Zdun, UweUweZdunQueval, Pierre-JeanPierre-JeanQuevalSimhandl, GeorgGeorgSimhandlScandariato, RiccardoRiccardoScandariatoChakravarty, SomikSomikChakravartyJelić, MarjanMarjanJelićJovanovic, AleksandarAleksandarJovanovic2023-08-072023-08-072024-05-01IEEE Transactions on Dependable and Secure Computing 21 (3): 1257-1273 (2024-05-01)https://hdl.handle.net/11420/42552Microservice architectures are widely used today to implement distributed systems. Securing microservice architectures is challenging because of their polyglot nature, continuous evolution, and various security concerns relevant to such architectures. This article proposes a novel, model-based approach providing detection strategies to address the automated detection of security tactics (or patterns and best practices) in a given microservice architecture decomposition model. Our novel detection strategies are metrics-based rules that decide conformance to a security recommendation based on a statistical predictor. The proposed approach models this recommendation using Architectural Design Decisions (ADDs). We apply our approach for four different security-related ADDs on access management, traffic control, and avoiding plaintext sensitive data in the context of microservice systems. We then apply our approach to a model data set of 10 open-source microservice systems and 20 variants of those systems. Our results are detection strategies showing a very low bias, a very high correlation, and a low prediction error in our model data set.en1545-59712024312571273AuthorizationCodesComputer architectureConformance CheckingData modelsDetection StrategiesMeasurementMetricsMicroservice architecturesMicroservice Architecture SecurityMicroservicesSecurityTechnologyJournal Article10.1109/TDSC.2023.3276487Journal Article