Authentication and Authorization in Microservice-Based Systems: Survey of Architecture Patterns

Barabanov, Alexander; Makrushin, Denis

doi:10.21681/2311-3456-2020-04-32-43

Cited by 10 publications

(3 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Access control in microservices refers to the mechanisms used to regulate and manage the access and permissions at edge level, service level and context of identity of different services and users of the system’s resources [ 14 ]. In the model of an access control of distributed architecture of microservices, proposed by the authors in [ 15 ], the private API gateway is only available to the internal microservice, the so-called front-end of microservices.…”

Section: Related Work On Access Control In Microservicesmentioning

confidence: 99%

Enhancing Microservices Security with Token-Based Access Control Method

Venčkauskas

Kukta

Grigaliūnas

et al. 2023

Sensors

View full text Add to dashboard Cite

Microservices are compact, independent services that work together with other microservices to support a single application function. Organizations may quickly deliver high-quality applications using the effective design pattern of the application function. Microservices allow for the alteration of one service in an application without affecting the other services. Containers and serverless functions, two cloud-native technologies, are frequently used to create microservices applications. A distributed, multi-component program has a number of advantages, but it also introduces new security risks that are not present in more conventional monolithic applications. The objective is to propose a method for access control that ensures the enhanced security of microservices. The proposed method was experimentally tested and validated in comparison to the centralized and decentralized architectures of the microservices. The obtained results showed that the proposed method enhanced the security of decentralized microservices by distributing the access control responsibility across multiple microservices within the external authentication and internal authorization processes. This allows for easy management of permissions between microservices and can help prevent unauthorized access to sensitive data and resources, as well as reduce the risk of attacks on microservices.

show abstract

Section: Related Work On Access Control In Microservicesmentioning

confidence: 99%

Enhancing Microservices Security with Token-Based Access Control Method

Venčkauskas

Kukta

Grigaliūnas

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…NIST published standards 29,30 on microservice-based system security. NIST analyzed the multiple implementation options available for each individual core security feature (authentication and access management, service discovery, secure communication protocols, security monitoring, availability/resiliency improvement techniques, load balancing and throttling, integrity assurance techniques and handling of session persistence) and configuration options in architectural frameworks, and devel-oped security strategies that counter threats specific to microservice-based systems.…”

Section: Related Workmentioning

confidence: 99%

“…The challenges requires novel methods of monitoring and threat detection even based machine learning techniques [21,22] that take into account the specificity of microservice operations. 30 Аннотация Цель статьи. Использование сервис-ориентированной архитектуры и микросервисного подхода при проектировании программного обеспечения увеличивает поверхность атаки и вероятность успешной реализации угроз безопасности информации.…”

Section: Conclusion and Further Workunclassified

Authentication and Authorization in Microservice-Based Systems: Survey of Architecture Patterns

Barabanov¹,

Makrushin²

2020

Cybersecurity Issues

Self Cite

View full text Add to dashboard Cite

Objective. Service-oriented architecture and its microservice-based approach increase an attack surface of applications. Exposed microservices become a pivot point for advanced persistent threats and completely change the threat landscape. Correctly implemented authentication and authorization architecture patterns are basis of any software maturity program. The aim of this study is to provide a helpful resource to application security architect and developers on existing architecture patterns to implement authentication and authorization in microservices-based systems. Method. In this paper, we conduct a systematic review of major electronic databases and libraries as well as security standards and presentations at the major security conferences. Results and practical relevance. In this work based on research papers and major security conferences presentations analysis, we identified industry best practices in authentication and authorization patterns and its applicability depending on environment characteristic. For each described patterns we reviewed its advantages and disadvantages that could be used as decision-making criteria for application security architects during architecture design phase.

show abstract

Attribute Authorization - A Novel Enhancement to API Gateways

Sulebele,

Munnangi

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Authentication and Authorization in Microservice-Based Systems: Survey of Architecture Patterns

Cited by 10 publications

References 21 publications

Enhancing Microservices Security with Token-Based Access Control Method

Enhancing Microservices Security with Token-Based Access Control Method

Authentication and Authorization in Microservice-Based Systems: Survey of Architecture Patterns

Attribute Authorization - A Novel Enhancement to API Gateways

Contact Info

Product

Resources

About