Digital Twins-based Assurance-driven AI-empowered SecDevOps
Published:
By Phu Nguyen and Adela Nedisan Videsjorden (SINTEF).
Digital systems today are increasingly complex and critical. They combine interconnected components across hardware and software, often in fast-changing ecosystems with third-party dependencies. At the same time, rapidly evolving cyber threats and accelerated delivery cycles make security assurance much harder to maintain continuously.
This post introduces the SECASSURED vision: Digital Twins-based Assurance-driven AI-empowered SecDevOps for continuously securing digital infrastructures.
Main ideas
Assurance-driven security as the foundation
Security assurance is positioned as the central driver for developing and operating trustworthy, certifiable systems across the software supply chain.
Federated security twins across development and operations
The approach combines two complementary twins:
SecDevTwin: a development-oriented security twin that models architecture, software components, dependencies, infrastructure, and assurance artefacts. It helps evaluate security properties before deployment and supports shift-left assurance.SecOpsTwin: an operational security twin that represents runtime state using telemetry, events, alerts, and monitoring data. It enables continuous runtime assurance, including anomaly detection, forecasting, simulation, and automated response.
Bidirectional feedback between Dev and Ops
The twins exchange evidence continuously:
- Development-to-Operations flow: architectural context, assurance cases, compliance evidence, and development-time assessments support better runtime monitoring and response.
- Operations-to-Development flow: runtime anomalies, incidents, threat intelligence, and infrastructure changes feed back to improve future development, simulation, and assurance activities.
A unified, knowledge-driven security lifecycle
Together, the twins form a closed-loop, knowledge-driven lifecycle where assurance activities can be continuously refined with both simulated and real operational evidence.
Source
Original article: Digital Twins-based Assurance-driven AI-empowered SecDevOps