Avoiding Excessive Data Exposure Through Microservice APIs

Genfer, Patric; Zdun, Uwe

doi:10.1007/978-3-031-16697-6_1

Cited by 3 publications

(1 citation statement)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The paths enable many other analysis options regarding the potential propagation of security flaws in a system. For example, in our prior works, we have developed a method for avoiding excessive data exposure in microservice APIs [20]. Our paths would enable checking for this flaw in the whole microservice backend.…”

Section: Discussion Of Research Questionsmentioning

confidence: 99%

Detection Strategies for Microservice Security Tactics

Zdun

Queval

Simhandl

et al. 2024

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

Microservice architectures are widely used today to implement distributed systems. Securing microservice architectures is challenging because of their polyglot nature, continuous evolution, and various security concerns relevant to such architectures. This article proposes a novel, model-based approach providing detection strategies to address the automated detection of security tactics (or patterns and best practices) in a given microservice architecture decomposition model. Our novel detection strategies are metrics-based rules that decide conformance to a security recommendation based on a statistical predictor. The proposed approach models this recommendation using Architectural Design Decisions (ADDs). We apply our approach for four different security-related ADDs on access management, traffic control, and avoiding plaintext sensitive data in the context of microservice systems. We then apply our approach to a model data set of 10 open-source microservice systems and 20 variants of those systems. Our results are detection strategies showing a very low bias, a very high correlation, and a low prediction error in our model data set.

show abstract

Section: Discussion Of Research Questionsmentioning

confidence: 99%

Detection Strategies for Microservice Security Tactics

Zdun

Queval

Simhandl

et al. 2024

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

show abstract

Towards a security‐optimized approach for the microservice‐oriented decomposition

Liu,

Chen,

Qian

et al. 2024

J Software Evolu Process

View full text Add to dashboard Cite

Microservice architecture (MSA) is a mainstream architectural style due to its high maintainability and scalability. In practice, an appropriate microservice‐oriented decomposition is the foundation to make a system enjoy the benefits of MSA. In terms of decomposing monolithic systems into microservices, researchers have been exploring many optimization objectives, of which modularity is a predominantly focused quality attribute. Security is also a critical quality attribute, that measures the extent to which a system protects data from malicious access or use by attackers. Considering security in microservices‐oriented decomposition can help avoid the risk of leaking critical data and other unexpected software security issues. However, few researchers consider the security objective during microservice‐oriented decomposition, because the measurement of security and the trade‐off with other objectives are challenging in reality. To bridge this research gap, we propose a security‐optimized approach for microservice‐oriented decomposition (So4MoD). In this approach, we adapt five metrics from previous studies for the measurement of the data security of candidate microservices. A multi‐objective optimization algorithm based on NSGA‐II is designed to search for microservices with optimized security and modularity. To validate the effectiveness of the proposed So4MoD, we perform several experiments on eight open‐source projects and compare the decomposition results to other three state‐of‐the‐art approaches, that is, FoSCI, CO‐GCN, and MSExtractor. The experiment results show that our approach can achieve at least an 11.5% improvement in terms of security metrics. Moreover, the decomposition results of So4MoD outperform other approaches in four modularity metrics, demonstrating that So4MoD can optimize data security while pursuing a well‐modularized MSA.

show abstract

MicroProf : Code-level Attribution of Unnecessary Data Transfer in Microservice Applications

Tariq,

Menard,

et al. 2023

ACM Trans. Archit. Code Optim.

View full text Add to dashboard Cite

The microservice architecture style has gained popularity due to its ability to fault isolation, ease of scaling applications, and developer’s agility. However, writing applications in the microservice design style has its challenges. Due to the loosely coupled nature, services communicate with others through standard communication APIs. This incurs significant overhead in the application due to communication protocol and data transformation. An inefficient service communication at the microservice application logic can further overwhelm the application. We perform a grey literature review showing that unnecessary data transfer is a real challenge in the industry. To the best of our knowledge, no effective tool is currently available to accurately identify the origins of unnecessary microservice communications that lead to significant performance overhead and provide guidance for optimization. To bridge the knowledge gap, we propose MicroProf , a dynamic program analysis tool to detect unnecessary data transfer in Java-based microservice applications. At the implementation level, MicroProf proposes novel techniques such as remote object sampling and hardware debug registers to monitor remote object usage. MicroProf reports the unnecessary data transfer at the application source code level. Furthermore, MicroProf pinpoints the opportunities for communication API optimization. MicroProf is evaluated on four well-known applications involving two real-world applications and two benchmarks, identifying five inefficient remote invocations. Guided by MicroProf , API optimization achieves an 87.5% reduction in the number of fields within REST API responses. The empirical evaluation further reveals that the optimized services experience a speedup of up to 4.59 ×.

show abstract

Avoiding Excessive Data Exposure Through Microservice APIs

Cited by 3 publications

References 26 publications

Detection Strategies for Microservice Security Tactics

Detection Strategies for Microservice Security Tactics

Towards a security‐optimized approach for the microservice‐oriented decomposition

MicroProf : Code-level Attribution of Unnecessary Data Transfer in Microservice Applications

Contact Info

Product

Resources

About