei, W., Zhou, C., & He, X. (2021, June). An artificial intelligence security framework. In Journal of Physics: Conference Series (Vol. 1948, No. 1, p. 012004). IOP Publishing.
[7] Mockus, A., & D. Weiss. (2000). Global and local drivers of software quality: A study of the Apache server. ACM SIGSOFT Software Engineering Notes, 25(5), 1–12.
[8] de Vicente Mohino, J., Bermejo Higuera, J., Bermejo Higuera, J. R., & Sicilia Montalvo, J. A. (2019). The application of a new secure software development life cycle (S-SDLC) with agile methodologies. Electronics, 8(11), 1218.
[9] Faris Mohamed Ahmed Hassan, Shampa Rani Das & Manzoor Hussain. “Importance of Secure Software Development for the Software Development at Different SDLC Phases.” August 2023.
[10] Fujdiak, R., Mlynek, P., Mrnustik, P., Barabas, M., Blazek, P., Borcik, F., & Misurec, J. (2019, June). Managing secure software development. In 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS) (pp. 1-4). IEEE.
[11] Karim, N. S. A., Albuolayan, A., Saba, T., & Rehman, A. (2016). The practice of secure software development in SDLC: an investigation through existing model and a case study. Security and Communication Networks, 9(18), 5333-5345.
[12] Mauri, L., & Damiani, E. (2022). Modeling threats to AI-ML systems using STRIDE. Sensors, 22(17), 6662.
[13] Barenkamp, M., Rebstadt, J., & Thomas, O. (2020). “Applications of AI in classical software engineering.” AI Perspectives, 2(1): 1–15.
[14] Arrey, D. A. (2019). Exploring the integration of security into software development life cycle (SDLC) methodology (Doctoral dissertation, Colorado Technical University).
[15] Khair, M. A. (2018). Security-centric software development: Integrating secure coding practices into the software development lifecycle. Technology & Management Review, 3(1), 12-26.
[16] Eian, I. C., Yong, L. K., Li, M. Y. X., & Hasmaddi, N. A. B. N. (2020). Integration of security modules in software development lifecycle phases. arXiv preprint arXiv:2012.05540.
[17] Shilpi Singh & Saurabh Sambhav. “Application of Artificial Intelligence in Software Development Life Cycle: A Systematic Mapping Study.” In Lecture Notes in Networks and Systems – Micro Electronics and Telecommunication Engineering, Springer, 2023, pp. 655–665.
[18] Ahmed, S. R. (2007). Secure software development: Identification of security activities and their integration in software development lifecycle.
[19] Guo Ming, Zhang Lin. "Review of version tracking and determination technologies for open source components of package-free management files." Computer Application Research, 2019, 36(11): 3218-3225.
[20] Raj, G., Singh, D., & Bansal, A. (2014, September). Analysis for security implementation in SDLC. In 2014, 5th International Conference-Confluence The Next Generation Information Technology Summit (Confluence) (pp. 221-226). IEEE.
[21] Peng Zhang, and Haiyan Liu. "Summary of open source components for package-free management files." Computer Engineering, 2014, 40(8): 136-140.
[22] Kao, T. C., Mao, C. H., Chang, C. Y., & Chang, K. C. (2012, June). Cloud SSDLC: Cloud security governance deployment framework in secure system development life cycle. In 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (pp. 1143-1148). IEEE.
[23] Thirunagalingam, A. (2022). Enhancing Data Governance Through Explainable AI: Bridging Transparency and Automation. Available at SSRN 5047713.
[24] Pappula, K. K., & Rusum, G. P. (2020). Custom CAD Plugin Architecture for Enforcing Industry-Specific Design Standards. International Journal of AI, BigData, Computational and Management Studies, 1(4), 19-28. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V1I4P103
[25] Rusum, G. P., Pappula, K. K., & Anasuri, S. (2020). Constraint Solving at Scale: Optimizing Performance in Complex Parametric Assemblies. International Journal of Emerging Trends in Computer Science and Information Technology, 1(2), 47-55. https://doi.org/10.63282/3050-9246.IJETCSIT-V1I2P106
[26] Rahul, N. (2020). Optimizing Claims Reserves and Payments with AI: Predictive Models for Financial Accuracy. International Journal of Emerging Trends in Computer Science and Information Technology, 1(3), 46-55. https://doi.org/10.63282/3050-9246.IJETCSIT-V1I3P106
[27] Enjam, G. R., & Tekale, K. M. (2020). Transitioning from Monolith to Microservices in Policy Administration. International Journal of Emerging Research in Engineering and Technology, 1(3), 45-52. https://doi.org/10.63282/3050-922X.IJERETV1I3P106
[28] Pappula, K. K., & Rusum, G. P. (2021). Designing Developer-Centric Internal APIs for Rapid Full-Stack Development. International Journal of AI, BigData, Computational and Management Studies, 2(4), 80-88. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V2I4P108
[29] Pedda Muntala, P. S. R., & Jangam, S. K. (2021). End-to-End Hyperautomation with Oracle ERP and Oracle Integration Cloud. International Journal of Emerging Research in Engineering and Technology, 2(4), 59-67. https://doi.org/10.63282/3050-922X.IJERET-V2I4P107
[30] Rahul, N. (2021). Strengthening Fraud Prevention with AI in P&C Insurance: Enhancing Cyber Resilience. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 2(1), 43-53. https://doi.org/10.63282/3050-9262.IJAIDSML-V2I1P106
[31] Enjam, G. R., & Chandragowda, S. C. (2021). RESTful API Design for Modular Insurance Platforms. International Journal of Emerging Research in Engineering and Technology, 2(3), 71-78. https://doi.org/10.63282/3050-922X.IJERET-V2I3P108
[32] Rusum, G. P., & Pappula, kiran K. . (2022). Event-Driven Architecture Patterns for Real-Time, Reactive Systems. International Journal of Emerging Research in Engineering and Technology, 3(3), 108-116. https://doi.org/10.63282/3050-922X.IJERET-V3I3P111
[33] Pappula, K. K. (2022). Containerized Zero-Downtime Deployments in Full-Stack Systems. International Journal of AI, BigData, Computational and Management Studies, 3(4), 60-69. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I4P107
[34] Jangam, S. K., & Karri, N. (2022). Potential of AI and ML to Enhance Error Detection, Prediction, and Automated Remediation in Batch Processing. International Journal of AI, BigData, Computational and Management Studies, 3(4), 70-81. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I4P108
[35] Pedda Muntala, P. S. R. (2022). Natural Language Querying in Oracle Fusion Analytics: A Step toward Conversational BI. International Journal of Emerging Trends in Computer Science and Information Technology, 3(3), 81-89. https://doi.org/10.63282/3050-9246.IJETCSIT-V3I3P109
[36] Rahul, N. (2022). Optimizing Rating Engines through AI and Machine Learning: Revolutionizing Pricing Precision. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(3), 93-101. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I3P110
[37] Enjam, G. R. (2022). Secure Data Masking Strategies for Cloud-Native Insurance Systems. International Journal of Emerging Trends in Computer Science and Information Technology, 3(2), 87-94. https://doi.org/10.63282/3050-9246.IJETCSIT-V3I2P109
[38] Rusum, G. P., & Anasuri, S. (2023). Synthetic Test Data Generation Using Generative Models. International Journal of Emerging Trends in Computer Science and Information Technology, 4(4), 96-108. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I4P111
[39] Pappula, K. K. (2023). Edge-Deployed Computer Vision for Real-Time Defect Detection. International Journal of AI, BigData, Computational and Management Studies, 4(3), 72-81. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V4I3P108
[40] Jangam, S. K. (2023). Data Architecture Models for Enterprise Applications and Their Implications for Data Integration and Analytics. International Journal of Emerging Trends in Computer Science and Information Technology, 4(3), 91-100. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I3P110
[41] Pedda Muntala, P. S. R., & Karri, N. (2023). Managing Machine Learning Lifecycle in Oracle Cloud Infrastructure for ERP-Related Use Cases. International Journal of Emerging Research in Engineering and Technology, 4(3), 87-97. https://doi.org/10.63282/3050-922X.IJERET-V4I3P110
[42] Rahul, N. (2023). Transforming Underwriting with AI: Evolving Risk Assessment and Policy Pricing in P&C Insurance. International Journal of AI, BigData, Computational and Management Studies, 4(3), 92-101. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V4I3P110
[43] Enjam, G. R., Tekale, K. M., & Chandragowda, S. C. (2023). Zero-Downtime CI/CD Production Deployments for Insurance SaaS Using Blue/Green Deployments. International Journal of Emerging Research in Engineering and Technology, 4(3), 98-106. https://doi.org/10.63282/3050-922X.IJERET-V4I3P111
[44] Pappula, K. K., & Anasuri, S. (2020). A Domain-Specific Language for Automating Feature-Based Part Creation in Parametric CAD. International Journal of Emerging Research in Engineering and Technology, 1(3), 35-44. https://doi.org/10.63282/3050-922X.IJERET-V1I3P105
[45] Rahul, N. (2020). Vehicle and Property Loss Assessment with AI: Automating Damage Estimations in Claims. International Journal of Emerging Research in Engineering and Technology, 1(4), 38-46. https://doi.org/10.63282/3050-922X.IJERET-V1I4P105
[46] Enjam, G. R. (2020). Ransomware Resilience and Recovery Planning for Insurance Infrastructure. International Journal of AI, BigData, Computational and Management Studies, 1(4), 29-37. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V1I4P104
[47] Pappula, K. K., Anasuri, S., & Rusum, G. P. (2021). Building Observability into Full-Stack Systems: Metrics That Matter. International Journal of Emerging Research in Engineering and Technology, 2(4), 48-58. https://doi.org/10.63282/3050-922X.IJERET-V2I4P106
[48] Pedda Muntala, P. S. R., & Karri, N. (2021). Leveraging Oracle Fusion ERP’s Embedded AI for Predictive Financial Forecasting. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 2(3), 74-82. https://doi.org/10.63282/3050-9262.IJAIDSML-V2I3P108
[49] Rahul, N. (2021). AI-Enhanced API Integrations: Advancing Guidewire Ecosystems with Real-Time Data. International Journal of Emerging Research in Engineering and Technology, 2(1), 57-66. https://doi.org/10.63282/3050-922X.IJERET-V2I1P107
[50] Enjam, G. R. (2021). Data Privacy & Encryption Practices in Cloud-Based Guidewire Deployments. International Journal of AI, BigData, Computational and Management Studies, 2(3), 64-73. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V2I3P108
[51] Rusum, G. P. (2022). WebAssembly across Platforms: Running Native Apps in the Browser, Cloud, and Edge. International Journal of Emerging Trends in Computer Science and Information Technology, 3(1), 107-115. https://doi.org/10.63282/3050-9246.IJETCSIT-V3I1P112
[52] Pappula, K. K. (2022). Architectural Evolution: Transitioning from Monoliths to Service-Oriented Systems. International Journal of Emerging Research in Engineering and Technology, 3(4), 53-62. https://doi.org/10.63282/3050-922X.IJERET-V3I4P107
[53] Jangam, S. K. (2022). Self-Healing Autonomous Software Code Development. International Journal of Emerging Trends in Computer Science and Information Technology, 3(4), 42-52. https://doi.org/10.63282/3050-9246.IJETCSIT-V3I4P105
[54] Pedda Muntala, P. S. R. (2022). Anomaly Detection in Expense Management using Oracle AI Services. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(1), 87-94. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I1P109
[55] Rahul, N. (2022). Automating Claims, Policy, and Billing with AI in Guidewire: Streamlining Insurance Operations. International Journal of Emerging Research in Engineering and Technology, 3(4), 75-83. https://doi.org/10.63282/3050-922X.IJERET-V3I4P109
[56] Enjam, G. R. (2022). Energy-Efficient Load Balancing in Distributed Insurance Systems Using AI-Optimized Switching Techniques. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(4), 68-76. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I4P108
[57] Rusum, G. P., & Anasuri, S. (2023). Composable Enterprise Architecture: A New Paradigm for Modular Software Design. International Journal of Emerging Research in Engineering and Technology, 4(1), 99-111. https://doi.org/10.63282/3050-922X.IJERET-V4I1P111
[58] Pappula, K. K. (2023). Reinforcement Learning for Intelligent Batching in Production Pipelines. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 4(4), 76-86. https://doi.org/10.63282/3050-9262.IJAIDSML-V4I4P109
[59] Jangam, S. K., & Pedda Muntala, P. S. R. (2023). Challenges and Solutions for Managing Errors in Distributed Batch Processing Systems and Data Pipelines. International Journal of Emerging Research in Engineering and Technology, 4(4), 65-79. https://doi.org/10.63282/3050-922X.IJERET-V4I4P107
[60] Pedda Muntala, P. S. R., & Karri, N. (2023). Leveraging Oracle Digital Assistant (ODA) to Automate ERP Transactions and Improve User Productivity. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 4(4), 97-104. https://doi.org/10.63282/3050-9262.IJAIDSML-V4I4P111
[61] Rahul, N. (2023). Personalizing Policies with AI: Improving Customer Experience and Risk Assessment. International Journal of Emerging Trends in Computer Science and Information Technology, 4(1), 85-94. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I1P110
[62] Enjam, G. R. (2023). Modernizing Legacy Insurance Systems with Microservices on Guidewire Cloud Platform. International Journal of Emerging Research in Engineering and Technology, 4(4), 90-100. https://doi.org/10.63282/3050-922X.IJERET-V4I4P109
[63] Pappula, K. K. (2021). Modern CI/CD in Full-Stack Environments: Lessons from Source Control Migrations. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 2(4), 51-59. https://doi.org/10.63282/3050-9262.IJAIDSML-V2I4P106
[64] Pedda Muntala, P. S. R. (2021). Integrating AI with Oracle Fusion ERP for Autonomous Financial Close. International Journal of AI, BigData, Computational and Management Studies, 2(2), 76-86. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V2I2P109
[65] Rusum, G. P. (2022). Security-as-Code: Embedding Policy-Driven Security in CI/CD Workflows. International Journal of AI, BigData, Computational and Management Studies, 3(2), 81-88. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I2P108
[66] Jangam, S. K., Karri, N., & Pedda Muntala, P. S. R. (2022). Advanced API Security Techniques and Service Management. International Journal of Emerging Research in Engineering and Technology, 3(4), 63-74. https://doi.org/10.63282/3050-922X.IJERET-V3I4P108
[67] Pedda Muntala, P. S. R., & Karri, N. (2022). Using Oracle Fusion Analytics Warehouse (FAW) and ML to Improve KPI Visibility and Business Outcomes. International Journal of AI, BigData, Computational and Management Studies, 3(1), 79-88. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I1P109
[68] Rusum, G. P. (2023). Large Language Models in IDEs: Context-Aware Coding, Refactoring, and Documentation. International Journal of Emerging Trends in Computer Science and Information Technology, 4(2), 101-110. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I2P110
[69] Jangam, S. K. (2023). Importance of Encrypting Data in Transit and at Rest Using TLS and Other Security Protocols and API Security Best Practices. International Journal of AI, BigData, Computational and Management Studies, 4(3), 82-91. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V4I3P109
[70] Pedda Muntala, P. S. R. (2023). AI-Powered Chatbots and Digital Assistants in Oracle Fusion Applications. International Journal of Emerging Trends in Computer Science and Information Technology, 4(3), 101-111. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I3P111
[71] Enjam, G. R. (2023). Optimizing PostgreSQL for High-Volume Insurance Transactions & Secure Backup and Restore Strategies for Databases. International Journal of Emerging Trends in Computer Science and Information Technology, 4(1), 104-111. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I1P112
