Affiliation:
1. Department of Computer Science, University of Pisa, Largo B. Pontecorvo 3, 56127 Pisa, Italy
Abstract
As microservice-based architectures are increasingly adopted, microservices security has become a crucial aspect to consider for IT businesses. Starting from a set of “security smells” for microservice applications that were recently proposed in the literature, we enable the automatic detection of such smells in microservice applications deployed with Kubernetes. We first introduce possible analysis techniques to automatically detect security smells in Kubernetes-deployed microservices. We then demonstrate the practical applicability of the proposed techniques by introducing KubeHound, an extensible prototype tool for automatically detecting security smells in microservice applications, and which already features a selected subset of the discussed analyses. We finally show that KubeHound can effectively detect instances of security smells in microservice applications by means of controlled experiments and by applying it to existing, third-party applications.
Subject
Computer Networks and Communications
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Triaging Microservice Security Smells, with TriSS;Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering;2024-06-18
2. A Novel Approach for Security Analysis in Microservices Using Graph Neural Networks;2024 IEEE 21st International Conference on Software Architecture Companion (ICSA-C);2024-06-04
3. Smelling Homemade Crypto Code in Microservices, with KubeHound;Lecture Notes in Computer Science;2024
4. Towards Teamwise Informed Decisions On Microservice Security Smells;Lecture Notes in Computer Science;2024
5. Design of power information intelligent scheduling model based on Kubernetes;2023 IEEE 11th Joint International Information Technology and Artificial Intelligence Conference (ITAIC);2023-12-08