Publication | Closed Access
Automated Security Analysis for Microservice Architecture
30
Citations
8
References
2020
Year
Unknown Venue
Secure ServiceEngineeringInformation SecuritySoftware EngineeringSecurity EvaluationSoftware AnalysisFormal VerificationSecurity ModellingSecurity ArchitectureSystems EngineeringMicroservice Architecture StyleMicroservice ArchitectureMicroservices DesignComputer ScienceSoftware DesignData SecurityAutomated Security AnalysisSoftware SecurityProgram AnalysisSecuritySecurity FlawsModel-driven Security
Microservice architecture design is vulnerable to security attacks, requiring architects to manually identify flaws, a process that is error‑prone. The study proposes an automated security analysis method for microservice architectures. The method automatically detects threats using a set of formally defined security characteristics and can be extended to cover additional characteristics. The approach successfully identifies security threats and illustrates potential attack scenarios, demonstrating its effectiveness.
Designing a software system that applied the microservice architecture style is a challenging task, as its characteristics are vulnerable to various security attacks. Software architect, therefore, needs to pinpoint the security flaws in the design before the implementation can proceed. This task is error-prone as it requires manual analysis on the design model, to identify security threats and trace possible attack scenarios. This paper presents an automated security analysis approach for microservice architecture. Our approach can automatically identify security threats according to a collection of formally defined security characteristics and provide an insightful result that demonstrates how the attack scenarios may happen. A collection of formally defined security characteristics can be extended to support other security characteristics not addressed in this paper.
| Year | Citations | |
|---|---|---|
Page 1
Page 1