Detection Strategies for Microservice Security Tactics

Detection Strategies for Microservice Security Tactics

Abstract

Microservice architectures are widely used today to implement distributed systems. Securing microservice architectures is challenging because of their polyglot nature, continuous evolution, and various security concerns relevant to such architectures. This article proposes a novel, model-based approach providing detection strategies to address the automated detection of security tactics (or patterns and best practices) in a given microservice architecture decomposition model. Our novel detection strategies are metrics-based rules that decide conformance to a security recommendation based on a statistical predictor. The proposed approach models this recommendation using Architectural Design Decisions (ADDs). We apply our approach for four different security-related ADDs on access management, traffic control, and avoiding plaintext sensitive data in the context of microservice systems. We then apply our approach to a model data set of 10 open-source microservice systems and 20 variants of those systems. Our results are detection strategies showing a very low bias, a very high correlation, and a low prediction error in our model data set.

Grafik Top
Authors
  • Zdun, Uwe
  • Quéval, Pierre-Jean
  • Simhandl, Georg
  • Scandariato, Riccardo
  • Chakravarty, Somik
  • Jelic, Marjan
  • Jovanovic, Aleksandar
Grafik Top
Shortfacts
Category
Journal Paper
Divisions
Software Architecture
Subjects
Software Engineering
Journal or Publication Title
IEEE Transactions on Dependable and Secure Computing
ISSN
1545-5971
Publisher
IEEE
Date
2023
Export
Grafik Top