737 research outputs found
Securing Microservices
Microservices has drawn significant interest in recent years and is now successfully finding its way into different areas, from Enterprise IT to Internet-of-Things to even Critical Applications. This article discusses how Microservices can be secured at different levels and stages considering a common software development lifecycle
AntibIoTic: Protecting IoT Devices Against DDoS Attacks
The 2016 is remembered as the year that showed to the world how dangerous
Distributed Denial of Service attacks can be. Gauge of the disruptiveness of
DDoS attacks is the number of bots involved: the bigger the botnet, the more
powerful the attack. This character, along with the increasing availability of
connected and insecure IoT devices, makes DDoS and IoT the perfect pair for the
malware industry. In this paper we present the main idea behind AntibIoTic, a
palliative solution to prevent DDoS attacks perpetrated through IoT devices
SoK: Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices
Cloud-based application deployment is becoming increasingly popular among
businesses, thanks to the emergence of microservices. However, securing such
architectures is a challenging task since traditional security concepts cannot
be directly applied to microservice architectures due to their distributed
nature. The situation is exacerbated by the scattered nature of guidelines and
best practices advocated by practitioners and organizations in this field. This
research paper we aim to shay light over the current microservice security
discussions hidden within Grey Literature (GL) sources. Particularly, we
identify the challenges that arise when securing microservice architectures, as
well as solutions recommended by practitioners to address these issues. For
this, we conducted a systematic GL study on the challenges and best practices
of microservice security present in the Internet with the goal of capturing
relevant discussions in blogs, white papers, and standards. We collected 312 GL
sources from which 57 were rigorously classified and analyzed. This analysis on
the one hand validated past academic literature studies in the area of
microservice security, but it also identified improvements to existing
methodologies pointing towards future research directions.Comment: Accepted at the 17th International Conference on Availability,
Reliability and Security (ARES 2022
Security challenges of microservices
Abstract. Security issues regarding microservice are well researched, however the different security issues and solutions have not been brought together as yet. This study searched through academic databases to find out what security issues and proposed solutions or mitigation methods can be found in existing literature. It found several security issues and methods in literature. Most security issues are raised regarding microservice that externally facing or in open environment. Majority of sources addressed security monitoring and authentication and authorization issues, fewer studies on implementation and bug-related issues such as container implementation and -bugs and some on networking related issues. This study found also that there is some amount of disconnect in literature when it comes to addressing security issues and their solutions and mitigation methods. The study offers a more detailed account of existing microservice security issues and solutions
Microservices Security Challenges and Approaches
The fast-paced development cycles of microservices applications increase the probability of insufficient security tests in the development pipelines and consequent deployment of vulnerable microservices. The distribution and ephemeral of microservices create a discoverability challenge for traditional security assessment techniques, especially for microservices being dynamically launched and de-registered. To address this in applications and networks, continuous security assessments are used for vulnerability detection. Detected vulnerabilities are thereafter patched, essentially reducing the chances for security attacks. This paper illustrates the microservices architecture and its components from the security perspective. It investigates, summarizes, and highlights the microservices security-related challenges and the suggested approaches and proposals for facing them. It addresses the security impact on the different microservice architectural perspectives
- …