Security Mechanisms Used in Microservices-Based Systems: A Systematic Mapping

Pereira-Vale, Anelis; Márquez, Gastón; Astudillo, Hernán; Fernández, Eduardo B.

doi:10.1109/clei47609.2019.235060

Cited by 37 publications

(40 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The study result indicates that practitioners use patterns (e.g., Access token), cloud solutions (e.g., Role-Based Access Control), and development practices (e.g., DevSecOps) as solutions to address security challenges (see Section 4.2.5). We also found that some review studies (e.g., [8,18,110,111]) collected a comprehensive set of standards, strategies, and mechanisms from grey and peer review literature that can be used as solutions to secure microservices systems.…”

Section: Major Msa Design Challenges and Their Solutionsmentioning

confidence: 96%

“…Microservices provide public interfaces, use networkexposed APIs, and develop applications using polyglot technologies, thus open the doors to intruders, and consequently the security of messages, queues, and API endpoints requires advanced strategies to protect at the infrastructure and code level. According to the literature review conducted by Pereira-Vale et al, [18], authentication, authorization, and credentials are the most widely used security strategies by microservices developers. (2) Regarding availability, one of the main benefits of MSA (and also one of the reasons that the industry adopts MSA) is that it provides a fault-tolerant architectural style [30].…”

Section: Quality Attributesmentioning

confidence: 99%

“…One notable research area is how to migrate a monolithic system to MSA (e.g., [2,15,16,17]). Others propose solutions for securing microservices systems (e.g., [1,18]). Researchers have recently shown an increasing interest in understanding how microservices systems are developed and migrated in the industry (e.g., [19,20,21]).…”

Section: Introductionmentioning

confidence: 99%

“…(3 responses), Azure portal15 (3 responses), Stackdriver16 (2 responses), Dynatrace 17 (2 responses), Jaeger18 (1 response), DaoCloud microservice platform19 (1 response), Heapster20 (1 response), Sensu21 (1 response), Red Hat Jboss fuse22 (1 response), KintoHub23 (1 response), and self-developed RPC tracking tool (1 response).…”

mentioning

confidence: 99%

See 3 more Smart Citations

Design, Monitoring, and Testing of Microservices Systems: The Practitioners' Perspective

Waseem,

Liang,

Shahin

et al. 2021

Preprint

View full text Add to dashboard Cite

Context: Microservices Architecture (MSA) has received significant attention in the software industry. However, little empirical evidence exists on design, monitoring, and testing of microservices systems.Objective: This research aims to gain a deep understanding of how microservices systems are designed, monitored, and tested in the industry. Method:A mixed-methods study was conducted with 106 survey responses and 6 interviews from microservices practitioners. Results:The main findings are: (1) a combination of domain-driven design and business capability is the most used strategy to decompose an application into microservices, (2) over half of the participants used architecture evaluation and architecture implementation when designing microservices systems, (3) API gateway and Backend for frontend patterns are the most used MSA patterns, (4) resource usage and load balancing as monitoring metrics, log management and exception tracking as monitoring practices are widely used, (5) unit and endto-end testing are the most used testing strategies, and (6) the complexity of microservices systems poses challenges for their design, monitoring, and testing, for which there are no dedicated solutions. Conclusions:Our findings reveal that more research is needed to (1) deal with microservices complexity at the design level, (2) handle security in microservices systems, and (3) address the monitoring and testing challenges through dedicated solutions.

show abstract

Section: Major Msa Design Challenges and Their Solutionsmentioning

confidence: 96%

Section: Quality Attributesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

Design, Monitoring, and Testing of Microservices Systems: The Practitioners' Perspective

Waseem,

Liang,

Shahin

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Surprisingly, few works are found focusing on security aspects in MSA. All found studies, except the work of Vale et al [9], are either platform or technology dependent investigations.…”

Section: Related Workmentioning

confidence: 99%

Securing Microservices and Microservice Architectures: A Systematic Mapping Study

Hannousse,

Yahiouche

2020

Preprint

View full text Add to dashboard Cite

Microservice architectures are becoming trending alternatives to existing software development paradigms notably for developing complex and distributed applications. Microservices emerged as an architectural design pattern aiming to address the scalability and ease the maintenance of online services. However, security breaches also increased threatening the availability, integrity and confidentiality of microservice-based systems. A growing body of literature is found addressing security threats and security mechanisms to individual microservices and microservice architectures. In this paper, we conduct a systematic mapping study in order to categorize threats on microservice architectures and security proposals along with their applicability levels, platforms and validation techniques. The aim of this study is to provide a helpful guide to developers about already recognized threats on microservices and how they can be detected, mitigated or prevented; we also aim to identify potential research gaps on securing microservice architectures. The systematic search yielded 1067 studies of which 47 are selected as primary studies. The results of the mapping revealed an unbalanced research focus on external attacks, authentication and authorization techniques compared with internal attacks and mitigation techniques. Additionally, we found that microservice layer is the most addressed layer in the architecture. We also found that performance analysis and case studies are the most used validation technique of security proposals. Keywords microservices • microservice architectures • security • systematic mappingRecently, microservice architectures (MSA) [1] has emerged as a new architectural style that allows building software systems by composing lightweight services that perform very cohesive business functions. Microservices are the mainstay of MSA. A mircoservice is a fine-grained software unit that can be created, initialized, duplicated, and destroyed independently from other microservices of the same system. Moreover, micorservices can be deployed across heterogeneous execution platforms over the network. Using microservices enables high scalability and flexibility of large scale and distributed software systems.Although the advantages brought by adopting microservice architectures in developing complex systems, MSA as a novel technology comes with many flaws [2] and security is one of the serious challenges that need to be tackled [1].

show abstract

Microservices architectural based secure and failure aware task assignment schemes in fog‐cloud assisted Internet of things

Lakhan

Grønli

2022

Int J of Intelligent Sys

View full text Add to dashboard Cite

The Internet of Things (IoT) paradigm has applications in many domains and is growing these days progressively. The applications are e-business, e-healthcare, and e-transportation. Recently, the container microservices-based Mobile Cloud Computing (MCC) has gained popularity, a lightweight framework compared to the monolithic virtual machine-based system. MCC combines fog nodes or cloud nodes with a base station to run the applications. However, storing the sensitive data of IoT applications on the untrusted nodes and failure of services are critical challenges in the existing architecture. This study proposes a novel microservices-based by combining fog and cloud services with efficient schemes. The first scheme is the Latency Aware Task Assignment Algorithm, which determines the optimal assignment of tasks to minimize the makespan of all applications. The second scheme is Fully Homomorphism Encryption, which ensures data security before an offload to any external assistance for execution. The final one is the Failure Aware, which handles any transient failure during application execution in the architecture. The experimental results show that the recommended architecture improved resource utilization, and the proposed schemes satisfied the

show abstract

Security Mechanisms Used in Microservices-Based Systems: A Systematic Mapping

Cited by 37 publications

References 33 publications

Design, Monitoring, and Testing of Microservices Systems: The Practitioners' Perspective

Design, Monitoring, and Testing of Microservices Systems: The Practitioners' Perspective

Securing Microservices and Microservice Architectures: A Systematic Mapping Study

Microservices architectural based secure and failure aware task assignment schemes in fog‐cloud assisted Internet of things

Contact Info

Product

Resources

About