Options
Detection strategies for microservice security tactics
Citation Link: https://doi.org/10.15480/882.14855
Publikationstyp
Journal Article
Date Issued
2024-05-01
Sprache
English
TORE-DOI
Volume
21
Issue
3
Start Page
1257
End Page
1273
Citation
IEEE Transactions on Dependable and Secure Computing 21 (3): 1257-1273 (2024)
Publisher DOI
Scopus ID
Microservice architectures are widely used today to implement distributed systems. Securing microservice architectures is challenging because of their polyglot nature, continuous evolution, and various security concerns relevant to such architectures. This article proposes a novel, model-based approach providing detection strategies to address the automated detection of security tactics (or patterns and best practices) in a given microservice architecture decomposition model. Our novel detection strategies are metrics-based rules that decide conformance to a security recommendation based on a statistical predictor. The proposed approach models this recommendation using Architectural Design Decisions (ADDs). We apply our approach for four different security-related ADDs on access management, traffic control, and avoiding plaintext sensitive data in the context of microservice systems. We then apply our approach to a model data set of 10 open-source microservice systems and 20 variants of those systems. Our results are detection strategies showing a very low bias, a very high correlation, and a low prediction error in our model data set.
Subjects
Authorization
Codes
Computer architecture
Conformance Checking
Data models
Detection Strategies
Measurement
Metrics
Microservice architectures
Microservice Architecture Security
Microservices
Security
DDC Class
600: Technology
Publication version
publishedVersion
Loading...
Name
Detection_Strategies_for_Microservice_Security_Tactics.pdf
Type
Main Article
Size
4.3 MB
Format
Adobe PDF