Microservice Security Metrics for Secure Communication, Identity Management, and Observability

Microservice Security Metrics for Secure Communication, Identity Management, and Observability

Abstract

Microservice architectures are increasingly being used to develop application systems. Despite many guidelines and best practices being published, architecting microservice systems for security is challenging. Reasons are the size and complexity of microservice systems, their polyglot nature, and the demand for the continuous evolution of these systems. In this context, to manually validate that security architecture tactics are employed as intended throughout the system is a time-consuming and error-prone task. In this article, we present an approach to avoid such manual validation before each continuous evolution step in a microservice system, which we demonstrate using three widely used categories of security tactics: secure communication, identity management, and observability. Our approach is based on a review of existing security guidelines, the gray literature, and the scientific literature, from which we derived Architectural Design Decisions (ADDs) with the found security tactics as decision options. In our approach, we propose novel detectors to detect these decision options automatically and formally defined metrics to measure the conformance of a system to the different options of the ADDs. We apply the approach to a case study data set of 10 open source microservice systems, plus another 20 variants of these systems, for which we manually inspected the source code for security tactics. We demonstrate and assess the validity and appropriateness of our metrics by performing an assessment of their conformance to the ADDs in our systems’ dataset through statistical methods.

Grafik Top
Authors
  • Zdun, Uwe
  • Quéval, Pierre-Jean
  • Simhandl, Georg
  • Scandariato, Riccardo
  • Chakravarty, Somik
  • Jelic, Marjan
  • Jovanovic, Aleksandar
Grafik Top
Shortfacts
Category
Journal Paper
Divisions
Software Architecture
Subjects
Software Engineering
Journal or Publication Title
ACM Transactions on Software Engineering and Methodology
ISSN
1049-331X
Publisher
Association for Computing Machinery
Place of Publication
New York
Page Range
pp. 1-34
Number
1
Volume
32
Date
13 February 2023
Export
Grafik Top