Integrating Continuous Security Assessments in Microservices and Cloud Native Applications

Torkura, Kennedy A.; Sukmana, Muhammad I.H.; Meinel, Christoph

doi:10.1145/3147213.3147229

Cited by 37 publications

(15 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They observe that, though these are the best suited from the existing solutions, none of these solutions can provide the required level of security for microservices architectures, thus calling for more researchers to devise stringent policies to conform to the desired security level. - Security among microservices : There are few approaches that consider mechanisms on how microservices can trust each other. Torkura et al proposed a security gateway, coupled with a dynamic document store, which maintains OpenAPI documentation of each microservice and a security health endpoint, which can be subjected to frequent heartbeat checks. These help embed continuous security assessments in the microservices‐based systems.…”

Section: Taxonomy Based On Different Aspects Of Msasmentioning

confidence: 99%

Straddling the crevasse: A review of microservice software architecture foundations and recent advancements

Joseph

Chandrasekaran

2019

Softw Pract Exp

View full text Add to dashboard Cite

Microservice architecture style has been gaining wide impetus in the software engineering industry. Researchers and practitioners have adopted the microservices concepts into several application domains such as the internet of things, cloud computing, service computing, and healthcare. Applications developed in alignment with the microservices principles require an underlying platform with management capabilities to coordinate the different microservice units and ensure that the application functionalities are delivered to the user. A multitude of approaches has been proposed for the various tasks in microservices-based systems. However, since the field is relatively young, there is a need to organize the different research works. In this study, we present a comprehensive review of the research approaches directed toward microservice architectures and propose a multilevel taxonomy to categorize the existing research. The study also discusses the different distributed computing paradigms employing microservices and identifies the open research challenges in the domain.

show abstract

Section: Taxonomy Based On Different Aspects Of Msasmentioning

confidence: 99%

Straddling the crevasse: A review of microservice software architecture foundations and recent advancements

Joseph

Chandrasekaran

2019

Softw Pract Exp

View full text Add to dashboard Cite

show abstract

“…However, excepting for the advantages brought to container-based cloud environment, some security issues introduced by these new technologies are also being widely concerned. The main security issues include the weak isolation problem among containers [19] which also exists in VM-based cloud environment [20], greater attack surface caused by microservice [21], [22], and the security drift problem caused by its high dynamic [23].…”

Section: Container-based Cloud Environmentmentioning

confidence: 99%

“…6 shows the effectiveness of MTD strategies after these update events happened on Apache (No.1-4), Tomcat (No. [5][6][7][8], ImageMagick (No.9-12) and Memcached (No. [13][14][15][16].…”

Section: Usability Evaluationmentioning

confidence: 99%

“…Given the ever-expanding usage of container technology and microservice architecture, one of the biggest concern is whether the changes brought by them would affect the security of cloud environment. Different from the rigid VM-based cloud environment [5], microservice architecture makes service scaling and updating more flexible. And the update frequency of each service can be as high as hundreds of times a day [6].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

DSEOM: A Framework for Dynamic Security Evaluation and Optimization of MTD in Container-based Cloud

Jin

Zou

et al. 2019

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Due to the lightweight features, the combination of container technology and microservice architecture makes container-based cloud environment more efficient and agile than VM-based cloud environment. However, it also greatly amplifies the dynamism and complexity of the cloud environment and increases the uncertainty of security issues in the system concurrently. In this case, the effectiveness of defense mechanisms with fixed strategies would fluctuate as the updates occur in cloud environment. We refer this problem as effectiveness drift problem of defense mechanisms, which is particularly acute in the proactive defense mechanisms, such as moving target defense (MTD). To tackle this problem, we present DSEOM, a framework that can automatically perceive updates of container-based cloud environment, rapidly evaluate the effectiveness change of MTD and dynamically optimize MTD strategies. Specifically, we establish a multi-dimensional attack graphs model to formalize various complex attack scenarios. Combining with this model, we introduce the concept of betweenness centrality to effectively evaluate and optimize the implementation strategies of MTD. In addition, we present a series of security and performance metrics to quantify the effectiveness of MTD strategies in DSEOM. And we conduct extensive experiments to illustrate the existence of the effectiveness drift problem and demonstrate the usability and scalability of DSEOM.

show abstract

“…The traditional Monolithic approach of software architecture requires the entire application stack to be bundled together for each deployment. This concept creates many drawbacks for the application, especially the inflexible scalability, the high cost of resources and refactoring effort, difficulties of the DevOps between distributed teams [1]. Microservice Architecture (MSA) is supposed to address these problems by decomposing the application into separated services; each service takes responsibility for a single business capability and is deployed and executed independently.…”

Section: Introductionmentioning

confidence: 99%

Applying Spring Security Framework and OAuth2 To Protect Microservice Architecture API

Nguyen¹,

Baker²

2019

JSW

View full text Add to dashboard Cite

Since 2014, Microservice Architecture (MSA) has been widely applied and deployed by big companies such as Google, Netflix and Twitter. This is a way of architecting software systems in which the services of a single application are decomposed then deployed and executed separately. This research examines the possibility of applying Spring Security Framework and OAuth2 to secure microservice APIs which are built on top of Spring Framework. By developing a Proof of Concept (POC) of an Inventory Management System using MSA on top of Spring Framework, Spring Security Framework and OAuth2. we have conducted security tests over the POC using unit testing and manual testing techniques to examine if there are any vulnerabilities and we were able to show and confirm the effectiveness of the Spring Security Framework and OAuth2 in securing Spring-based APIs.

show abstract

Integrating Continuous Security Assessments in Microservices and Cloud Native Applications

Cited by 37 publications

References 12 publications

Straddling the crevasse: A review of microservice software architecture foundations and recent advancements

Straddling the crevasse: A review of microservice software architecture foundations and recent advancements

DSEOM: A Framework for Dynamic Security Evaluation and Optimization of MTD in Container-based Cloud

Applying Spring Security Framework and OAuth2 To Protect Microservice Architecture API

Contact Info

Product

Resources

About