Trusted Microservices: A Security Framework for Users' Interaction with Microservices Applications-Reference-Cited by-同舟云学术

Trusted Microservices: A Security Framework for Users' Interaction with Microservices Applications

Published:2022-12-28 Issue:2 Volume:5 Page:135-143
ISSN:1658-7790
Container-title:Journal of Information Security and Cybercrimes Research
language:
Short-container-title:JISCR

Author:

Elkholy Mohamed¹,A. Marzok Marwa²

Affiliation:

1. Department of Computer Engineering, Faculty of Engineering, Pharos University in Alexandria, Alexandria, Egypt

2. Information Technology Department Faculty of Specific Education, Matroh University, Matroh, Egypt.

Abstract

Microservices architecture emerges as a promising software design approach that provides large scale software systems with flexibility, scalability and fault tolerance. Moreover, it is considered a suitable design to be implemented using software containers provided with several cloud providers. However, microservices suffer from several security challenges that hinder its progress. The concept of microservices is to break down the system functionality to a number of small coherent services. Hence, using microservices as a design approach increases the security risks by expanding the risk surface. In contrast to microservices, monolithic applications are implemented as a bulk of codes using single programming language. Such environment has several drawbacks related to flexibility and maintainability, but limits security issues. On the other hand, microservices implementation uses several programming languages and frameworks to implement small units of system functionality. Such environment opens the door to new critical security issues. The proposed work introduces the problem of securing microservices and provides a novel approach to protect microservices applications from masquerade attacks. The proposed framework also provides high protection to users from malicious services. The framework was implemented using 150 software containers to define users' HTTP requests and a set of 20 microservices were tested to proof its applicability and benefits

Publisher

Naif Arab University for Security Sciences

Subject

Materials Chemistry,Economics and Econometrics,Media Technology,Forestry

Reference27 articles.

1. [1] A. Chatterjee, M. W. Gerdes, P. Khatiwada and A. Prinz, "SFTSDH: Applying Spring Security Framework With TSD-Based OAuth2 to Protect Microservice Architecture APIs," IEEE Access, vol. 10, pp. 41914-41934, 2022, doi: 10.1109/ACCESS.2022.3165548.

2. [2] P. Billawa, A. B. Tukaram, N. E. D. Ferreyra, J.-P. Steghöfer, R. Scandariato, and G. Simhandl, “SoK: Security of Microservice Applications: A Practitioners’ Perspective on Challenges and Best Practices,” in Proc. 17th Int. Conf. Availab. Reliab. Secur. (ARES '22), Austria, 2022, pp. 1-10, doi: 10.1145/3538969.3538986.

3. [3] F. Al-Doghman, N. Moustafa, I. Khalil, Z. Tari and A. Zomaya, “AI-enabled Secure Microservices in Edge Computing: Opportunities and Challenges,” IEEE Trans. Serv. Comput., doi: 10.1109/TSC.2022.3155447.

4. [4] Y. Zhang, C. Li, N. Chen and P. Zhang, “Intelligent Requests Orchestration for Microservice Management Based on Blockchain in Software Defined Networking: a Security Guarantee,” in 2022 IEEE Int. Conf. Commun. Workshops (ICC Workshops), Korea, 2022, pp. 254-259, doi: 10.1109/ICCWorkshops53468.2022.9814536.

5. [5] M. Elkholy and A.-B. Mohamed, “Efficient Security Model for RDF Files Used in IoT Applications” Int. J. Adv. Comput. Sci. Appl. (IJACSA), vol. 12, no. 4, 2021, doi: 10.14569/IJACSA.2021.0120431.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Threat Intelligence Sharing Component in the Service Mesh Architecture;2023 10th International Conference on Future Internet of Things and Cloud (FiCloud);2023-08-14

2. A Runtime Trust Evaluation Mechanism in the Service Mesh Architecture;2023 10th International Conference on Future Internet of Things and Cloud (FiCloud);2023-08-14