271 research outputs found
Microservices Security Challenges and Approaches
The fast-paced development cycles of microservices applications increase the probability of insufficient security tests in the development pipelines and consequent deployment of vulnerable microservices. The distribution and ephemeral of microservices create a discoverability challenge for traditional security assessment techniques, especially for microservices being dynamically launched and de-registered. To address this in applications and networks, continuous security assessments are used for vulnerability detection. Detected vulnerabilities are thereafter patched, essentially reducing the chances for security attacks. This paper illustrates the microservices architecture and its components from the security perspective. It investigates, summarizes, and highlights the microservices security-related challenges and the suggested approaches and proposals for facing them. It addresses the security impact on the different microservice architectural perspectives
Microservices-based IoT Applications Scheduling in Edge and Fog Computing: A Taxonomy and Future Directions
Edge and Fog computing paradigms utilise distributed, heterogeneous and
resource-constrained devices at the edge of the network for efficient
deployment of latency-critical and bandwidth-hungry IoT application services.
Moreover, MicroService Architecture (MSA) is increasingly adopted to keep up
with the rapid development and deployment needs of the fast-evolving IoT
applications. Due to the fine-grained modularity of the microservices along
with their independently deployable and scalable nature, MSA exhibits great
potential in harnessing both Fog and Cloud resources to meet diverse QoS
requirements of the IoT application services, thus giving rise to novel
paradigms like Osmotic computing. However, efficient and scalable scheduling
algorithms are required to utilise the said characteristics of the MSA while
overcoming novel challenges introduced by the architecture. To this end, we
present a comprehensive taxonomy of recent literature on microservices-based
IoT applications scheduling in Edge and Fog computing environments.
Furthermore, we organise multiple taxonomies to capture the main aspects of the
scheduling problem, analyse and classify related works, identify research gaps
within each category, and discuss future research directions.Comment: 35 pages, 10 figures, submitted to ACM Computing Survey
SoK: Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices
Cloud-based application deployment is becoming increasingly popular among
businesses, thanks to the emergence of microservices. However, securing such
architectures is a challenging task since traditional security concepts cannot
be directly applied to microservice architectures due to their distributed
nature. The situation is exacerbated by the scattered nature of guidelines and
best practices advocated by practitioners and organizations in this field. This
research paper we aim to shay light over the current microservice security
discussions hidden within Grey Literature (GL) sources. Particularly, we
identify the challenges that arise when securing microservice architectures, as
well as solutions recommended by practitioners to address these issues. For
this, we conducted a systematic GL study on the challenges and best practices
of microservice security present in the Internet with the goal of capturing
relevant discussions in blogs, white papers, and standards. We collected 312 GL
sources from which 57 were rigorously classified and analyzed. This analysis on
the one hand validated past academic literature studies in the area of
microservice security, but it also identified improvements to existing
methodologies pointing towards future research directions.Comment: Accepted at the 17th International Conference on Availability,
Reliability and Security (ARES 2022
Security challenges of microservices
Abstract. Security issues regarding microservice are well researched, however the different security issues and solutions have not been brought together as yet. This study searched through academic databases to find out what security issues and proposed solutions or mitigation methods can be found in existing literature. It found several security issues and methods in literature. Most security issues are raised regarding microservice that externally facing or in open environment. Majority of sources addressed security monitoring and authentication and authorization issues, fewer studies on implementation and bug-related issues such as container implementation and -bugs and some on networking related issues. This study found also that there is some amount of disconnect in literature when it comes to addressing security issues and their solutions and mitigation methods. The study offers a more detailed account of existing microservice security issues and solutions
Resource-aware Cyber Deception in Cloud-Native Environments
Cyber deception can be a valuable addition to traditional cyber defense
mechanisms, especially for modern cloud-native environments with a fading
security perimeter. However, pre-built decoys used in classical computer
networks are not effective in detecting and mitigating malicious actors due to
their inability to blend with the variety of applications in such environments.
On the other hand, decoys cloning the deployed microservices of an application
can offer a high-fidelity deception mechanism to intercept ongoing attacks
within production environments. However, to fully benefit from this approach,
it is essential to use a limited amount of decoy resources and devise a
suitable cloning strategy to minimize the impact on legitimate services
performance. Following this observation, we formulate a non-linear integer
optimization problem that maximizes the number of attack paths intercepted by
the allocated decoys within a fixed resource budget. Attack paths represent the
attacker's movements within the infrastructure as a sequence of violated
microservices. We also design a heuristic decoy placement algorithm to
approximate the optimal solution and overcome the computational complexity of
the proposed formulation. We evaluate the performance of the optimal and
heuristic solutions against other schemes that use local vulnerability metrics
to select which microservices to clone as decoys. Our results show that the
proposed allocation strategy achieves a higher number of intercepted attack
paths compared to these schemes while requiring approximately the same number
of decoys
Fine-Grained Access Control for Microservices
Microservices-based applications are considered to be a promising paradigm for building large-scale digital systems due to its flexibility, scalability, and agility of development. To achieve the adoption of digital services, applica-tions holding personal data must be secure while giving end-users as much control as possible. On the other hand, for software developers, adoption of a security solution for microservices requires it to be easily adaptable to the application context and requirements while fully exploiting reusability of se-curity components. This paper proposes a solution that targets key security challenges of microservice-based applications. Our approach relies on a co-ordination of security components, and offers a fine-grained access control in order to minimise the risks of token theft, session manipulation, and a ma-licious insider; it also renders the system resilient against confused deputy at-tacks. This solution is based on a combination of OAuth 2 and XACML open standards, and achieved through reusable security components integrat-ed with microservices
- …