Options
Detection strategies for microservice security tactics
Publikationstyp
Journal Article
Publikationsdatum
2024-05-01
Sprache
English
Enthalten in
IEEE Transactions on Dependable and Secure Computing
Volume
21
Issue
3
Start Page
1257
End Page
1273
Citation
IEEE Transactions on Dependable and Secure Computing 21 (3): 1257-1273 (2024-05-01)
Publisher DOI
Scopus ID
Microservice architectures are widely used today to implement distributed systems. Securing microservice architectures is challenging because of their polyglot nature, continuous evolution, and various security concerns relevant to such architectures. This article proposes a novel, model-based approach providing detection strategies to address the automated detection of security tactics (or patterns and best practices) in a given microservice architecture decomposition model. Our novel detection strategies are metrics-based rules that decide conformance to a security recommendation based on a statistical predictor. The proposed approach models this recommendation using Architectural Design Decisions (ADDs). We apply our approach for four different security-related ADDs on access management, traffic control, and avoiding plaintext sensitive data in the context of microservice systems. We then apply our approach to a model data set of 10 open-source microservice systems and 20 variants of those systems. Our results are detection strategies showing a very low bias, a very high correlation, and a low prediction error in our model data set.
Schlagworte
Authorization
Codes
Computer architecture
Conformance Checking
Data models
Detection Strategies
Measurement
Metrics
Microservice architectures
Microservice Architecture Security
Microservices
Security
DDC Class
600: Technology