SoK: Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices

Cloud-based application deployment is becoming increasingly popular among businesses, thanks to the emergence of microservices. However, securing such architectures is a challenging task since traditional security concepts cannot be directly applied to microservice architectures due to their distributed nature. The situation is exacerbated by the scattered nature of guidelines and best practices advocated by practitioners and organizations in this field. This research paper we aim to shay light over the current microservice security discussions hidden within Grey Literature (GL) sources. Particularly, we identify the challenges that arise when securing microservice architectures, as well as solutions recommended by practitioners to address these issues. For this, we conducted a systematic GL study on the challenges and best practices of microservice security present in the Internet with the goal of capturing relevant discussions in blogs, white papers, and standards. We collected 312 GL sources from which 57 were rigorously classified and analyzed. This analysis on the one hand validated past academic literature studies in the area of microservice security, but it also identified improvements to existing methodologies pointing towards future research directions.Comment: Accepted at the 17th International Conference on Availability, Reliability and Security (ARES 2022

International conference on software engineering and knowledge engineering: Session chair

The Thirtieth International Conference on Software Engineering and Knowledge Engineering (SEKE 2018) will be held at the Hotel Pullman, San Francisco Bay, USA, from July 1 to July 3, 2018. SEKE2018 will also be dedicated in memory of Professor Lofti Zadeh, a great scholar, pioneer and leader in fuzzy sets theory and soft computing. The conference aims at bringing together experts in software engineering and knowledge engineering to discuss on relevant results in either software engineering or knowledge engineering or both. Special emphasis will be put on the transference of methods between both domains. The theme this year is soft computing in software engineering & knowledge engineering. Submission of papers and demos are both welcome

ACCOUNTING AND FINANCIAL STATEMENTS AUTO ANALYSIS SYSTEM

This project was motivated by the need to revolutionize the generation of financial statements and financial analysis process thus speeding up business decision making. The research questions were: 1) How can machine learning increase the speed of financial statement preparation and automate financial statements analysis? 2) How can businesses balance the benefits of automating financial analysis with potential concerns around privacy, data security, and bias? 3) Can the Java J2EE framework provide a reliable running environment for machine learning? The findings were: 1) Machine learning can significantly increase the accuracy and speed of financial analysis. Using machine learning algorithms, financial data can be processed and analyzed in real-time, allowing for quicker and more precise financial analysis. Machine learning models can identify patterns and trends in financial data that may not be easily detectable by humans, leading to more accurate financial statements and analysis. Additionally, machine learning can automate repetitive tasks in the financial analysis process, saving time and resources for businesses. 2) Businesses need to carefully balance the benefits of automating financial analysis with potential concerns around privacy, data security, and bias. While machine learning can offer significant advantages in terms of accuracy and speed, it also requires handling sensitive financial data. Therefore, it is crucial for businesses to implement robust data security measures to protect against potential data breaches and ensure compliance with privacy regulations. Additionally, businesses need to be mindful of potential biases in machine learning algorithms, as biased algorithms can result in biased financial analysis. Regular audits and monitoring of machine learning models should be conducted to address and mitigate any potential biases. 3) The Java J2EE framework can provide a reliable running environment for machine learning. Java J2EE (Java 2 Platform, Enterprise Edition) is a widely used and mature framework for developing enterprise applications, including machine learning applications. It offers scalability, reliability, and security features that are essential for running machine learning algorithms in a production environment. Java J2EE provides robust support for distributed computing, allowing for efficient processing of large financial datasets. Furthermore, it offers a wide range of libraries and tools for implementing machine learning algorithms, making it a viable choice for running machine learning applications in the financial industry. The conclusions were: 1) Machine learning has the potential to significantly increase the accuracy and speed of financial analysis, thereby revolutionizing the generation of financial statements and the financial analysis process. Various machine learning algorithms, such as decision trees, random forests, and deep learning algorithms, can be utilized to identify patterns, trends, and hidden risks in financial data, leading to more informed and efficient business decision making. 2) Businesses need to carefully balance the benefits of automating financial analysis with potential concerns around privacy, data security, and bias. While machine learning can offer significant advantages in terms of accuracy and speed, there are ethical considerations that need to be addressed, such as ensuring data privacy, implementing effective data security measures, and mitigating biases in machine learning algorithms used in financial analysis. Businesses should adopt a responsible approach to machine learning implementation, considering the potential risks and benefits. 3) The Java J2EE framework can provide a reliable running environment for machine learning applications, but further research is needed to evaluate the performance and scalability of machine learning models in this framework. Identifying potential optimizations for running machine learning applications at scale in the Java J2EE framework can lead to more efficient and effective implementation of machine learning in financial analysis and decision-making processes. Further research in this area can contribute to the development of robust and scalable machine learning applications for financial analysis in the business domain. Areas for further study include: 1) Exploring different machine learning algorithms and techniques to further improve the accuracy and speed of financial analysis. 2) Conducting research on the impact of machine learning on financial decision making and business performance. 3) Investigating methods for addressing and mitigating biases in machine learning algorithms used in financial analysis. 4) Evaluating the effectiveness of different data security measures in protecting sensitive financial data in machine learning applications. 5) Studying the performance and scalability of machine learning models in the Java J2EE framework and identifying potential optimizations for running machine learning applications at scale

Data-Driven Selection of Security Application Frameworks During Architectural Design

The selection of application frameworks is an important aspect of architectural design. Selection often requires satisficing, that is, searching a potentially large space of design alternatives until an acceptable solution is found. There is, however, little help for architects in selecting software frameworks. In this paper we investigate the criteria used by practicing software architects in selecting security frameworks. We also propose how information associated with some of the criteria that are important to architects can be obtained manually or in an automated way from online sources such as GitHub. Our ultimate goal is to identify measures associated with these criteria that can be helpful in providing support for architects to select software frameworks

Towards Micro Service Architecture Recovery: An Empirical Study

Micro service architectures are rapidly establishing themselves in the software industry as a more efficient and effective substitute for monolithic applications. In a micro service architecture, the application is broken down into many small elements called micro services. These are managed in a distributed way and typically involve several development teams. In such an environment, an architectural model can get lost along the way, making it difficult to perform many downstream software engineering tasks, such as migration, audit, integration or impact analysis. To address this problem, we are developing support for Micro Service Architecture Recovery (MiSAR) using a Model Driven Engineering approach. In this paper, we describe an empirical study which aims to identify the core elements of our approach, by undertaking manual analysis on 8 micro service-based open source projects. From this analysis, we define a metamodel for micro service-based architectures and a set of mapping rules which map between the software and the metamodel. The resulting metamodel and mapping rules provide a solid foundation for any micro service architecture recovery approach and hence are a key first step towards managing the architectural integrity of micro servicebased applications