Security challenges of microservices

Abstract. Security issues regarding microservice are well researched, however the different security issues and solutions have not been brought together as yet. This study searched through academic databases to find out what security issues and proposed solutions or mitigation methods can be found in existing literature. It found several security issues and methods in literature. Most security issues are raised regarding microservice that externally facing or in open environment. Majority of sources addressed security monitoring and authentication and authorization issues, fewer studies on implementation and bug-related issues such as container implementation and -bugs and some on networking related issues. This study found also that there is some amount of disconnect in literature when it comes to addressing security issues and their solutions and mitigation methods. The study offers a more detailed account of existing microservice security issues and solutions

Oceanids C2: An Integrated Command, Control, and Data Infrastructure for the Over-the-Horizon Operation of Marine Autonomous Systems

Long-range Marine Autonomous Systems (MAS), operating beyond the visual line-of-sight of a human pilot or research ship, are creating unprecedented opportunities for oceanographic data collection. Able to operate for up to months at a time, periodically communicating with a remote pilot via satellite, long-range MAS vehicles significantly reduce the need for an expensive research ship presence within the operating area. Heterogeneous fleets of MAS vehicles, operating simultaneously in an area for an extended period of time, are becoming increasingly popular due to their ability to provide an improved composite picture of the marine environment. However, at present, the expansion of the size and complexity of these multi-vehicle operations is limited by a number of factors: (1) custom control-interfaces require pilots to be trained in the use of each individual vehicle, with limited cross-platform standardization; (2) the data produced by each vehicle are typically in a custom vehicle-specific format, making the automated ingestion of observational data for near-real-time analysis and assimilation into operational ocean models very difficult; (3) the majority of MAS vehicles do not provide machine-to-machine interfaces, limiting the development and usage of common piloting tools, multi-vehicle operating strategies, autonomous control algorithms and automated data delivery. In this paper, we describe a novel piloting and data management system (C2) which provides a unified web-based infrastructure for the operation of long-range MAS vehicles within the UK's National Marine Equipment Pool. The system automates the archiving, standardization and delivery of near-real-time science data and associated metadata from the vehicles to end-users and Global Data Assembly Centers mid-mission. Through the use and promotion of standard data formats and machine interfaces throughout the C2 system, we seek to enable future opportunities to collaborate with both the marine science and robotics communities to maximize the delivery of high-quality oceanographic data for world-leading science

Cybersecurity issues in software architectures for innovative services

The recent advances in data center development have been at the basis of the widespread success of the cloud computing paradigm, which is at the basis of models for software based applications and services, which is the "Everything as a Service" (XaaS) model. According to the XaaS model, service of any kind are deployed on demand as cloud based applications, with a great degree of flexibility and a limited need for investments in dedicated hardware and or software components. This approach opens up a lot of opportunities, for instance providing access to complex and widely distributed applications, whose cost and complexity represented in the past a significant entry barrier, also to small or emerging businesses. Unfortunately, networking is now embedded in every service and application, raising several cybersecurity issues related to corruption and leakage of data, unauthorized access, etc. However, new service-oriented architectures are emerging in this context, the so-called services enabler architecture. The aim of these architectures is not only to expose and give the resources to these types of services, but it is also to validate them. The validation includes numerous aspects, from the legal to the infrastructural ones e.g., but above all the cybersecurity threats. A solid threat analysis of the aforementioned architecture is therefore necessary, and this is the main goal of this thesis. This work investigate the security threats of the emerging service enabler architectures, providing proof of concepts for these issues and the solutions too, based on several use-cases implemented in real world scenarios

Design, development and orchestration of 5G-ready applications over sliced programmable infrastructure

5G networks design and evolution is considered as a key to support the introduction of digital technologies in economic and societal processes. Towards this direction, vertical industries' needs should be considered as drivers of 5G networks design and development with high priority. In the current manuscript, MATILDA is presented, as a holistic 5G end-to-end services operational framework tackling the overall lifecycle of design, development and orchestration of 5G-ready applications and 5G network services over programmable infrastructure, following a unified programmability model and a set of control abstractions

Extreme weather conditions dashboard

Our planet Earth is changing due to the action of Man. Several factors influence the functioning of our planet, such as the constant need for human evolution, population growth and many others. Due to this, more and more we have extreme atmospheric events. There is an increasing need to become aware of this problem and take action both in terms of what we can do to prevent the destruction of our planet and prevent when these extreme events happen. The objective of this thesis is based on this last point. To combat the lack of a system in Portugal capable of helping the general public in extreme weather conditions, we created an atmospheric dashboard. The goals were that this dashboard was simple to use, open to the general public, with high spacial resolution (currently the smallest area used is the municipality, here we use an even smaller geographic area), flexible, and scalable so that new data sources or new variables could be added to the existing ones in the future without affecting the correct functioning of the system. This system uses meteorological data and relates them to other variables such as the age of the population, the thermal conditions of buildings, number of deaths, among others. The combination of all these data leads to the calculation of a risk index associated with each zone. The results show that the application has excellent portability, as it was easily installed on another device thanks to the virtualization offered by Docker. In terms of scalability, although did no tests at this level. However, during the application development, there was the need to add new data sources. Considering that the application is modularised, there was no problem with the existing or new data sources. Users see great potential in the application in terms of usability for prevention by the population during extreme weather events. Another positive aspect was that they liked the layout of the elements in the interface, namely the fact that the map area is the most prominent and most visible area in the dashboard. It also helped us get some feedback on what could be improved, such as using more distinct colors to present the level of risk or even improving the connection between the different views of the application. The results are positive and encourage further development of the application, applying the suggestions obtained from user testing

RDDR : n-versioning of microservices

N-versioning is a well-studied method to increase the reliability of software. In this paper, we study n-versioning as applied to microservice-based applications. We construct a generic proxy called RDDR that orchestrates and monitors N variants of a microservice in order to detect bugs that make them behave differently. We showcase RDDR's ability to close five exemplary information leaks, where diversity is derived from: different software versions, different implementations of the same logical service, and variation provided by the OS like ASLR. These case studies feature information leakage through both frontend and backend interfaces of various web applications. To show that RDDR can close vulnerabilities while handling large volumes of benign tra ffic, we also apply RDDR to components of GitLab, a complex cloud application. Finally, we quantify the performance overhead associated with deploying RDDR. Our findings indicate that RDDR can patch information leaks while incurring approximately 3x CPU and memory overhead for a deployment with 3 redundant instances as expected, with modest impact to throughput and latency.Electrical and Computer Engineerin