Detection Strategies for Microservice Security Tactics

被引：1

作者：

Zdun, Uwe ^{[1
]}

Queval, Pierre-Jean ^{[1
]}

Simhandl, Georg ^{[1
]}

Scandariato, Riccardo ^{[2
]}

Chakravarty, Somik ^{[3
]}

Jelic, Marjan ^{[3
]}

Jovanovic, Aleksandar ^{[3
]}

机构：

[1] Univ Vienna, Fac Comp Sci, Res Grp Software Architecture, A-1010 Vienna, Austria

[2] Hamburg Univ Technol TUHH, D-21073 Hamburg, Germany

[3] European Risk & Resilience Inst EU VRi, D-70599 Stuttgart, Germany

来源：

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING | 2024年 / 21卷 / 03期

基金：

欧盟地平线“2020”;

关键词：

Security; Microservice architectures; Measurement; Authorization; Data models; Computer architecture; Codes; Conformance checking; detection strategies; metrics; microservice architecture security; microservices;

D O I：

10.1109/TDSC.2023.3276487

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Microservice architectures are widely used today to implement distributed systems. Securing microservice architectures is challenging because of their polyglot nature, continuous evolution, and various security concerns relevant to such architectures. This article proposes a novel, model-based approach providing detection strategies to address the automated detection of security tactics (or patterns and best practices) in a given microservice architecture decomposition model. Our novel detection strategies are metrics-based rules that decide conformance to a security recommendation based on a statistical predictor. The proposed approach models this recommendation using Architectural Design Decisions (ADDs). We apply our approach for four different security-related ADDs on access management, traffic control, and avoiding plaintext sensitive data in the context of microservice systems. We then apply our approach to a model data set of 10 open-source microservice systems and 20 variants of those systems. Our results are detection strategies showing a very low bias, a very high correlation, and a low prediction error in our model data set.

引用

页码：1257 / 1273

页数：17

共 45 条

[1] An experimental comparison of cross-validation techniques for estimating the area under the ROC curve
Airola, Antti
Pahikkala, Tapio
Waegeman, Willem
De Baets, Bernard
Salakoski, Tapio
[J]. COMPUTATIONAL STATISTICS & DATA ANALYSIS, 2011, 55 (04) : 1828 - 1844
[2] Challenges and Approaches for the Assessment of Micro-Service Architecture Deployment Alternatives in DevOps
Avritzer, Alberto
[J]. 2020 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ARCHITECTURE COMPANION (ICSA-C 2020), 2020, : 1 - 2
[3] Evaluation Measures for Ordinal Regression
Baccianella, Stefano
Esuli, Andrea
Sebastiani, Fabrizio
[J]. 2009 9TH INTERNATIONAL CONFERENCE ON INTELLIGENT SYSTEMS DESIGN AND APPLICATIONS, 2009, : 283 - 287
[4] Towards a Practical Maintainability Quality Model for Service- and Microservice-based Systems
Bogner, Justus
Wagner, Stefan
Zimmermann, Alfred
[J]. 11TH EUROPEAN CONFERENCE ON SOFTWARE ARCHITECTURE (ECSA 2017) - COMPANION VOLUME, 2017, : 195 - 198
[5] Chen D., 2021, PROC 2 WORKSHOP EVAL, P189
[6] Automated Security Analysis for Microservice Architecture
Chondamrongkul, Nacha
Sun, Jing
Warren, Ian
[J]. 2020 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ARCHITECTURE COMPANION (ICSA-C 2020), 2020, : 79 - 82
[7] Cloud Security Alliance, 2020, Best practices in implementing a secure microservices architecture
[8] Deissenboeck F., 2010, 2010 32nd International Conference on Software Engineering (ICSE), P247, DOI 10.1145/1810295.1810343
[9] Evaluation of Microservice Architectures: A Metric and Tool-Based Approach
Engel, Thomas
Langermeier, Melanie
Bauer, Bernhard
Hofmann, Alexander
[J]. INFORMATION SYSTEMS IN THE BIG DATA ERA, 2018, 317 : 74 - 89
[10] Flora Jose, 2020, 2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), P131, DOI 10.1109/ISSREW51248.2020.00051

← 1 2 3 4 5 →