Microservice Security Metrics for Secure Communication, Identity Management, and Observability

Zdun, Uwe; Queval, Pierre-Jean; Simhandl, Georg; Scandariato, Riccardo; Chakravarty, Somik; Jelić, Marjan; Jovanović, Aleksandar

doi:10.1145/3532183

Cited by 12 publications

(14 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Considering the development stages, architectural design decisions (ADDs) tend to be novel. Zdun et al [ 14 ] introduced techniques to detect those secure tactics of ADDs to provide secure communication, identity management, and observability in microservice systems. Tuma et al [ 18 ] presented a dataset for the security design model, which they utilized to detect security design flaws with five model inspections.…”

Section: Resultsmentioning

confidence: 99%

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

Rahaman

Islam

Černý

et al. 2023

Sensors

View full text Add to dashboard Cite

Security is a significant priority for cloud-native systems, regardless of the system size and complexity. Therefore, one must utilize a set of defensive mechanisms or controls to protect the system from exploitation by potential adversaries. There is an expanding amount of research on security issues, including attacks against individual microservices or overall systems and their corresponding defense mechanism options. This study intends to provide a comprehensive overview of currently used defense mechanisms involving static analysis that can detect and react against associated attacks and vulnerabilities. We present a systematic literature review that extracts current approaches for the security analysis of microservices and the violation of security principles. We gathered 1049 relevant publications, of which 50 were selected as primary studies. We are providing practitioners and developers with a structured survey of the existing literature of defensive solutions for microservice architectures and cloud-native systems to aid them in identifying applicable solutions for their systems.

show abstract

Section: Resultsmentioning

confidence: 99%

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

Rahaman

Islam

Černý

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Furthermore, microservices applications are frequently deployed in the cloud using virtualization technology, automated pipelines, and various third-party software, which further expands the attack surface. In discussing security within the context of microservices, it is essential to address several important aspects, such as the authentication and authorization [13] of both users and between services and applications.…”

Section: ) Perspectives On Microservice Securitymentioning

confidence: 99%

“…It covers authentication, e.g., using Mutual Transport Layer Security (mTLS) and authorization, secure communication between services, e.g., using encrypted channels, and other securityrelated topics like service discovery, communication within a Service Mesh, the Sidecar Pattern [18], network segmentation and firewalls, and intrusion detection. The use of orchestration and container technologies, such as Kubernetes [19] and Docker [20], can increase the complexity of managing microservices and extend the range of potential attacks to include third-party vulnerabilities and other related issues [13,21,22]. The implementation of dedicated patterns, such as the Token Pattern [11], the API Gateway Pattern, and the use of a Service Mesh, are particularly effective in enforcing security measures within microservices [1,2].…”

Section: ) Perspectives On Microservice Securitymentioning

confidence: 99%

A Systematic Literature Review of Inter-Service Security Threats and Mitigation Strategies in Microservice Architectures

Haindl,

Kochberger,

Sveggen

2024

IEEE Access

View full text Add to dashboard Cite

Ensuring security is of paramount importance in microservice architectures, given their distributed nature, involving numerous services and network-spanning interactions. This architectural style, which can comprise hundreds to thousands of services, inherently presents a more extensive attack surface compared to traditional monolithic applications. Moreover, the polyglot nature of microservices, which encompasses services developed and deployed using diverse programming languages and technologies, further complicates the security landscape. This paper presents a systematic literature review, analyzing 54 publications specifically in the context of security threats and mitigation strategies within the area of inter-service security in microservice architectures. We observed that the majority of studies focus on presenting methods, models, and guidelines for microservice security, with a significant portion validating these approaches. Publications in the field have increased since 2015, with conference papers being the most common type. Security threats identified are mainly related to security perimeters, attack surfaces, and inadequate monitoring and intrusion detection. There is a notable lack of comprehensive analysis on specific security threats, particularly in inter-service authentication and communication. Mitigation strategies receive more attention than security threats, with extensive discussion on infrastructure defense and secure coding practices. The identified research gap highlights the need for establishing a connection between security threats and their mitigation strategies in microservice architectures. It also underscores the necessity for a standardized taxonomy in microservice security to clarify terminology and consolidate best practices, addressing inconsistencies in the literature and guiding future empirical studies on the practical challenges of implementing security measures.

show abstract

“…Performance Efficiency [34,34,36,37,[37][38][39][40][41][42][43][44][45][46] Reliability [47][48][49][50][50][51][52][53][54][55][56][57] Security [58][59][60][61][62][63][64][65][66][67][68][69][70][71][72][73] Operational Policy-Based Functions [74][75][76][77][78][79][80][81][82][83]…”

Section: Quality Attributes Referencesmentioning

confidence: 99%

Efficient Resource Utilization in IoT and Cloud Computing

Prasad,

Dansana,

Bhavsar

et al. 2023

Information

View full text Add to dashboard Cite

With the proliferation of IoT devices, there has been exponential growth in data generation, placing substantial demands on both cloud computing (CC) and internet infrastructure. CC, renowned for its scalability and virtual resource provisioning, is of paramount importance in e-commerce applications. However, the dynamic nature of IoT and cloud services introduces unique challenges, notably in the establishment of service-level agreements (SLAs) and the continuous monitoring of compliance. This paper presents a versatile framework for the adaptation of e-commerce applications to IoT and CC environments. It introduces a comprehensive set of metrics designed to support SLAs by enabling periodic resource assessments, ensuring alignment with service-level objectives (SLOs). This policy-driven approach seeks to automate resource management in the era of CC, thereby reducing the dependency on extensive human intervention in e-commerce applications. This paper culminates with a case study that demonstrates the practical utilization of metrics and policies in the management of cloud resources. Furthermore, it provides valuable insights into the resource requisites for deploying e-commerce applications within the realms of the IoT and CC. This holistic approach holds the potential to streamline the monitoring and administration of CC services, ultimately enhancing their efficiency and reliability.

show abstract

Microservice Security Metrics for Secure Communication, Identity Management, and Observability

Cited by 12 publications

References 45 publications

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

A Systematic Literature Review of Inter-Service Security Threats and Mitigation Strategies in Microservice Architectures

Efficient Resource Utilization in IoT and Cloud Computing

Contact Info

Product

Resources

About