Security challenges of microservices

Abstract. Security issues regarding microservice are well researched, however the different security issues and solutions have not been brought together as yet. This study searched through academic databases to find out what security issues and proposed solutions or mitigation methods can be found in existing literature. It found several security issues and methods in literature. Most security issues are raised regarding microservice that externally facing or in open environment. Majority of sources addressed security monitoring and authentication and authorization issues, fewer studies on implementation and bug-related issues such as container implementation and -bugs and some on networking related issues. This study found also that there is some amount of disconnect in literature when it comes to addressing security issues and their solutions and mitigation methods. The study offers a more detailed account of existing microservice security issues and solutions

SoK: Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices

Cloud-based application deployment is becoming increasingly popular among businesses, thanks to the emergence of microservices. However, securing such architectures is a challenging task since traditional security concepts cannot be directly applied to microservice architectures due to their distributed nature. The situation is exacerbated by the scattered nature of guidelines and best practices advocated by practitioners and organizations in this field. This research paper we aim to shay light over the current microservice security discussions hidden within Grey Literature (GL) sources. Particularly, we identify the challenges that arise when securing microservice architectures, as well as solutions recommended by practitioners to address these issues. For this, we conducted a systematic GL study on the challenges and best practices of microservice security present in the Internet with the goal of capturing relevant discussions in blogs, white papers, and standards. We collected 312 GL sources from which 57 were rigorously classified and analyzed. This analysis on the one hand validated past academic literature studies in the area of microservice security, but it also identified improvements to existing methodologies pointing towards future research directions.Comment: Accepted at the 17th International Conference on Availability, Reliability and Security (ARES 2022

Orquestração de um pipeline de ferramentas para apoio ao ensino

The variety and nature of tools that are nowadays used on both academic and professional contexts have been increasing over the past few years. With the non stopping evolving cycle that technology suffers on a daily basis, this is a consequence that will be even more noticeable in a not so distant future. As a result, several problems have emerged. How to handle all of the crucial tools in a simple and reliable way? How to structure that process so it can scale, in order to apply it whenever the tools are being used by several people? Services specialization, such as microservices, taking advantage of the core tools features, allows the automation of almost all the needed configurations required. This thesis focus on the design and implementation of a solution that enhances the ease and efficiency of creating and configuring working environments either of students or workers, being, however, more focused on the academic environment. To achieve this, a prototype tool has been developed, which consists in several services that when combined together are capable of creating and configuring a software development integration pipeline. The prototype is responsive to a certain configuration input and handles all the tasks needed in between the configuration steps, keeping the resulting pipeline always up to date.A variedade e natureza das ferramentas que são hoje em dia utilizadas tanto em contextos académicos como profissionais têm vindo a aumentar nos últimos anos. Com o constante ciclo evolutivo que a tecnologia sofre diariamente, este aumento é um fator que será ainda mais percetível num futuro próximo. Por conseguinte, vários problemas têm surgido. Como lidar com todas as ferramentas cruciais de uma forma simples e fiável? Como estruturar esse processo para que possa ser escalado, a fim de o aplicar a situações em que as ferramentas estejam a ser utilizadas por várias pessoas? A especialização em serviços, surgindo aqui o conceito de microserviços, aproveitando algumas das funcionalidades oferecidas por parte das ferramentas, permite a automação de quase todas as configurações necessárias. Esta tese tem como foco a conceção e implementação de uma solução que torne mais simples e eficiente o processo de criação e configuração de ambientes de trabalho, quer de estudantes quer de trabalhadores dando, no entanto, mais foco à vertente académica. Para o conseguir, foi desenvolvido um protótipo, que consiste em vários serviços que, quando combinados, são capazes de criar e configurar uma pipeline de integração de software. O protótipo tem como input uma determinada estrutura de dados e trata de todas as tarefas necessárias entre as etapas de configuração, mantendo assim a pipeline sempre atualizada. Esta tese relata todo o processo envolvido na elaboração da solução final em cima descrita, estando inerentes as fases de estudo acerca dos conceitos fulcrais ao problema, análise de valor e de negócio, proposta de design, implementação e avaliação da solução desejada

IT infrastructure & microservices authentication

Mestrado IPB-ESTGBIOma - Integrated solutions in BIOeconomy for the Mobilization of the Agrifood chain project is structured in 6 PPS (Products, Processes, and Services) out of which, a part of PPS2 is covered in this work. This work resulted in the second deliverable of PPS2 which is defined as PPS2.A1.E2 - IT infrastructure design and graphical interface conceptual design. BIOma project is in the early stage and this deliverable is a design task of the project. For defining the system architecture, requirements, UML diagrams, physical architecture, and logical architecture have been proposed. The system architecture is based on microservices due to its advantages like scalability and maintainability for bigger projects like BIOma where several sensors are used for big data analysis. Special attention has been devoted to the research and study for the authentication and authorization of users and devices in a microservices architecture. The proposed authentication solution is a result of research made for microservices authentication where it was concluded that using a separate microservice for user authentication is the best solution. FIWARE is an open-source initiative defining a universal set of standards for context data management that facilitates the development of Smart solutions for different domains like Smart Cities, Smart Industry, Smart Agrifood, and Smart Energy. FIWARE’s PEP (Policy Enforcement Point) proxy solution has been proposed in this work for the better management of user’s identities, and client-side certificates have been proposed for authentication of IoT (Internet of Things) devices. The communication between microservices is done through AMQP (Advanced Message Queuing Protocol), and between IoT devices and microservices is done through MQTT (Message Queuing Telemetry Transport) protocol